From 3ab991d2065d949eecad62002257e29162b8d345 Mon Sep 17 00:00:00 2001
From: Rip&Tear <84775494+theCyberTech@users.noreply.github.com>
Date: Sat, 8 Nov 2025 21:18:30 +0800
Subject: [PATCH] Potential fix for code scanning alert no. 25: Incomplete URL
 substring sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 lib/crewai-tools/tests/tools/brave_search_tool_test.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/crewai-tools/tests/tools/brave_search_tool_test.py b/lib/crewai-tools/tests/tools/brave_search_tool_test.py
index c1c32d830..16eb6c050 100644
--- a/lib/crewai-tools/tests/tools/brave_search_tool_test.py
+++ b/lib/crewai-tools/tests/tools/brave_search_tool_test.py
@@ -2,7 +2,8 @@ from unittest.mock import patch
 
 from crewai_tools.tools.brave_search_tool.brave_search_tool import BraveSearchTool
 import pytest
-
+import re
+from urllib.parse import urlparse
 
 @pytest.fixture
 def brave_tool():
@@ -32,7 +33,9 @@ def test_brave_tool_search(mock_get, brave_tool):
 
     result = brave_tool.run(search_query="test")
     assert "Test Title" in result
-    assert "http://test.com" in result
+    # Securely check that a URL with hostname 'test.com' exists in the result
+    urls = re.findall(r'https?://[^\s"]+', result)
+    assert any(urlparse(url).hostname == "test.com" for url in urls), "Expected URL with hostname test.com in result"
 
 
 def test_brave_tool():