vrr/agent-zero
2
0
Fork 0
mirror of https://github.com/agent0ai/agent-zero.git synced 2026-04-30 20:50:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

security fixes

Browse source 
- CSRF tokens implemented into api calls
- password change shell injection fixed
This commit is contained in:
frdel 2025-06-24 14:19:49 +02:00
parent a6a83a48ea
commit 1bb4123dcb
15 changed files with 1794 additions and 1481 deletions
Download patch file Download diff file Expand all files Collapse all files

7
python/helpers/settings.py
View file

@ -1083,7 +1083,12 @@ def _dict_to_env(data_dict):
def set_root_password(password: str):
if not runtime.is_dockerized():
raise Exception("root password can only be set in dockerized environments")
subprocess.run(f"echo 'root:{password}' | chpasswd", shell=True, check=True)
_result = subprocess.run(
["chpasswd"],
input=f"root:{password}".encode(),
capture_output=True,
check=True,
)
dotenv.save_dotenv_value(dotenv.KEY_ROOT_PASSWORD, password)