Summary
VertexAiSessionService.list_sessions() builds an AIP-160 filter by interpolating raw user_id into a quoted literal. Embedded quotes can break out of that literal and append extra filter syntax.
Affected code
src/google/adk/sessions/vertex_ai_session_service.py
Problem
The current code builds:
user_id="{user_id}"
So a value such as attacker" OR user_id!="" produces:
user_id="attacker" OR user_id!=""
That changes the filter expression instead of keeping the whole value inside the string literal.
Expected behavior
user_id should be quoted as a filter literal before interpolation so embedded quotes and backslashes stay inside the value.
Proposed fix
Quote the filter literal before constructing the AIP-160 filter string and add a regression test that captures the exact filter passed to the Vertex client.
Validation
I have a PR prepared that:
- quotes
user_id before building the filter
- adds a regression test for a quote-containing payload
- reproduces the unsafe filter string on current
origin/main
- passes
pytest tests/unittests/sessions in clean Linux Docker
Summary
VertexAiSessionService.list_sessions()builds an AIP-160 filter by interpolating rawuser_idinto a quoted literal. Embedded quotes can break out of that literal and append extra filter syntax.Affected code
src/google/adk/sessions/vertex_ai_session_service.pyProblem
The current code builds:
user_id="{user_id}"So a value such as
attacker" OR user_id!=""produces:user_id="attacker" OR user_id!=""That changes the filter expression instead of keeping the whole value inside the string literal.
Expected behavior
user_idshould be quoted as a filter literal before interpolation so embedded quotes and backslashes stay inside the value.Proposed fix
Quote the filter literal before constructing the AIP-160 filter string and add a regression test that captures the exact filter passed to the Vertex client.
Validation
I have a PR prepared that:
user_idbefore building the filterorigin/mainpytest tests/unittests/sessionsin clean Linux Docker