From ce53a34eeae2fb445fd587dca9e871b08eefcbd4 Mon Sep 17 00:00:00 2001 From: Rip&Tear <84775494+theCyberTech@users.noreply.github.com> Date: Wed, 24 Jun 2026 18:43:12 +0800 Subject: [PATCH] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .../src/crewai_tools/security/safe_requests.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/crewai-tools/src/crewai_tools/security/safe_requests.py b/lib/crewai-tools/src/crewai_tools/security/safe_requests.py index 3c8ec6ebc..a71fe94c8 100644 --- a/lib/crewai-tools/src/crewai_tools/security/safe_requests.py +++ b/lib/crewai-tools/src/crewai_tools/security/safe_requests.py @@ -48,8 +48,11 @@ def _assert_safe_peer(sock: Any) -> None: return try: peer = sock.getpeername() - except OSError: - return + except OSError as exc: + raise ValueError( + "Unable to determine the connected peer address; blocking request to prevent SSRF. " + "Set CREWAI_TOOLS_ALLOW_UNSAFE_PATHS=true to bypass." + ) from exc ip_str = str(peer[0]) if _is_private_or_reserved(ip_str): raise ValueError(