From 3c51ee7f48419b1873a5bb4e61e21c27454bbe41 Mon Sep 17 00:00:00 2001 From: Sasha Sobran Date: Thu, 8 Jan 2026 15:12:59 -0800 Subject: [PATCH] fix: fix SSRF vulnerability in load_web_page by disabling automatic redirects Co-authored-by: Sasha Sobran PiperOrigin-RevId: 853901476 --- src/google/adk/tools/load_web_page.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/google/adk/tools/load_web_page.py b/src/google/adk/tools/load_web_page.py index eaefedcc..9ab82af7 100644 --- a/src/google/adk/tools/load_web_page.py +++ b/src/google/adk/tools/load_web_page.py @@ -28,7 +28,8 @@ def load_web_page(url: str) -> str: """ from bs4 import BeautifulSoup - response = requests.get(url) + # Set allow_redirects=False to prevent SSRF attacks via redirection. + response = requests.get(url, allow_redirects=False) if response.status_code == 200: soup = BeautifulSoup(response.content, 'lxml')