Skip to content

Restrict builder YAML code references#5293

Open
petrmarinec wants to merge 1 commit intogoogle:mainfrom
petrmarinec:fix-builder-yaml-code-reference-validation
Open

Restrict builder YAML code references#5293
petrmarinec wants to merge 1 commit intogoogle:mainfrom
petrmarinec:fix-builder-yaml-code-reference-validation

Conversation

@petrmarinec
Copy link
Copy Markdown

@petrmarinec petrmarinec commented Apr 11, 2026

Link to Issue or Description of Change

1. Link to an existing issue (if applicable):

Problem:
The builder upload endpoint already blocks Python uploads and YAML args keys because uploaded YAML can cause Python code to be instantiated or invoked through agent configuration. However, the upload validator still allowed arbitrary dotted code references such as os.system in tool, callback, sub-agent code, and other CodeConfig fields. The YAML agent loader resolves those names with importlib.import_module() and getattr(), so a YAML-only builder upload could expose external callables as agent tools or callbacks.

Solution:
Restrict builder-uploaded YAML code references to the app being edited, while preserving short ADK built-in tool names and built-in agent classes. The validator now rejects external dotted references such as os.system, including the edge case where a stdlib app name like os would otherwise make os.system look project-local.

Testing Plan

Unit Tests:

  • I have added or updated unit tests for my change.
  • All unit tests pass locally.

Passed locally:

python -m pyink --check src/google/adk/cli/fast_api.py tests/unittests/cli/test_fast_api.py
python -m pytest tests/unittests/cli/test_fast_api.py -k "builder_save" -q
python -m pytest tests/unittests/cli/test_fast_api.py -q -k "not builder_get_tmp_true_recreates_tmp and not builder_get_allows_yaml_file_paths and not a2a"

The broader FastAPI slice excludes two existing Windows CRLF response-body assertions and A2A tests, matching the known local Windows baseline unrelated to this change.

Manual End-to-End (E2E) Tests:

Not run. The affected builder upload validation path is covered by unit tests. I also validated the underlying pre-fix code path locally by loading a YAML config with an external callable tool reference and confirming that invoking the loaded tool executes in-process.

Checklist

  • I have read the CONTRIBUTING.md document.
  • I have performed a self-review of my own code.
  • I have commented my code, particularly in hard-to-understand areas.
  • I have added tests that prove my fix is effective or that my feature works.
  • New and existing unit tests pass locally with my changes.
  • I have manually tested my changes end-to-end.
  • Any dependent changes have been merged and published in downstream modules.

Additional context

This change is scoped to the builder web upload endpoint. It does not change the general YAML agent config loader for local/trusted YAML files.

@adk-bot adk-bot added the web [Component] This issue will be transferred to adk-web label Apr 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

web [Component] This issue will be transferred to adk-web

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Restrict builder YAML code references

2 participants

@petrmarinec @adk-bot