From 9d5e2f20d63327a8d6ae2e47287b49708e2e9e20 Mon Sep 17 00:00:00 2001 From: danielhanchen Date: Tue, 7 Jul 2026 11:09:33 +0000 Subject: [PATCH] Harden _enables_code_execution_tool against non-dict tool entries Verify each entry and its function field are dicts before reading the tool name, matching the defensive isinstance checks the payload.tools validation already uses. The callers pass resolved internal tool specs, so this is robustness rather than a reachable bug. --- studio/backend/routes/inference.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/studio/backend/routes/inference.py b/studio/backend/routes/inference.py index 970c11d8c..9f92fabf8 100644 --- a/studio/backend/routes/inference.py +++ b/studio/backend/routes/inference.py @@ -1769,7 +1769,10 @@ def _enables_code_execution_tool(tools: list[dict]) -> bool: streaming requirement is scoped to requests that actually expose one.""" from core.inference.tools import CODE_EXECUTION_TOOL_NAMES return any( - (t.get("function") or {}).get("name") in CODE_EXECUTION_TOOL_NAMES for t in (tools or []) + isinstance(t, dict) + and isinstance(t.get("function"), dict) + and t["function"].get("name") in CODE_EXECUTION_TOOL_NAMES + for t in (tools or []) )