sanitizeFetchURLs strips query strings and userinfo from each URL so the resulting span attribute can ship by default without leaking signed-URL tokens, OAuth codes, or inline credentials. URLs that fail to parse are emitted as a sentinel rather than the raw string, since an unparseable URL could al
(urls []string)
| 61 | // to parse are emitted as a sentinel rather than the raw string, since |
| 62 | // an unparseable URL could also carry sensitive material. |
| 63 | func sanitizeFetchURLs(urls []string) []string { |
| 64 | out := make([]string, len(urls)) |
| 65 | for i, raw := range urls { |
| 66 | u, err := url.Parse(raw) |
| 67 | if err != nil { |
| 68 | out[i] = "<unparseable>" |
| 69 | continue |
| 70 | } |
| 71 | u.RawQuery = "" |
| 72 | u.Fragment = "" |
| 73 | u.User = nil |
| 74 | out[i] = u.String() |
| 75 | } |
| 76 | return out |
| 77 | } |
| 78 | |
| 79 | func (h *fetchHandler) CallTool(ctx context.Context, params ToolArgs) (*tools.ToolCallResult, error) { |
| 80 | if len(params.URLs) == 0 { |