mirror of
https://github.com/microsoft/agent-framework.git
synced 2026-06-16 21:04:09 +08:00
Apply suggestions from code review
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
committed by
GitHub
Unverified
parent
70c88d2150
commit
462f37e77d
@@ -27,8 +27,8 @@ type filtering, but checkpoint storage itself must be properly access-controlled
|
||||
- Never route untrusted user input directly into ``deserialize_value`` without
|
||||
first calling :func:`strip_pickle_markers` to neutralize injection of
|
||||
pickle markers into the data path.
|
||||
- Use ``allowed_types`` on your checkpoint storage configuration to restrict
|
||||
the set of types that can be deserialized.
|
||||
- Configure your checkpoint storage with ``allowed_checkpoint_types`` (or call
|
||||
``decode_checkpoint_value(..., allowed_types=...)`` directly) to restrict the set of types that can be deserialized.
|
||||
|
||||
See :mod:`agent_framework._workflows._checkpoint_encoding` for the full
|
||||
security model documentation.
|
||||
|
||||
@@ -34,9 +34,9 @@ Developers **must** ensure that:
|
||||
requests, message payloads, or other untrusted sources.
|
||||
3. The ``allowed_types`` parameter is specified whenever possible to restrict
|
||||
the set of reconstructible types to the minimum required by the application.
|
||||
4. Any code path that handles external input calls
|
||||
:func:`~agent_framework_azurefunctions._serialization.strip_pickle_markers`
|
||||
before passing data to deserialization functions.
|
||||
4. Never pass untrusted external input to ``decode_checkpoint_value``. If you
|
||||
must accept external JSON that might contain checkpoint markers, sanitize it
|
||||
first (for example, :func:`agent_framework_azurefunctions._serialization.strip_pickle_markers`).
|
||||
|
||||
The allowlist is a mitigation that reduces attack surface but does not
|
||||
eliminate the inherent risks of deserializing untrusted pickle data. Treat
|
||||
|
||||
Reference in New Issue
Block a user