fix(gateway): denylist config.yaml for media delivery (belt-and-suspenders)
Defense-in-depth on top of the EphemeralReply gate: even if a config.yaml path reaches response text via some other path, it can never be delivered as a native attachment. Matches existing protection for .env, auth.json, and credentials/. Co-authored-by: JezzaHehn <jezzahehn@gmail.com>
This commit is contained in:
parent
bdfba45247
commit
4ec0adebe8
1 changed files with 4 additions and 2 deletions
|
|
@ -954,11 +954,13 @@ def _media_delivery_denied_paths() -> List[Path]:
|
||||||
home = Path(os.path.expanduser("~"))
|
home = Path(os.path.expanduser("~"))
|
||||||
for sub in _MEDIA_DELIVERY_DENIED_HOME_SUBPATHS:
|
for sub in _MEDIA_DELIVERY_DENIED_HOME_SUBPATHS:
|
||||||
denied.append(home / sub)
|
denied.append(home / sub)
|
||||||
# The Hermes home itself contains credentials (auth.json, .env) — only the
|
# The Hermes home itself contains credentials (auth.json, .env) and
|
||||||
# cache subdirectories under it are explicitly allowlisted above.
|
# configuration (config.yaml) — only the cache subdirectories under it
|
||||||
|
# are explicitly allowlisted above.
|
||||||
denied.append(_HERMES_HOME / ".env")
|
denied.append(_HERMES_HOME / ".env")
|
||||||
denied.append(_HERMES_HOME / "auth.json")
|
denied.append(_HERMES_HOME / "auth.json")
|
||||||
denied.append(_HERMES_HOME / "credentials")
|
denied.append(_HERMES_HOME / "credentials")
|
||||||
|
denied.append(_HERMES_HOME / "config.yaml")
|
||||||
return denied
|
return denied
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue