mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-28 01:21:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
hermes-agent/tests/tools
History
teknium1 1cb2311bad fix(security): block path traversal in skill_view file_path (fixes #220) 
skill_view accepted arbitrary file_path values like '../../.env' and
would read files outside the skill directory, exposing API keys and
other sensitive data.

Added two layers of defense:
1. Reject paths with '..' components (fast, catches obvious traversal)
2. resolve() containment check with trailing '/' to prevent prefix
   collisions (catches symlinks and edge cases)

Fix approach from PR #242 (@Bartok9). Vulnerability reported by
@Farukest (#220, PR #221). Tests rewritten to properly mock SKILLS_DIR.

Closes #220
2026-03-02 02:00:09 -08:00
..
__init__.py test: reorganize test structure and add missing unit tests 2026-02-26 03:20:08 +03:00
test_approval.py test: add regression tests for recursive delete false positive fix 2026-02-26 16:40:44 +03:00
test_clarify_tool.py test(tools): add unit tests for clarify_tool.py 2026-02-27 03:29:26 -05:00
test_code_execution.py test: reorganize test structure and add missing unit tests 2026-02-26 03:20:08 +03:00
test_cron_prompt_injection.py fix: cron prompt injection scanner bypass for multi-word variants 2026-02-26 13:55:54 +03:00
test_cronjob_tools.py test: add unit tests for 8 modules (batch 2) 2026-02-26 13:54:20 +03:00
test_debug_helpers.py test: add unit tests for 8 untested modules (batch 3) (#191) 2026-03-01 05:28:12 -08:00
test_delegate.py Merge remote-tracking branch 'origin/main' into codex/align-codex-provider-conventions-mainrepo 2026-02-26 10:56:29 -08:00
test_file_operations.py test: remove /etc platform-conditional tests from file_operations 2026-02-26 13:43:30 +03:00
test_file_tools.py test: enhance session source tests and add validation for chat types 2026-02-26 00:53:57 -08:00
test_file_tools_live.py feat(tests): add live integration tests for file operations and shell noise filtering 2026-02-28 22:57:58 -08:00
test_fuzzy_match.py test: reorganize test structure and add missing unit tests 2026-02-26 03:20:08 +03:00
test_interrupt.py test: reorganize test structure and add missing unit tests 2026-02-26 03:20:08 +03:00
test_memory_tool.py test: add unit tests for 8 untested modules 2026-02-26 13:27:58 +03:00
test_patch_parser.py test: reorganize test structure and add missing unit tests 2026-02-26 03:20:08 +03:00
test_process_registry.py test: add unit tests for 8 modules (batch 2) 2026-02-26 13:54:20 +03:00
test_registry.py test: reorganize test structure and add missing unit tests 2026-02-26 03:20:08 +03:00
test_session_search.py test: add unit tests for 8 modules (batch 2) 2026-02-26 13:54:20 +03:00
test_skill_view_traversal.py fix(security): block path traversal in skill_view file_path (fixes #220) 2026-03-02 02:00:09 -08:00
test_skills_guard.py test: add unit tests for 8 untested modules (batch 3) (#191) 2026-03-01 05:28:12 -08:00
test_skills_sync.py test: add unit tests for 8 untested modules (batch 3) (#191) 2026-03-01 05:28:12 -08:00
test_todo_tool.py test: reorganize test structure and add missing unit tests 2026-02-26 03:20:08 +03:00
test_write_deny.py fix: resolve symlink bypass in write deny list on macOS 2026-02-26 13:30:55 +03:00