core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
68f536bf4c
molecule-core/workspace/builtin_tools
History
Molecule AI Core Platform Lead 6d5fd6be3e fix(workspace): wrap delegate_task return with sanitize_a2a_result (CWE-117, closes #537) 
Issue #537: builtin_tools/a2a_tools.py:72 returns peer-sourced text from
delegate_task() without OFFSEC-003 sanitization. Sibling regression to #491 / #492
in a different code path (google-adk delegation surface).

Fix: import sanitize_a2a_result from _sanitize_a2a and wrap all 4 peer-controlled
return sites in delegate_task() — parts[0].text path, empty-parts str(result) path,
fallback str(result) path, and the error message path.

Closes #537.
2026-05-11 19:09:18 +00:00
..
__init__.py
a2a_tools.py fix(workspace): wrap delegate_task return with sanitize_a2a_result (CWE-117, closes #537) 2026-05-11 19:09:18 +00:00
approval.py
audit.py
awareness_client.py
compliance.py
delegation.py
governance.py
hitl.py
memory.py
sandbox.py
security_scan.py
security.py
telemetry.py
temporal_workflow.py fix(workspace): default PLATFORM_URL to host.docker.internal in all modules (#475) 2026-05-11 15:17:53 +00:00