fix: URL-encode userId and sessionId in VertexAiClient API URLs

tulgaakek · glaforge · commit e7a0c5fb4c41 · 2026-04-07T10:52:54.000+02:00
User-supplied userId and sessionId values were concatenated directly
into Vertex AI REST API URL paths and query parameters without
encoding. This allows query parameter injection via userId (e.g.,
"attacker&amp;extra_param=value") and path manipulation via sessionId
(e.g., "../../other-resource").

Apply URLEncoder.encode() to all user-supplied values before URL
construction in listSessions, listEvents, getSession, deleteSession,
and appendEvent.

Bug: CWE-116 (Improper Encoding or Escaping of Output)
diff --git a/core/src/main/java/com/google/adk/sessions/VertexAiClient.java b/core/src/main/java/com/google/adk/sessions/VertexAiClient.java
@@ -14,6 +14,8 @@
 import io.reactivex.rxjava3.core.Single;
 import java.io.IOException;
 import java.io.UncheckedIOException;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -103,40 +105,53 @@ private Completable pollOperation(String operationId, int attempt) {
             });
   }
 
+  private static String encodeParam(String value) {
+    return URLEncoder.encode(value, StandardCharsets.UTF_8);
+  }
+
   Maybe<JsonNode> listSessions(String reasoningEngineId, String userId) {
     return performApiRequest(
             "GET",
-            "reasoningEngines/" + reasoningEngineId + "/sessions?filter=user_id=" + userId,
+            "reasoningEngines/" + reasoningEngineId
+                + "/sessions?filter=user_id=" + encodeParam(userId),
             "")
         .flatMapMaybe(VertexAiClient::getJsonResponse);
   }
 
   Maybe<JsonNode> listEvents(String reasoningEngineId, String sessionId) {
     return performApiRequest(
             "GET",
-            "reasoningEngines/" + reasoningEngineId + "/sessions/" + sessionId + "/events",
+            "reasoningEngines/" + reasoningEngineId
+                + "/sessions/" + encodeParam(sessionId) + "/events",
             "")
         .doOnSuccess(apiResponse -> logger.debug("List events response {}", apiResponse))
         .flatMapMaybe(VertexAiClient::getJsonResponse);
   }
 
   Maybe<JsonNode> getSession(String reasoningEngineId, String sessionId) {
     return performApiRequest(
-            "GET", "reasoningEngines/" + reasoningEngineId + "/sessions/" + sessionId, "")
+            "GET",
+            "reasoningEngines/" + reasoningEngineId
+                + "/sessions/" + encodeParam(sessionId),
+            "")
         .flatMapMaybe(apiResponse -> getJsonResponse(apiResponse));
   }
 
   Completable deleteSession(String reasoningEngineId, String sessionId) {
     return performApiRequest(
-            "DELETE", "reasoningEngines/" + reasoningEngineId + "/sessions/" + sessionId, "")
+            "DELETE",
+            "reasoningEngines/" + reasoningEngineId
+                + "/sessions/" + encodeParam(sessionId),
+            "")
         .doOnSuccess(ApiResponse::close)
         .ignoreElement();
   }
 
   Completable appendEvent(String reasoningEngineId, String sessionId, String eventJson) {
     return performApiRequest(
             "POST",
-            "reasoningEngines/" + reasoningEngineId + "/sessions/" + sessionId + ":appendEvent",
+            "reasoningEngines/" + reasoningEngineId
+                + "/sessions/" + encodeParam(sessionId) + ":appendEvent",
             eventJson)
         .flatMapCompletable(
             response -> {
