fix(whatsapp_identity): guard against path traversal and silent mapping errors

expand_whatsapp_aliases() interpolated untrusted identifiers directly into filenames (lid-mapping-{current}.json) without validation. An identifier containing ../ or / could escape the session directory. Also replaced bare except Exception: continue with targeted (OSError, json.JSONDecodeError) and a debug log so mapping corruption is diagnosable instead of silently skipped. Fixes: - Reject identifiers with unsafe characters via re.match guard - Replace broad exception swallow with specific catch + debug log
2026-04-27 00:47:43 +03:00 · 2026-04-27 00:47:43 +03:00 · 91512b8210
commit 91512b8210
parent 366351b94d
1 changed files with 8 additions and 1 deletions
--- a/gateway/whatsapp_identity.py
+++ b/gateway/whatsapp_identity.py
@ -31,8 +31,12 @@ Hermes' own session keys.
 from __future__ import annotations

 import json
+import logging
+import re
 from typing import Set

+logger = logging.getLogger(__name__)
+
 from hermes_constants import get_hermes_home


@ -81,6 +85,8 @@ def expand_whatsapp_aliases(identifier: str) -> Set[str]:
        current = queue.pop(0)
        if not current or current in resolved:
            continue
+        if not re.match(r'^[\w@.+-]+$', current):
+            continue

        resolved.add(current)
        for suffix in ("", "_reverse"):
@ -91,7 +97,8 @@ def expand_whatsapp_aliases(identifier: str) -> Set[str]:
                mapped = normalize_whatsapp_identifier(
                    json.loads(mapping_path.read_text(encoding="utf-8"))
                )
-            except Exception:
+            except (OSError, json.JSONDecodeError) as exc:
+                logger.debug("whatsapp_identity: failed to read %s: %s", mapping_path, exc)
                continue
            if mapped and mapped not in resolved:
                queue.append(mapped)