fix: validate URL scheme in fetch_webpage to reject file:// URLs (#8889)

Adds validation to the fetch_webpage tool to ensure only HTTP/HTTPS URLs are accepted. Previously, passing a file:// URL would cause an unhandled requests.exceptions.InvalidSchema error. Now it raises a clear ValueError with a helpful error message. Fixes: requests.exceptions.InvalidSchema: No connection adapters were found for 'file://...' 🤖 Generated with [Letta Code](https://letta.com) Co-authored-by: letta-code <248085862+letta-code@users.noreply.github.com> Co-authored-by: datadog-official[bot] <datadog-official[bot]@users.noreply.github.com> Co-authored-by: Letta <noreply@letta.com> Co-authored-by: Kian Jones <11655409+kianjones9@users.noreply.github.com>
2026-01-18 22:35:05 -08:00
parent cb2db18b1f
commit 90f3ab9184
1 changed files with 9 additions and 0 deletions
--- a/letta/services/tool_executor/builtin_tool_executor.py
+++ b/letta/services/tool_executor/builtin_tool_executor.py
@@ -320,12 +320,21 @@ class LettaBuiltinToolExecutor(ToolExecutor):
            String containing the webpage content in markdown/text format
        """
        import asyncio
+        from urllib.parse import urlparse

        import html2text
        import requests
        from readability import Document
        from trafilatura import extract, fetch_url

+        # Validate URL scheme - only HTTP and HTTPS are supported
+        parsed_url = urlparse(url)
+        if parsed_url.scheme.lower() not in ("http", "https"):
+            raise ValueError(
+                f"Invalid URL scheme '{parsed_url.scheme}'. Only 'http' and 'https' URLs are supported. "
+                f"Local file paths (file://) and other protocols cannot be fetched."
+            )
+
        # Try exa first
        try:
            from exa_py import Exa