mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-03 02:11:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
hermes-agent/gateway
History
tekelala fbb1923fad fix(security): patch path traversal, size bypass, and prompt injection in document processing 
- Sanitize filenames in cache_document_from_bytes to prevent path traversal (strip directory components, null bytes, resolve check)
- Reject documents with None file_size instead of silently allowing download
- Cap text file injection at 100 KB to prevent oversized prompt payloads
- Sanitize display_name in run.py context notes to block prompt injection via filenames
- Add 35 unit tests covering document cache utilities and Telegram document handling

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-27 11:53:46 -05:00
..
platforms fix(security): patch path traversal, size bypass, and prompt injection in document processing 2026-02-27 11:53:46 -05:00
__init__.py Enhance CLI with multi-platform messaging integration and configuration management 2026-02-02 19:01:51 -08:00
channel_directory.py feat: implement channel directory and message mirroring for cross-platform communication 2026-02-22 20:44:15 -08:00
config.py feat(session): implement session reset policy for messaging platforms 2026-02-26 21:20:50 -08:00
delivery.py Hermes Agent UX Improvements 2026-02-22 02:16:11 -08:00
hooks.py Add messaging platform enhancements: STT, stickers, Discord UX, Slack, pairing, hooks 2026-02-15 21:38:59 -08:00
mirror.py feat: implement channel directory and message mirroring for cross-platform communication 2026-02-22 20:44:15 -08:00
pairing.py Add messaging platform enhancements: STT, stickers, Discord UX, Slack, pairing, hooks 2026-02-15 21:38:59 -08:00
run.py fix(security): patch path traversal, size bypass, and prompt injection in document processing 2026-02-27 11:53:46 -05:00
session.py Merge pull request #75 from satelerd/fix/whatsapp-multi-user-sessions 2026-02-27 03:25:54 -08:00
status.py feat: implement channel directory and message mirroring for cross-platform communication 2026-02-22 20:44:15 -08:00
sticker_cache.py Add messaging platform enhancements: STT, stickers, Discord UX, Slack, pairing, hooks 2026-02-15 21:38:59 -08:00