From 8593b8990a3f21b09612db93dfddbca0fd2f33c9 Mon Sep 17 00:00:00 2001 From: Rip&Tear <84775494+theCyberTech@users.noreply.github.com> Date: Wed, 24 Jun 2026 14:22:18 +0800 Subject: [PATCH] Disable env proxies for SSRF-safe requests --- .../crewai_tools/security/safe_requests.py | 3 +++ .../tests/utilities/test_safe_requests.py | 24 +++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/lib/crewai-tools/src/crewai_tools/security/safe_requests.py b/lib/crewai-tools/src/crewai_tools/security/safe_requests.py index d9540ecc8..3c8ec6ebc 100644 --- a/lib/crewai-tools/src/crewai_tools/security/safe_requests.py +++ b/lib/crewai-tools/src/crewai_tools/security/safe_requests.py @@ -128,6 +128,9 @@ def create_safe_session() -> requests.Session: connections to the validated peer IP. """ session = requests.Session() + # Ambient proxy settings bypass the protected pool classes via requests' + # proxy manager path, so safe fetches must opt out of environment config. + session.trust_env = False adapter = SSRFProtectedAdapter() session.mount("http://", adapter) session.mount("https://", adapter) diff --git a/lib/crewai-tools/tests/utilities/test_safe_requests.py b/lib/crewai-tools/tests/utilities/test_safe_requests.py index 69b72e602..206a99330 100644 --- a/lib/crewai-tools/tests/utilities/test_safe_requests.py +++ b/lib/crewai-tools/tests/utilities/test_safe_requests.py @@ -69,6 +69,30 @@ class TestRedirectRevalidation: session = create_safe_session() assert isinstance(session.get_adapter("http://x"), SSRFProtectedAdapter) assert isinstance(session.get_adapter("https://x"), SSRFProtectedAdapter) + assert session.trust_env is False + + def test_safe_get_ignores_environment_proxies(self, monkeypatch): + """Environment proxies must not route safe fetches around the safe pool.""" + monkeypatch.setenv("HTTP_PROXY", "http://127.0.0.1:9999") + monkeypatch.setenv("HTTPS_PROXY", "http://127.0.0.1:9999") + monkeypatch.setattr(safe_requests, "validate_url", lambda url: url) + + def fail_proxy_manager(self, proxy, **proxy_kwargs): + raise AssertionError("safe_get unexpectedly used an environment proxy") + + def fake_send(self, request, **kwargs): + assert kwargs["proxies"] == {} + response = requests.Response() + response.status_code = 200 + response.url = request.url + return response + + monkeypatch.setattr(SSRFProtectedAdapter, "proxy_manager_for", fail_proxy_manager) + monkeypatch.setattr(requests.adapters.HTTPAdapter, "send", fake_send) + + response = safe_get("http://example.com/", timeout=10) + + assert response.status_code == 200 class _FakeSock: