hermes-agent

ling/hermes-agent

Fork 0

mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-28 06:51:16 +08:00

Commit Graph

Author	SHA1	Message	Date
Teknium	6993e566ba	fix(whatsapp_identity): pin identifier regex to ASCII, clarify it's defense-in-depth Follow-up on top of #16243. Two small tweaks: - Compile the regex once as `_SAFE_IDENTIFIER_RE` and pin it to `[A-Za-z0-9@.+\-]`. The previous `\w` accepts Unicode word chars (full-width digits, accented letters) which aren't valid WhatsApp identifiers and shouldn't reach the mapping-file lookup. - Add a comment clarifying this is defense-in-depth, not a live traversal. The hardcoded `lid-mapping-{current}{suffix}.json` prefix already prevents escape via pathlib's component split — with `current='../secrets'`, the first path component under `session/` is the literal directory name `lid-mapping-..`, which the attacker cannot create. E2E verified: legit mapping chains still resolve, all probed attack shapes (`../`, absolute paths, shell metacharacters, Unicode digit tricks) are rejected before any file access.	2026-04-26 20:48:31 -07:00
sprmn24	91512b8210	fix(whatsapp_identity): guard against path traversal and silent mapping errors expand_whatsapp_aliases() interpolated untrusted identifiers directly into filenames (lid-mapping-{current}.json) without validation. An identifier containing ../ or / could escape the session directory. Also replaced bare except Exception: continue with targeted (OSError, json.JSONDecodeError) and a debug log so mapping corruption is diagnosable instead of silently skipped. Fixes: - Reject identifiers with unsafe characters via re.match guard - Replace broad exception swallow with specific catch + debug log	2026-04-26 20:48:31 -07:00
Teknium	62c14d5513	refactor(gateway): extract WhatsApp identity helpers into shared module Follow-up to the canonical-identity session-key fix: pull the JID/LID normalize/expand/canonical helpers into gateway/whatsapp_identity.py instead of living in two places. gateway/session.py (session-key build) and gateway/run.py (authorisation allowlist) now both import from the shared module, so the two resolution paths can't drift apart. Also switches the auth path from module-level _hermes_home (cached at import time) to dynamic get_hermes_home() lookup, which matches the session-key path and correctly reflects HERMES_HOME env overrides. The lone test that monkeypatched gateway.run._hermes_home for the WhatsApp auth path is updated to set HERMES_HOME env var instead; all other tests that monkeypatch _hermes_home for unrelated paths (update, restart drain, shutdown marker, etc.) still work — the module-level _hermes_home is untouched.	2026-04-24 07:55:55 -07:00

Author

SHA1

Message

Date

Teknium

6993e566ba

fix(whatsapp_identity): pin identifier regex to ASCII, clarify it's defense-in-depth

Follow-up on top of #16243. Two small tweaks:

- Compile the regex once as `_SAFE_IDENTIFIER_RE` and pin it to
  `[A-Za-z0-9@.+\-]`. The previous `\w` accepts Unicode word chars
  (full-width digits, accented letters) which aren't valid WhatsApp
  identifiers and shouldn't reach the mapping-file lookup.
- Add a comment clarifying this is defense-in-depth, not a live
  traversal. The hardcoded `lid-mapping-{current}{suffix}.json`
  prefix already prevents escape via pathlib's component split —
  with `current='../secrets'`, the first path component under
  `session/` is the literal directory name `lid-mapping-..`,
  which the attacker cannot create.

E2E verified: legit mapping chains still resolve, all probed attack
shapes (`../`, absolute paths, shell metacharacters, Unicode digit
tricks) are rejected before any file access.

2026-04-26 20:48:31 -07:00

sprmn24

91512b8210

fix(whatsapp_identity): guard against path traversal and silent mapping errors

expand_whatsapp_aliases() interpolated untrusted identifiers directly
into filenames (lid-mapping-{current}.json) without validation.
An identifier containing ../ or / could escape the session directory.

Also replaced bare except Exception: continue with targeted
(OSError, json.JSONDecodeError) and a debug log so mapping
corruption is diagnosable instead of silently skipped.

Fixes:
- Reject identifiers with unsafe characters via re.match guard
- Replace broad exception swallow with specific catch + debug log

2026-04-26 20:48:31 -07:00

Teknium

62c14d5513

refactor(gateway): extract WhatsApp identity helpers into shared module

Follow-up to the canonical-identity session-key fix: pull the
JID/LID normalize/expand/canonical helpers into gateway/whatsapp_identity.py
instead of living in two places. gateway/session.py (session-key build) and
gateway/run.py (authorisation allowlist) now both import from the shared
module, so the two resolution paths can't drift apart.

Also switches the auth path from module-level _hermes_home (cached at
import time) to dynamic get_hermes_home() lookup, which matches the
session-key path and correctly reflects HERMES_HOME env overrides. The
lone test that monkeypatched gateway.run._hermes_home for the WhatsApp
auth path is updated to set HERMES_HOME env var instead; all other
tests that monkeypatch _hermes_home for unrelated paths (update,
restart drain, shutdown marker, etc.) still work — the module-level
_hermes_home is untouched.

2026-04-24 07:55:55 -07:00

3 Commits