Files
wehub-resource-sync b4fbd6fe9f
Deploy Site / deploy-vercel (push) Has been skipped
Deploy Site / deploy-docs (push) Has been skipped
Build Skills Index / build-index (push) Has been skipped
CI / Deny unrelated histories (push) Has been skipped
CI / Detect affected areas (push) Successful in 27m35s
CI / OSV scan (push) Failing after 4s
CI / Build&Test Docker image (push) Successful in 9s
CI / Supply-chain scan (push) Has been skipped
CI / Lint Docker scripts (push) Failing after 5m13s
CI / Check contributors (push) Failing after 12m8s
CI / Docs Site (push) Failing after 12m8s
CI / TypeScript (push) Failing after 12m8s
CI / Python lints (push) Failing after 12m9s
CI / Python tests (push) Failing after 12m9s
CI / Check uv.lock (push) Failing after 23m22s
CI / CI timing report (push) Has been cancelled
Build Skills Index / trigger-deploy (push) Has been cancelled
CI / All required checks pass (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 11:56:03 +08:00

100 lines
3.8 KiB
Python

"""Tests that browser_console blocks console messages and errors from eval-navigated private pages.
browser_snapshot, browser_vision, _browser_eval, and browser_get_images all re-check
the page URL before returning content. browser_console (in console output mode) must
do the same to prevent leakage of console log messages and exception details.
"""
import json
import pytest
from tools import browser_tool
PRIVATE_URL = "http://127.0.0.1:8080/internal"
@pytest.fixture(autouse=True)
def _patches(monkeypatch):
monkeypatch.setattr(browser_tool, "_is_camofox_mode", lambda: False)
monkeypatch.setattr(browser_tool, "_last_session_key", lambda key: key)
def _mock_run_success(monkeypatch):
def _run(task_id, command, args=None, **kwargs):
if command == "console":
return {
"success": True,
"data": {
"messages": [
{"type": "log", "text": "secret internal message"}
]
}
}
elif command == "errors":
return {
"success": True,
"data": {
"errors": [
{"message": "internal exception info"}
]
}
}
return {"success": True, "data": {}}
monkeypatch.setattr(browser_tool, "_run_browser_command", _run)
def test_blocks_console_on_private_page(monkeypatch):
_mock_run_success(monkeypatch)
monkeypatch.setattr(browser_tool, "_eval_ssrf_guard_active", lambda tid: True)
monkeypatch.setattr(browser_tool, "_current_page_private_url", lambda tid: PRIVATE_URL)
result = json.loads(browser_tool.browser_console(task_id="test"))
assert result["success"] is False
assert "private or internal address" in result["error"]
assert PRIVATE_URL in result["error"]
def test_allows_console_on_public_page(monkeypatch):
_mock_run_success(monkeypatch)
monkeypatch.setattr(browser_tool, "_eval_ssrf_guard_active", lambda tid: True)
monkeypatch.setattr(browser_tool, "_current_page_private_url", lambda tid: None)
result = json.loads(browser_tool.browser_console(task_id="test"))
assert result["success"] is True
assert result["total_messages"] == 1
assert result["console_messages"][0]["text"] == "secret internal message"
def test_skips_guard_for_local_backend(monkeypatch):
_mock_run_success(monkeypatch)
monkeypatch.setattr(browser_tool, "_eval_ssrf_guard_active", lambda tid: False)
result = json.loads(browser_tool.browser_console(task_id="test"))
assert result["success"] is True
assert result["total_messages"] == 1
def test_skips_guard_when_private_urls_allowed(monkeypatch):
_mock_run_success(monkeypatch)
monkeypatch.setattr(browser_tool, "_eval_ssrf_guard_active", lambda tid: False)
result = json.loads(browser_tool.browser_console(task_id="test"))
assert result["success"] is True
assert result["total_messages"] == 1
def test_guard_does_not_block_on_failed_console_command(monkeypatch):
"""If the console command itself fails, browser_console returns the error naturally."""
def _run(task_id, command, args=None, **kwargs):
return {"success": False, "error": "console fetch failed"}
monkeypatch.setattr(browser_tool, "_run_browser_command", _run)
monkeypatch.setattr(browser_tool, "_eval_ssrf_guard_active", lambda tid: True)
monkeypatch.setattr(browser_tool, "_current_page_private_url", lambda tid: PRIVATE_URL)
result = json.loads(browser_tool.browser_console(task_id="test"))
# When the page is private, the guard checks _current_page_private_url first.
# Because it checks _current_page_private_url BEFORE running the command, it should block it.
assert result["success"] is False
assert "private or internal address" in result["error"]