andre/crewAI
1
0
Fork 0
mirror of https://github.com/crewAIInc/crewAI.git synced 2026-05-04 08:42:38 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

fix: address CodeQL and review comments on RAG path/URL validation

Browse Source 
- Replace insecure tempfile.mktemp() with inline symlink target in test
- Remove unused 'target' variable and unused tempfile import
- Narrow broad except Exception: pass to only catch urlparse errors;
  validate_url ValueError now propagates instead of being silently swallowed
- Fix ruff B904 (raise-without-from-inside-except) in safe_path.py
- Fix ruff B007 (unused loop variable 'family') in safe_path.py
- Use validate_directory_path in DirectorySearchTool.add() so the
  public utility is exercised in production code

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Alex
2026-04-06 23:12:37 -07:00
parent d435619aba
commit 57e23b4dca
4 changed files with 20 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/crewai-tools/tests/utilities/test_safe_path.py
View File

@@ -3,7 +3,6 @@
from __future__ import annotations
import os
import tempfile
import pytest
@@ -52,7 +51,6 @@ class TestValidateFilePath:
def test_rejects_symlink_escape(self, tmp_path):
"""Reject symlinks that point outside base_dir."""
target = tempfile.mktemp() # path that doesn't exist
link = tmp_path / "sneaky_link"
# Create a symlink pointing to /etc/passwd
os.symlink("/etc/passwd", str(link))