vrr/agent-zero
2
0
Fork 0
mirror of https://github.com/agent0ai/agent-zero.git synced 2026-04-30 04:30:36 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

security fixes

Browse source 
- CSRF tokens implemented into api calls
- password change shell injection fixed
This commit is contained in:
frdel 2025-06-24 14:19:49 +02:00
parent a6a83a48ea
commit 1bb4123dcb
15 changed files with 1794 additions and 1481 deletions
Download patch file Download diff file Expand all files Collapse all files

11
python/helpers/api.py
View file

@ -3,14 +3,13 @@ import json
import threading
from typing import Union, TypedDict, Dict, Any
from attr import dataclass
from flask import Request, Response, jsonify, Flask
from flask import Request, Response, jsonify, Flask, session, request
from agent import AgentContext
from initialize import initialize_agent
from python.helpers.print_style import PrintStyle
from python.helpers.errors import format_error
from werkzeug.serving import make_server
Input = dict
Output = Union[Dict[str, Any], Response, TypedDict] # type: ignore
@ -32,6 +31,14 @@ class ApiHandler:
def requires_auth(cls) -> bool:
return True
@classmethod
def get_methods(cls) -> list[str]:
return ["POST"]
@classmethod
def requires_csrf(cls) -> bool:
return cls.requires_auth()
@abstractmethod
async def process(self, input: Input, request: Request) -> Output:
pass