charieswei
/
TradingAgents
mirror of https://github.com/TauricResearch/TradingAgents.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

🔒 Fix Denial of Service vulnerability in is_empty 

Co-authored-by: aguzererler <6199053+aguzererler@users.noreply.github.com>
This commit is contained in:
google-labs-jules[bot] 2026-03-21 22:19:58 +00:00
parent 5799bb3f00
commit 2192a32d03
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
cli/main.py
View File

@ -826,8 +826,6 @@ def extract_content_string(content):
"""Extract string content from various message formats.
Returns None if no meaningful text content is found.
"""
import ast
def is_empty(val):
"""Check if value is empty using Python's truthiness."""
if val is None or val == '':
@ -836,10 +834,11 @@ def extract_content_string(content):
s = val.strip()
if not s:
return True
try:
return not bool(ast.literal_eval(s))
except (ValueError, SyntaxError):
return False # Can't parse = real text
# Check for common string representations of "empty" values
# to avoid using unsafe ast.literal_eval
if s.lower() in ("[]", "{}", "()", "none", "false", "0", "0.0", '""', "''"):
return True
return False
return not bool(val)
if is_empty(content):