molecule-ai/molecule-core
39
0
Fork 2
Code Issues 25 Pull Requests 16 Actions 51 Packages Projects Releases Wiki Activity

Merge pull request 'fix(workspace): wrap delegate_task return with sanitize_a2a_result (CWE-117, closes #537)' (#542) from fix/537-cwe117-a2a-tools-sanitize into main
Some checks failed
Block internal-flavored paths / Block forbidden paths (push) Successful in 12s
Details
Secret scan / Scan diff for credential-shaped strings (push) Successful in 13s
Details
publish-runtime-autobump / pr-validate (push) Successful in 44s
Details
CI / Detect changes (push) Successful in 47s
Details
Handlers Postgres Integration / detect-changes (push) Successful in 52s
Details
E2E API Smoke Test / detect-changes (push) Successful in 55s
Details
E2E Staging Canvas (Playwright) / detect-changes (push) Successful in 55s
Details
Runtime PR-Built Compatibility / detect-changes (push) Successful in 48s
Details
publish-runtime-autobump / bump-and-tag (push) Failing after 1m10s
Details
CI / Platform (Go) (push) Successful in 7s
Details
CI / Canvas (Next.js) (push) Successful in 8s
Details
CI / Shellcheck (E2E scripts) (push) Successful in 7s
Details
Handlers Postgres Integration / Handlers Postgres Integration (push) Successful in 11s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (push) Successful in 11s
Details
E2E API Smoke Test / E2E API Smoke Test (push) Successful in 12s
Details
CI / Canvas Deploy Reminder (push) Has been skipped
Details
ci-required-drift / drift (push) Failing after 1m22s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (push) Successful in 2m26s
Details
CI / Python Lint & Test (push) Successful in 6m56s
Details
Continuous synthetic E2E (staging) / Synthetic E2E against staging (push) Failing after 5m9s
Details

Browse Source
This commit is contained in:
Molecule AI · core-lead 2026-05-11 19:14:34 +00:00
commit d5114fdbef
1 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
workspace/builtin_tools/a2a_tools.py
View File

@ -9,6 +9,13 @@ import uuid
import httpx
# OFFSEC-003: peer-controlled text MUST be wrapped with sanitize_a2a_result
# before being returned to the LLM. This module's delegate_task() is one of
# the trust-boundary entry points where peer output crosses into our agent's
# context — same surface as a2a_tools_delegation.py:325 (fixed via #492).
# Issue #537.
from _sanitize_a2a import sanitize_a2a_result
PLATFORM_URL = os.environ.get("PLATFORM_URL", "http://host.docker.internal:8080")
WORKSPACE_ID = os.environ.get("WORKSPACE_ID", "")
@ -69,12 +76,14 @@ async def delegate_task(workspace_id: str, task: str) -> str:
result = data["result"]
parts = result.get("parts", []) if isinstance(result, dict) else []
if parts and isinstance(parts[0], dict):
return parts[0].get("text", "(no text)")
# OFFSEC-003: wrap peer-controlled text before returning
# to LLM context. Issue #537.
return sanitize_a2a_result(parts[0].get("text", "(no text)"))
# Empty parts list (e.g. {"parts": []}) should return str(result),
# not "(no text)" — preserves pre-fix behavior (#279 regression fix).
if isinstance(result, dict) and result.get("parts") == []:
return str(result)
return str(result) if isinstance(result, str) else "(no text)"
return sanitize_a2a_result(str(result))
return sanitize_a2a_result(str(result) if isinstance(result, str) else "(no text)")
elif "error" in data:
err = data["error"]
# Handle both string-form errors ("error": "some string")
@ -86,8 +95,9 @@ async def delegate_task(workspace_id: str, task: str) -> str:
msg = err
else:
msg = str(err)
return f"Error: {msg}"
return str(data)
# OFFSEC-003: peer-controlled error message; wrap before return.
return sanitize_a2a_result(f"Error: {msg}")
return sanitize_a2a_result(str(data))
except Exception as e:
return f"Error sending A2A message: {e}"