From 83ae65487e092e500ab9ac021eabe36041326468 Mon Sep 17 00:00:00 2001 From: kshitijk4poor <82637225+kshitijk4poor@users.noreply.github.com> Date: Wed, 1 Jul 2026 13:46:06 +0530 Subject: [PATCH] test(browser): cover guard-inactive + camofox short-circuit paths; fix blank lines Review follow-up on the private-page action guard: - Add test_guard_inactive_does_not_block_or_probe: when the SSRF guard is inactive (local backend / allow_private_urls), click/type/press must proceed WITHOUT probing the page URL. This is the branch most likely to silently regress if the guard condition is inverted; a mutation check (flipping the condition) confirms the test fails as designed. - Add test_camofox_short_circuits_before_guard: camofox mode returns from the dedicated camofox_* path before the guard runs; guards never consulted. - Fix PEP8: 3 -> 2 blank lines before _blocked_private_page_action. --- .../test_browser_private_page_action_guard.py | 47 +++++++++++++++++++ tools/browser_tool.py | 3 -- 2 files changed, 47 insertions(+), 3 deletions(-) diff --git a/tests/tools/test_browser_private_page_action_guard.py b/tests/tools/test_browser_private_page_action_guard.py index 1070731aa..f0d906e62 100644 --- a/tests/tools/test_browser_private_page_action_guard.py +++ b/tests/tools/test_browser_private_page_action_guard.py @@ -57,3 +57,50 @@ def test_click_still_runs_when_current_page_is_public(monkeypatch): assert out == {"success": True, "clicked": "@e1"} assert calls == [("task-1", "click", ["@e1"])] + + +def test_guard_inactive_does_not_block_or_probe(monkeypatch): + """When the SSRF guard is inactive (local backend / allow_private_urls), + the action must proceed WITHOUT even probing the page URL — a private-looking + current URL is irrelevant. This is the branch most likely to silently regress + if the guard condition is ever inverted, so it is exercised explicitly.""" + calls = [] + + monkeypatch.setattr(browser_tool, "_eval_ssrf_guard_active", lambda task_id: False) + + def fail_probe(task_id): + raise AssertionError("_current_page_private_url must not be probed when guard inactive") + + monkeypatch.setattr(browser_tool, "_current_page_private_url", fail_probe) + + def fake_run(task_id, command, args): + calls.append((task_id, command, args)) + return {"success": True} + + monkeypatch.setattr(browser_tool, "_run_browser_command", fake_run) + + out = json.loads(browser_tool.browser_click("@e1", task_id="task-1")) + + assert out == {"success": True, "clicked": "@e1"} + assert calls == [("task-1", "click", ["@e1"])] + + +def test_camofox_short_circuits_before_guard(monkeypatch): + """Camofox mode returns from the dedicated camofox_* path BEFORE reaching the + private-page guard, so the guard's helpers must never be consulted. Guards the + ordering invariant (camofox early-return precedes _last_session_key + guard).""" + monkeypatch.setattr(browser_tool, "_is_camofox_mode", lambda: True) + + def fail_guard(task_id): + raise AssertionError("guard must not run in camofox mode") + + monkeypatch.setattr(browser_tool, "_eval_ssrf_guard_active", fail_guard) + monkeypatch.setattr(browser_tool, "_current_page_private_url", fail_guard) + + import tools.browser_camofox as camofox + + monkeypatch.setattr(camofox, "camofox_click", lambda ref, task_id: '{"success": true, "camofox": true}') + + out = json.loads(browser_tool.browser_click("@e1", task_id="task-1")) + + assert out == {"success": True, "camofox": True} diff --git a/tools/browser_tool.py b/tools/browser_tool.py index 7bd51740c..f74e1f4e5 100644 --- a/tools/browser_tool.py +++ b/tools/browser_tool.py @@ -3139,9 +3139,6 @@ def browser_press(key: str, task_id: Optional[str] = None) -> str: return json.dumps(_copy_fallback_warning(response, result), ensure_ascii=False) - - - def _blocked_private_page_action(effective_task_id: str, action: str) -> Optional[str]: """Return a blocked payload when an unsafe cloud page would receive input.""" if not _eval_ssrf_guard_active(effective_task_id):