fix: cap image download at 50 MB, validate tool call parser fields#6949
Closed
aaronlab wants to merge 1 commit into
Closed
fix: cap image download at 50 MB, validate tool call parser fields#6949aaronlab wants to merge 1 commit into
aaronlab wants to merge 1 commit into
Conversation
vision_tools.py: _download_image() loads the full HTTP response body into memory via response.content (line 190) with no Content-Length check and no max file size limit. An attacker-hosted multi-gigabyte file causes OOM. Add a 50 MB hard cap: check Content-Length header before download, and verify actual body size before writing to disk. hermes_parser.py: tc_data["name"] at line 57 raises KeyError when the LLM outputs a tool call JSON without a "name" field. The outer except catches it silently, causing the entire tool call to be lost with zero diagnostics. Add "name" field validation before constructing the ChatCompletionMessage. mistral_parser.py: tc["name"] at line 101 has the same KeyError issue in the pre-v11 format path. The fallback decoder (line 112) already checks "name" correctly, but the primary path does not. Add validation to match. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
teknium1
added a commit
that referenced
this pull request
Apr 11, 2026
…onse Follow-up fixes for cherry-pick conflicts: - Removed test_context_keeps_pending_approval test that referenced pop_pending() which doesn't exist on current main - Added headers attribute to FakeResponse in vision test (needed after #6949 added Content-Length check)
teknium1
added a commit
that referenced
this pull request
Apr 11, 2026
…onse Follow-up fixes for cherry-pick conflicts: - Removed test_context_keeps_pending_approval test that referenced pop_pending() which doesn't exist on current main - Added headers attribute to FakeResponse in vision test (needed after #6949 added Content-Length check)
Contributor
|
Merged via #7654 with authorship preserved. Thanks for the contribution! |
Tommyeds
pushed a commit
to Tommyeds/hermes-agent
that referenced
this pull request
Apr 12, 2026
…onse Follow-up fixes for cherry-pick conflicts: - Removed test_context_keeps_pending_approval test that referenced pop_pending() which doesn't exist on current main - Added headers attribute to FakeResponse in vision test (needed after NousResearch#6949 added Content-Length check)
liaoyinglong
pushed a commit
to liaoyinglong/hermes-agent
that referenced
this pull request
Apr 13, 2026
…onse Follow-up fixes for cherry-pick conflicts: - Removed test_context_keeps_pending_approval test that referenced pop_pending() which doesn't exist on current main - Added headers attribute to FakeResponse in vision test (needed after NousResearch#6949 added Content-Length check)
angelburgosrosado
pushed a commit
to angelburgosrosado/hermes-agent
that referenced
this pull request
Apr 28, 2026
…onse Follow-up fixes for cherry-pick conflicts: - Removed test_context_keeps_pending_approval test that referenced pop_pending() which doesn't exist on current main - Added headers attribute to FakeResponse in vision test (needed after NousResearch#6949 added Content-Length check)
ulasbilgen
pushed a commit
to ulasbilgen/hermes-adhd-agent
that referenced
this pull request
May 1, 2026
…onse Follow-up fixes for cherry-pick conflicts: - Removed test_context_keeps_pending_approval test that referenced pop_pending() which doesn't exist on current main - Added headers attribute to FakeResponse in vision test (needed after NousResearch#6949 added Content-Length check)
aj-nt
pushed a commit
to aj-nt/hermes-agent
that referenced
this pull request
May 1, 2026
…onse Follow-up fixes for cherry-pick conflicts: - Removed test_context_keeps_pending_approval test that referenced pop_pending() which doesn't exist on current main - Added headers attribute to FakeResponse in vision test (needed after NousResearch#6949 added Content-Length check)
02356abc
pushed a commit
to 02356abc/hermes-agent
that referenced
this pull request
May 14, 2026
…onse Follow-up fixes for cherry-pick conflicts: - Removed test_context_keeps_pending_approval test that referenced pop_pending() which doesn't exist on current main - Added headers attribute to FakeResponse in vision test (needed after NousResearch#6949 added Content-Length check)
olympus-terminal
pushed a commit
to olympus-terminal/hermes-agent
that referenced
this pull request
May 16, 2026
…onse Follow-up fixes for cherry-pick conflicts: - Removed test_context_keeps_pending_approval test that referenced pop_pending() which doesn't exist on current main - Added headers attribute to FakeResponse in vision test (needed after NousResearch#6949 added Content-Length check)
gweeteve
pushed a commit
to gweeteve/hermes-agent
that referenced
this pull request
Jun 2, 2026
…onse Follow-up fixes for cherry-pick conflicts: - Removed test_context_keeps_pending_approval test that referenced pop_pending() which doesn't exist on current main - Added headers attribute to FakeResponse in vision test (needed after NousResearch#6949 added Content-Length check)
Egavasyug
pushed a commit
to Egavasyug/hermes-agent
that referenced
this pull request
Jun 10, 2026
…onse Follow-up fixes for cherry-pick conflicts: - Removed test_context_keeps_pending_approval test that referenced pop_pending() which doesn't exist on current main - Added headers attribute to FakeResponse in vision test (needed after NousResearch#6949 added Content-Length check)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
vision_tools.py — OOM via unbounded image download:
_download_image()loads the full HTTP response body into memory viaresponse.content(line 190) with no Content-Length check and no max file size limit. An attacker-hosted multi-gigabyte image file or decompression bomb causes OOM and crashes the agent. Added a_VISION_MAX_DOWNLOAD_BYTES = 50 MBhard cap: first checksContent-Lengthheader before downloading, then verifies actual body size before writing to disk. Consistent with the 20 MB limits used by the Slack and WeCom adapters.hermes_parser.py — KeyError on missing "name" field:
tc_data["name"]at line 57 raisesKeyErrorwhen an LLM outputs a tool call JSON without a"name"field (e.g.,{"arguments": {"x": 1}}). The outerexcept Exceptioncatches it silently, causing the entire tool call to be lost with zero diagnostics. Added"name" in tc_datavalidation before constructing the tool call.mistral_parser.py — same KeyError in primary path:
tc["name"]at line 101 has the same issue. Notably, the fallback decoder at line 112 already checks"name" in objcorrectly, but the primary path does not. Added validation to match the fallback's pattern.Test plan
{"arguments": {}}(no name) → verify graceful skip, no crash[{"arguments": {}}](no name) → verify graceful skip🤖 Generated with Claude Code