From b9cbabe63425c3d953da94009f905a64835be5c7 Mon Sep 17 00:00:00 2001
From: LawyZheng <lawyzheng1106@gmail.com>
Date: Thu, 22 Jan 2026 01:42:42 +0800
Subject: [PATCH] check bitwarden itemid format (#4508)

---
 skyvern/forge/sdk/services/bitwarden.py | 7 +++++++
 skyvern/utils/strings.py                | 9 +++++++++
 2 files changed, 16 insertions(+)

diff --git a/skyvern/forge/sdk/services/bitwarden.py b/skyvern/forge/sdk/services/bitwarden.py
index faf48812..9f4cccf0 100644
--- a/skyvern/forge/sdk/services/bitwarden.py
+++ b/skyvern/forge/sdk/services/bitwarden.py
@@ -33,6 +33,7 @@ from skyvern.forge.sdk.schemas.credentials import (
     SecretCredential,
 )
 from skyvern.forge.sdk.services.credentials import parse_totp_secret
+from skyvern.utils.strings import is_uuid
 
 LOG = structlog.get_logger()
 BITWARDEN_SERVER_BASE_URL = f"{settings.BITWARDEN_SERVER}:{settings.BITWARDEN_SERVER_PORT or 8002}"
@@ -223,6 +224,9 @@ class BitwardenService:
         if not bw_organization_id and bw_collection_ids and collection_id not in bw_collection_ids:
             raise BitwardenAccessDeniedError()
 
+        if item_id and not is_uuid(item_id):
+            raise BitwardenGetItemError(f"Invalid item ID: {item_id}. Check if the item ID is correct")
+
         for i in range(max_retries):
             # FIXME: just simply double the timeout for the second try. maybe a better backoff policy when needed
             timeout = (i + 1) * timeout
@@ -698,6 +702,9 @@ class BitwardenService:
         """
         Get the credit card data from the Bitwarden CLI.
         """
+        if not is_uuid(item_id):
+            raise BitwardenGetItemError(f"Invalid item ID: {item_id}. Check if the item ID is correct")
+
         try:
             async with asyncio.timeout(settings.BITWARDEN_TIMEOUT_SECONDS):
                 return await BitwardenService._get_credit_card_data(
diff --git a/skyvern/utils/strings.py b/skyvern/utils/strings.py
index 198298e8..892f8d25 100644
--- a/skyvern/utils/strings.py
+++ b/skyvern/utils/strings.py
@@ -1,6 +1,7 @@
 import os
 import random
 import string
+import uuid
 
 RANDOM_STRING_POOL = string.ascii_letters + string.digits
 
@@ -9,3 +10,11 @@ def generate_random_string(length: int = 5) -> str:
     # Use the os.urandom(16) as the seed
     random.seed(os.urandom(16))
     return "".join(random.choices(RANDOM_STRING_POOL, k=length))
+
+
+def is_uuid(string: str) -> bool:
+    try:
+        uuid.UUID(string)
+        return True
+    except ValueError:
+        return False