99 lines
3.8 KiB
Python
99 lines
3.8 KiB
Python
"""Tests that browser_console blocks console messages and errors from eval-navigated private pages.
|
|
|
|
browser_snapshot, browser_vision, _browser_eval, and browser_get_images all re-check
|
|
the page URL before returning content. browser_console (in console output mode) must
|
|
do the same to prevent leakage of console log messages and exception details.
|
|
"""
|
|
|
|
import json
|
|
|
|
import pytest
|
|
|
|
from tools import browser_tool
|
|
|
|
PRIVATE_URL = "http://127.0.0.1:8080/internal"
|
|
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def _patches(monkeypatch):
|
|
monkeypatch.setattr(browser_tool, "_is_camofox_mode", lambda: False)
|
|
monkeypatch.setattr(browser_tool, "_last_session_key", lambda key: key)
|
|
|
|
|
|
def _mock_run_success(monkeypatch):
|
|
def _run(task_id, command, args=None, **kwargs):
|
|
if command == "console":
|
|
return {
|
|
"success": True,
|
|
"data": {
|
|
"messages": [
|
|
{"type": "log", "text": "secret internal message"}
|
|
]
|
|
}
|
|
}
|
|
elif command == "errors":
|
|
return {
|
|
"success": True,
|
|
"data": {
|
|
"errors": [
|
|
{"message": "internal exception info"}
|
|
]
|
|
}
|
|
}
|
|
return {"success": True, "data": {}}
|
|
monkeypatch.setattr(browser_tool, "_run_browser_command", _run)
|
|
|
|
|
|
def test_blocks_console_on_private_page(monkeypatch):
|
|
_mock_run_success(monkeypatch)
|
|
monkeypatch.setattr(browser_tool, "_eval_ssrf_guard_active", lambda tid: True)
|
|
monkeypatch.setattr(browser_tool, "_current_page_private_url", lambda tid: PRIVATE_URL)
|
|
|
|
result = json.loads(browser_tool.browser_console(task_id="test"))
|
|
assert result["success"] is False
|
|
assert "private or internal address" in result["error"]
|
|
assert PRIVATE_URL in result["error"]
|
|
|
|
|
|
def test_allows_console_on_public_page(monkeypatch):
|
|
_mock_run_success(monkeypatch)
|
|
monkeypatch.setattr(browser_tool, "_eval_ssrf_guard_active", lambda tid: True)
|
|
monkeypatch.setattr(browser_tool, "_current_page_private_url", lambda tid: None)
|
|
|
|
result = json.loads(browser_tool.browser_console(task_id="test"))
|
|
assert result["success"] is True
|
|
assert result["total_messages"] == 1
|
|
assert result["console_messages"][0]["text"] == "secret internal message"
|
|
|
|
|
|
def test_skips_guard_for_local_backend(monkeypatch):
|
|
_mock_run_success(monkeypatch)
|
|
monkeypatch.setattr(browser_tool, "_eval_ssrf_guard_active", lambda tid: False)
|
|
|
|
result = json.loads(browser_tool.browser_console(task_id="test"))
|
|
assert result["success"] is True
|
|
assert result["total_messages"] == 1
|
|
|
|
|
|
def test_skips_guard_when_private_urls_allowed(monkeypatch):
|
|
_mock_run_success(monkeypatch)
|
|
monkeypatch.setattr(browser_tool, "_eval_ssrf_guard_active", lambda tid: False)
|
|
|
|
result = json.loads(browser_tool.browser_console(task_id="test"))
|
|
assert result["success"] is True
|
|
assert result["total_messages"] == 1
|
|
|
|
|
|
def test_guard_does_not_block_on_failed_console_command(monkeypatch):
|
|
"""If the console command itself fails, browser_console returns the error naturally."""
|
|
def _run(task_id, command, args=None, **kwargs):
|
|
return {"success": False, "error": "console fetch failed"}
|
|
monkeypatch.setattr(browser_tool, "_run_browser_command", _run)
|
|
monkeypatch.setattr(browser_tool, "_eval_ssrf_guard_active", lambda tid: True)
|
|
monkeypatch.setattr(browser_tool, "_current_page_private_url", lambda tid: PRIVATE_URL)
|
|
|
|
result = json.loads(browser_tool.browser_console(task_id="test"))
|
|
# When the page is private, the guard checks _current_page_private_url first.
|
|
# Because it checks _current_page_private_url BEFORE running the command, it should block it.
|
|
assert result["success"] is False
|
|
assert "private or internal address" in result["error"]
|