mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-26 01:01:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
hermes-agent/tests/gateway
History
tekelala fbb1923fad fix(security): patch path traversal, size bypass, and prompt injection in document processing 
- Sanitize filenames in cache_document_from_bytes to prevent path traversal (strip directory components, null bytes, resolve check)
- Reject documents with None file_size instead of silently allowing download
- Cap text file injection at 100 KB to prevent oversized prompt payloads
- Sanitize display_name in run.py context notes to block prompt injection via filenames
- Add 35 unit tests covering document cache utilities and Telegram document handling

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-27 11:53:46 -05:00
..
__init__.py test: reorganize test structure and add missing unit tests 2026-02-26 03:20:08 +03:00
test_config.py test: reorganize test structure and add missing unit tests 2026-02-26 03:20:08 +03:00
test_delivery.py test: reorganize test structure and add missing unit tests 2026-02-26 03:20:08 +03:00
test_document_cache.py fix(security): patch path traversal, size bypass, and prompt injection in document processing 2026-02-27 11:53:46 -05:00
test_session.py test: enhance session source tests and add validation for chat types 2026-02-26 00:53:57 -08:00
test_telegram_documents.py fix(security): patch path traversal, size bypass, and prompt injection in document processing 2026-02-27 11:53:46 -05:00