hermes-agent/gateway/platforms
srojk34 16332af60b security(gateway): anchor api_server MEDIA tag resolution to safe paths
_resolve_media_to_data_urls's ad-hoc _MEDIA_TAG_RE matched any bare
token after MEDIA: (no absolute-path anchor) and read the resolved
path directly with no denylist. A relative/traversal path like
MEDIA:../../../../etc/passwd.png slipped through, and any image-
suffixed file the process could read (including under ~/.ssh, ~/.aws,
etc.) was base64-inlined into the API response if its path merely
appeared in the model's own final reply text.

Every other platform adapter's MEDIA: handling already goes through
two shared primitives in gateway/platforms/base.py:
  - MEDIA_TAG_CLEANUP_RE, which anchors the path to ~/, /, or a
    Windows drive letter plus a known deliverable extension.
  - validate_media_delivery_path, which resolves symlinks and rejects
    paths under the credential/system-path denylist.

Reuse both here instead of the local unanchored pattern and naive
Path().expanduser() resolution.
2026-07-03 03:27:47 -07:00
..
qqbot fix(gateway): fail-closed external-surface defaults + profile-aware multiplex authz 2026-07-01 03:56:28 -07:00
__init__.py perf(gateway): defer QQAdapter and YuanbaoAdapter imports via PEP 562 (#22790) 2026-05-09 13:17:48 -07:00
_http_client_limits.py fix(gateway): tighten httpx keepalive and close whatsapp typing-response leak (#18451) 2026-05-02 02:23:37 -07:00
ADDING_A_PLATFORM.md feat(whatsapp): add WhatsApp Business Cloud API adapter 2026-05-23 01:07:01 -04:00
api_server.py security(gateway): anchor api_server MEDIA tag resolution to safe paths 2026-07-03 03:27:47 -07:00
base.py feat(cron/slack): flat in-channel continuable cron delivery surface 2026-07-01 03:16:13 -07:00
bluebubbles.py fix(bluebubbles): drop unused with=participants from chat query 2026-07-01 00:42:56 -07:00
helpers.py refactor: extract shared GFM table→bullet helpers into helpers.py 2026-06-27 03:57:24 +05:30
msgraph_webhook.py fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
signal.py fix(telegram): preserve Bot API update queue on watcher reconnect 2026-06-25 21:29:57 -07:00
signal_format.py fix(signal): share markdown formatting across send paths 2026-06-20 13:47:14 +05:30
signal_rate_limit.py feat(gateway/signal): add support for multiple images sending 2026-04-30 04:28:08 -07:00
webhook.py fix(webhook): close per-delivery session at the true end of the run (#57423) 2026-07-02 17:39:09 -07:00
weixin.py fix(gateway): fail-closed external-surface defaults + profile-aware multiplex authz 2026-07-01 03:56:28 -07:00
whatsapp_cloud.py fix(whatsapp_cloud): resolve reply-to text so the agent sees reply context (#52957) 2026-06-26 01:05:05 -07:00
whatsapp_common.py fix(gateway): fail-closed external-surface defaults + profile-aware multiplex authz 2026-07-01 03:56:28 -07:00
yuanbao.py fix(gateway): fail-closed external-surface defaults + profile-aware multiplex authz 2026-07-01 03:56:28 -07:00
yuanbao_media.py fix(security): SSRF guard yuanbao media download_url (#54470) 2026-06-28 15:29:59 -07:00
yuanbao_proto.py feat(Yuanbao): support wechat forward msg (#43508) 2026-06-12 02:06:47 -07:00
yuanbao_sticker.py yuanbao platform (#16298) 2026-04-26 18:50:49 -07:00