fix(security): SSRF via AgentCard URL and context ID Injection (A2A-SSRF-01, A2A-INJ-01) #3073
amit-rautAnnotations
12 errors, 1 warning, and 3 notices
|
Lint Code Base
Process completed with exit code 1.
|
|
Lint Code Base
Process completed with exit code 1.
|
|
ruff (I001):
src/a2a/utils/url_validation.py#L11
src/a2a/utils/url_validation.py:11:1: I001 Import block is un-sorted or un-formatted
help: Organize imports
|
|
ruff (D102):
src/a2a/server/request_handlers/default_request_handler.py#L595
src/a2a/server/request_handlers/default_request_handler.py:595:15: D102 Missing docstring in public method
|
|
ruff (D102):
src/a2a/server/request_handlers/default_request_handler.py#L579
src/a2a/server/request_handlers/default_request_handler.py:579:15: D102 Missing docstring in public method
|
|
ruff (D102):
src/a2a/server/request_handlers/default_request_handler.py#L550
src/a2a/server/request_handlers/default_request_handler.py:550:15: D102 Missing docstring in public method
|
|
ruff (D102):
src/a2a/server/request_handlers/default_request_handler.py#L532
src/a2a/server/request_handlers/default_request_handler.py:532:15: D102 Missing docstring in public method
|
|
ruff (D102):
src/a2a/server/request_handlers/default_request_handler.py#L519
src/a2a/server/request_handlers/default_request_handler.py:519:15: D102 Missing docstring in public method
|
|
ruff (D415):
src/a2a/server/request_handlers/default_request_handler.py#L1
src/a2a/server/request_handlers/default_request_handler.py:1:1: D415 First line should end with a period, question mark, or exclamation point
help: Add closing punctuation
|
|
ruff (D102):
src/a2a/client/card_resolver.py#L53
src/a2a/client/card_resolver.py:53:15: D102 Missing docstring in public method
|
|
ruff (I001):
src/a2a/client/card_resolver.py#L14
src/a2a/client/card_resolver.py:14:1: I001 Import block is un-sorted or un-formatted
help: Organize imports
|
|
ruff (D415):
src/a2a/client/card_resolver.py#L1
src/a2a/client/card_resolver.py:1:1: D415 First line should end with a period, question mark, or exclamation point
help: Add closing punctuation
|
|
Lint Code Base
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: getunlatch/jscpd-github-action@v1.3. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Lint Code Base
repository contains 25 duplications.
2 duplications were part of this PR and were annotated
|
|
Copy/pasted code:
src/a2a/server/request_handlers/default_request_handler.py#L180
see src/a2a/server/request_handlers/default_request_handler.py (562-574)
|
|
Copy/pasted code:
src/a2a/server/request_handlers/default_request_handler.py#L562
see src/a2a/server/request_handlers/default_request_handler.py (180-193)
|