Apply suggestions from code review

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
chetantoshniwal
2026-06-02 18:19:34 -07:00
committed by GitHub
Unverified
parent 70c88d2150
commit 462f37e77d
2 changed files with 5 additions and 5 deletions
@@ -27,8 +27,8 @@ type filtering, but checkpoint storage itself must be properly access-controlled
- Never route untrusted user input directly into ``deserialize_value`` without
first calling :func:`strip_pickle_markers` to neutralize injection of
pickle markers into the data path.
- Use ``allowed_types`` on your checkpoint storage configuration to restrict
the set of types that can be deserialized.
- Configure your checkpoint storage with ``allowed_checkpoint_types`` (or call
``decode_checkpoint_value(..., allowed_types=...)`` directly) to restrict the set of types that can be deserialized.
See :mod:`agent_framework._workflows._checkpoint_encoding` for the full
security model documentation.
@@ -34,9 +34,9 @@ Developers **must** ensure that:
requests, message payloads, or other untrusted sources.
3. The ``allowed_types`` parameter is specified whenever possible to restrict
the set of reconstructible types to the minimum required by the application.
4. Any code path that handles external input calls
:func:`~agent_framework_azurefunctions._serialization.strip_pickle_markers`
before passing data to deserialization functions.
4. Never pass untrusted external input to ``decode_checkpoint_value``. If you
must accept external JSON that might contain checkpoint markers, sanitize it
first (for example, :func:`agent_framework_azurefunctions._serialization.strip_pickle_markers`).
The allowlist is a mitigation that reduces attack surface but does not
eliminate the inherent risks of deserializing untrusted pickle data. Treat