andre/crewAI
1
0
Fork 0
mirror of https://github.com/crewAIInc/crewAI.git synced 2026-05-04 00:32:36 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

docs: document CodeInterpreterTool removal and RAG path/URL validation

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Alex
2026-04-07 00:07:02 -07:00
parent 4e585a40d9
commit 4c8f289a0a
24 changed files with 291 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docs/en/tools/file-document/jsonsearchtool.mdx
View File

@@ -74,3 +74,19 @@ tool = JSONSearchTool(
}
)
```
## Security
### Path Validation
File paths provided to this tool are validated against the current working directory. Paths that resolve outside the working directory are rejected with a `ValueError`.
To allow paths outside the working directory (for example, in tests or trusted pipelines), set the environment variable:
```shell
CREWAI_TOOLS_ALLOW_UNSAFE_PATHS=true
```
### URL Validation
URL inputs are validated: `file://` URIs and requests targeting private or reserved IP ranges are blocked to prevent server-side request forgery (SSRF) attacks.