fix(security): rate limit web_fetch tool to mitigate DDoS via prompt injection (#19567)

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2026-04-09 12:51:09 -07:00 · 2026-02-20 11:18:07 -06:00
parent c7e309efc9
commit 0f855fc0c4
9 changed files with 166 additions and 1 deletions
--- a/packages/core/src/scheduler/policy.ts
+++ b/packages/core/src/scheduler/policy.ts
@@ -77,7 +77,10 @@ export async function checkPolicy(
    }
  }

-  return { decision, rule: result.rule };
+  return {
+    decision,
+    rule: result.rule,
+  };
 }

 /**
--- a/packages/core/src/scheduler/tool-executor.ts
+++ b/packages/core/src/scheduler/tool-executor.ts
@@ -192,6 +192,8 @@ export class ToolExecutor {
      tool: call.tool,
      invocation: call.invocation,
      durationMs: startTime ? Date.now() - startTime : undefined,
+      startTime,
+      endTime: Date.now(),
      outcome: call.outcome,
    };
  }
@@ -263,6 +265,8 @@ export class ToolExecutor {
      response: successResponse,
      invocation: call.invocation,
      durationMs: startTime ? Date.now() - startTime : undefined,
+      startTime,
+      endTime: Date.now(),
      outcome: call.outcome,
    };
  }
@@ -287,6 +291,8 @@ export class ToolExecutor {
      response,
      tool: call.tool,
      durationMs: startTime ? Date.now() - startTime : undefined,
+      startTime,
+      endTime: Date.now(),
      outcome: call.outcome,
    };
  }
--- a/packages/core/src/scheduler/types.ts
+++ b/packages/core/src/scheduler/types.ts
@@ -86,6 +86,8 @@ export type ErroredToolCall = {
  response: ToolCallResponseInfo;
  tool?: AnyDeclarativeTool;
  durationMs?: number;
+  startTime?: number;
+  endTime?: number;
  outcome?: ToolConfirmationOutcome;
  schedulerId?: string;
  approvalMode?: ApprovalMode;
@@ -98,6 +100,8 @@ export type SuccessfulToolCall = {
  response: ToolCallResponseInfo;
  invocation: AnyToolInvocation;
  durationMs?: number;
+  startTime?: number;
+  endTime?: number;
  outcome?: ToolConfirmationOutcome;
  schedulerId?: string;
  approvalMode?: ApprovalMode;
@@ -125,6 +129,8 @@ export type CancelledToolCall = {
  tool: AnyDeclarativeTool;
  invocation: AnyToolInvocation;
  durationMs?: number;
+  startTime?: number;
+  endTime?: number;
  outcome?: ToolConfirmationOutcome;
  schedulerId?: string;
  approvalMode?: ApprovalMode;