molecule-ai/hermes-agent
36
0
Fork 0
Code Issues 4 Pull Requests 5 Actions 1 Packages Projects Releases Wiki Activity
975fd86dc4
hermes-agent/tests/tools
History
teknium1 5212644861 fix(security): prevent shell injection in tilde-username path expansion 
Validate that the username portion of ~username paths contains only
valid characters (alphanumeric, dot, hyphen, underscore) before passing
to shell echo for expansion. Previously, paths like '~; rm -rf /'
would be passed unquoted to self._exec(f'echo {path}'), allowing
arbitrary command execution.

The approach validates the username rather than using shlex.quote(),
which would prevent tilde expansion from working at all since
echo '~user' outputs the literal string instead of expanding it.

Added tests for injection blocking and valid ~username/path expansion.

Credit to @alireza78a for reporting (PR #442, issue #442).
2026-03-09 17:33:19 -07:00
..
__init__.py
test_approval.py test: strengthen assertions across 3 more test files (batch 2) 2026-03-05 18:46:30 -08:00
test_browser_console.py feat: browser console/errors tool, annotated screenshots, auto-recording, and dogfood QA skill 2026-03-08 21:28:12 -07:00
test_clarify_tool.py
test_clipboard.py fix: clipboard BMP conversion file loss and broken test 2026-03-08 17:22:27 -07:00
test_code_execution.py fix: correct mock tool name 'search' → 'search_files' in test_code_execution 2026-03-06 03:53:43 -08:00
test_cron_prompt_injection.py
test_cronjob_tools.py
test_daytona_environment.py fix(daytona): use shell timeout wrapper instead of broken SDK exec timeout 2026-03-05 13:12:41 -08:00
test_debug_helpers.py
test_delegate.py fix: remove stale 'model' assertion from delegate_task schema test 2026-03-07 11:29:55 -08:00
test_file_operations.py fix: search_files now reports error for non-existent paths instead of silent empty results 2026-03-08 16:47:20 -07:00
test_file_tools_live.py fix(security): prevent shell injection in tilde-username path expansion 2026-03-09 17:33:19 -07:00
test_file_tools.py fix: apply secret redaction to file tool outputs 2026-03-09 00:49:46 -07:00
test_force_dangerous_override.py fix: prevent --force from overriding dangerous verdict in should_allow_install 2026-03-04 18:10:18 +03:00
test_fuzzy_match.py
test_hidden_dir_filter.py fix: use Path.parts for hidden directory filter in skill listing 2026-03-04 18:34:16 +03:00
test_homeassistant_tool.py
test_interrupt.py
test_mcp_tool.py feat(mcp): add sampling support — server-initiated LLM requests (#753) 2026-03-09 03:37:38 -07:00
test_memory_tool.py test: strengthen assertions in skill_manager + memory_tool (batch 3) 2026-03-05 18:51:43 -08:00
test_patch_parser.py
test_process_registry.py
test_registry.py fix: catch exceptions from check_fn in is_toolset_available() 2026-03-04 14:22:30 -08:00
test_session_search.py fix: exclude current session from session_search results 2026-03-04 06:06:40 -08:00
test_skill_manager_tool.py test: strengthen assertions in skill_manager + memory_tool (batch 3) 2026-03-05 18:51:43 -08:00
test_skill_view_path_check.py refactor: use Path.is_relative_to() for skill_view boundary check 2026-03-04 05:30:43 -08:00
test_skill_view_traversal.py
test_skills_guard.py Merge PR #388: fix --force bypassing dangerous verdict in should_allow_install 2026-03-04 19:19:57 -08:00
test_skills_hub_clawhub.py
test_skills_hub.py
test_skills_sync.py fix: prevent data loss in skills sync on copy/update failure 2026-03-07 03:58:32 +03:00
test_skills_tool.py Revert "feat: skill prerequisites — hide skills with unmet runtime dependencies" 2026-03-08 03:58:13 -07:00
test_symlink_prefix_confusion.py fix: use is_relative_to() for symlink boundary check in skills_guard 2026-03-04 17:23:23 +03:00
test_terminal_disk_usage.py
test_todo_tool.py
test_vision_tools.py test: add comprehensive tests for vision_tools (42 tests) 2026-03-09 15:32:02 -07:00
test_web_tools_config.py test: comprehensive tests for model metadata + firecrawl config 2026-03-05 18:22:39 -08:00
test_windows_compat.py
test_write_deny.py