andre/crewAI
1
0
Fork 0
mirror of https://github.com/crewAIInc/crewAI.git synced 2026-05-07 02:02:35 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
Files
42b4f0101e31afa2dee47b4125706296c795cc0d
crewAI/lib/crewai-tools/tests/utilities/test_safe_path.py
Iris Clawd 3dc8c45cc9 fix(security): validate IPs on every redirect hop to prevent SSRF bypass (OSS-51) 
Adds a custom HTTPAdapter (_SSRFSafeAdapter) that intercepts every
request — including redirect hops — and validates the resolved IP
against the private/reserved blocklist before the connection proceeds.

New public API:
- safe_request_session(): returns a Session with the adapter mounted
- safe_get(url, **kwargs): drop-in replacement for requests.get() that
  validates the initial URL AND every redirect destination

Updated tools to use safe_get() instead of validate_url() + requests.get():
- ScrapeWebsiteTool
- ScrapeElementFromWebsiteTool
- WebPageLoader (RAG)

Closes OSS-51
2026-05-05 03:57:09 +00:00

9.3 KiB
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink