hermes-agent/tools/environments
Mariano A. Nicolini af9a9f773c fix(security): sanitize workdir parameter in terminal tool backends
Shell injection via unquoted workdir interpolation in docker, singularity,
and SSH backends.  When workdir contained shell metacharacters (e.g.
~/;id), arbitrary commands could execute.

Changes:
- Add shlex.quote() at each interpolation point in docker.py,
  singularity.py, and ssh.py with tilde-aware quoting (keep ~
  unquoted for shell expansion, quote only the subpath)
- Add _validate_workdir() allowlist in terminal_tool.py as
  defense-in-depth before workdir reaches any backend

Original work by Mariano A. Nicolini (PR #5620).  Salvaged with fixes
for tilde expansion (shlex.quote breaks cd ~/path) and replaced
incomplete deny-list with strict character allowlist.

Co-authored-by: Mariano A. Nicolini <entropidelic@users.noreply.github.com>
2026-04-06 13:19:22 -07:00
..
__init__.py feat(environments): add Daytona cloud sandbox backend 2026-03-05 10:02:21 -08:00
base.py feat: execute_code runs on remote terminal backends (#5088) 2026-04-04 12:57:49 -07:00
daytona.py feat: mount skills directory into all remote backends with live sync (#3890) 2026-03-30 02:45:41 -07:00
docker.py fix(security): sanitize workdir parameter in terminal tool backends 2026-04-06 13:19:22 -07:00
local.py fix(terminal): preserve partial output when command times out (#3868) 2026-03-29 21:51:44 -07:00
managed_modal.py Fixes and refactors enabled by recent updates to main. 2026-03-31 09:29:59 +09:00
modal.py feat: add .zip document support and auto-mount cache dirs into remote backends (#4846) 2026-04-03 13:16:26 -07:00
modal_common.py Fixes and refactors enabled by recent updates to main. 2026-03-31 09:29:59 +09:00
persistent_shell.py feat: execute_code runs on remote terminal backends (#5088) 2026-04-04 12:57:49 -07:00
singularity.py fix(security): sanitize workdir parameter in terminal tool backends 2026-04-06 13:19:22 -07:00
ssh.py fix(security): sanitize workdir parameter in terminal tool backends 2026-04-06 13:19:22 -07:00