Harden base URL and headers env normalization boundaries

Co-authored-by: Shri Sukhani <shrisukhani@users.noreply.github.com>

Author: cursoragent

hyperbrowser/config.py

@@ -105,7 +105,20 @@ def _safe_unquote(value: str, *, component_label: str) -> str:
     def normalize_base_url(base_url: str) -> str:
         if not isinstance(base_url, str):
             raise HyperbrowserError("base_url must be a string")
-        normalized_base_url = base_url.strip().rstrip("/")
+        try:
+            stripped_base_url = base_url.strip()
+            if type(stripped_base_url) is not str:
+                raise TypeError("normalized base_url must be a string")
+            normalized_base_url = stripped_base_url.rstrip("/")
+            if type(normalized_base_url) is not str:
+                raise TypeError("normalized base_url must be a string")
+        except HyperbrowserError:
+            raise
+        except Exception as exc:
+            raise HyperbrowserError(
+                "Failed to normalize base_url",
+                original_error=exc,
+            ) from exc
         if not normalized_base_url:
             raise HyperbrowserError("base_url must not be empty")
         if "\n" in normalized_base_url or "\r" in normalized_base_url:
@@ -318,6 +331,17 @@ def resolve_base_url_from_env(raw_base_url: Optional[str]) -> str:
             return "https://api.hyperbrowser.ai"
         if not isinstance(raw_base_url, str):
             raise HyperbrowserError("HYPERBROWSER_BASE_URL must be a string")
-        if not raw_base_url.strip():
+        try:
+            normalized_env_base_url = raw_base_url.strip()
+            if not isinstance(normalized_env_base_url, str):
+                raise TypeError("normalized environment base_url must be a string")
+        except HyperbrowserError:
+            raise
+        except Exception as exc:
+            raise HyperbrowserError(
+                "Failed to normalize HYPERBROWSER_BASE_URL",
+                original_error=exc,
+            ) from exc
+        if not normalized_env_base_url:
             raise HyperbrowserError("HYPERBROWSER_BASE_URL must not be empty when set")
-        return ClientConfig.normalize_base_url(raw_base_url)
+        return ClientConfig.normalize_base_url(normalized_env_base_url)

hyperbrowser/header_utils.py

@@ -141,10 +141,21 @@ def parse_headers_env_json(raw_headers: Optional[str]) -> Optional[Dict[str, str
         return None
     if not isinstance(raw_headers, str):
         raise HyperbrowserError("HYPERBROWSER_HEADERS must be a string")
-    if not raw_headers.strip():
+    try:
+        normalized_raw_headers = raw_headers.strip()
+        if not isinstance(normalized_raw_headers, str):
+            raise TypeError("normalized headers payload must be a string")
+    except HyperbrowserError:
+        raise
+    except Exception as exc:
+        raise HyperbrowserError(
+            "Failed to normalize HYPERBROWSER_HEADERS",
+            original_error=exc,
+        ) from exc
+    if not normalized_raw_headers:
         return None
     try:
-        parsed_headers = json.loads(raw_headers)
+        parsed_headers = json.loads(normalized_raw_headers)
     except HyperbrowserError:
         raise
     except Exception as exc:

tests/test_config.py

@@ -211,6 +211,58 @@ def test_client_config_rejects_non_string_values():
         ClientConfig(api_key="bad\nkey")
 
 
+def test_client_config_normalize_base_url_wraps_strip_runtime_errors():
+    class _BrokenBaseUrl(str):
+        def strip(self, chars=None):  # type: ignore[override]
+            _ = chars
+            raise RuntimeError("base_url strip exploded")
+
+    with pytest.raises(HyperbrowserError, match="Failed to normalize base_url") as exc_info:
+        ClientConfig.normalize_base_url(_BrokenBaseUrl("https://example.local"))
+
+    assert isinstance(exc_info.value.original_error, RuntimeError)
+
+
+def test_client_config_normalize_base_url_preserves_hyperbrowser_strip_errors():
+    class _BrokenBaseUrl(str):
+        def strip(self, chars=None):  # type: ignore[override]
+            _ = chars
+            raise HyperbrowserError("custom base_url strip failure")
+
+    with pytest.raises(
+        HyperbrowserError, match="custom base_url strip failure"
+    ) as exc_info:
+        ClientConfig.normalize_base_url(_BrokenBaseUrl("https://example.local"))
+
+    assert exc_info.value.original_error is None
+
+
+def test_client_config_normalize_base_url_wraps_non_string_strip_results():
+    class _BrokenBaseUrl(str):
+        def strip(self, chars=None):  # type: ignore[override]
+            _ = chars
+            return object()
+
+    with pytest.raises(HyperbrowserError, match="Failed to normalize base_url") as exc_info:
+        ClientConfig.normalize_base_url(_BrokenBaseUrl("https://example.local"))
+
+    assert isinstance(exc_info.value.original_error, TypeError)
+
+
+def test_client_config_resolve_base_url_from_env_wraps_strip_runtime_errors():
+    class _BrokenBaseUrl(str):
+        def strip(self, chars=None):  # type: ignore[override]
+            _ = chars
+            raise RuntimeError("environment base_url strip exploded")
+
+    with pytest.raises(
+        HyperbrowserError, match="Failed to normalize HYPERBROWSER_BASE_URL"
+    ) as exc_info:
+        ClientConfig.resolve_base_url_from_env(_BrokenBaseUrl("https://example.local"))
+
+    assert isinstance(exc_info.value.original_error, RuntimeError)
+
+
 def test_client_config_wraps_api_key_strip_runtime_errors():
     class _BrokenApiKey(str):
         def strip(self, chars=None):  # type: ignore[override]

tests/test_header_utils.py

@@ -60,6 +60,18 @@ def lower(self):  # type: ignore[override]
         return object()
 
 
+class _BrokenHeadersEnvString(str):
+    def strip(self, chars=None):  # type: ignore[override]
+        _ = chars
+        raise RuntimeError("headers env strip exploded")
+
+
+class _NonStringHeadersEnvStripResult(str):
+    def strip(self, chars=None):  # type: ignore[override]
+        _ = chars
+        return object()
+
+
 def test_normalize_headers_trims_header_names():
     headers = normalize_headers(
         {"  X-Correlation-Id  ": "abc123"},
@@ -192,6 +204,38 @@ def test_parse_headers_env_json_rejects_non_string_input():
         parse_headers_env_json(123)  # type: ignore[arg-type]
 
 
+def test_parse_headers_env_json_wraps_strip_runtime_errors():
+    with pytest.raises(
+        HyperbrowserError, match="Failed to normalize HYPERBROWSER_HEADERS"
+    ) as exc_info:
+        parse_headers_env_json(_BrokenHeadersEnvString('{"X-Trace-Id":"abc123"}'))
+
+    assert isinstance(exc_info.value.original_error, RuntimeError)
+
+
+def test_parse_headers_env_json_preserves_hyperbrowser_strip_errors():
+    class _BrokenHeadersEnvString(str):
+        def strip(self, chars=None):  # type: ignore[override]
+            _ = chars
+            raise HyperbrowserError("custom headers strip failure")
+
+    with pytest.raises(
+        HyperbrowserError, match="custom headers strip failure"
+    ) as exc_info:
+        parse_headers_env_json(_BrokenHeadersEnvString('{"X-Trace-Id":"abc123"}'))
+
+    assert exc_info.value.original_error is None
+
+
+def test_parse_headers_env_json_wraps_non_string_strip_results():
+    with pytest.raises(
+        HyperbrowserError, match="Failed to normalize HYPERBROWSER_HEADERS"
+    ) as exc_info:
+        parse_headers_env_json(_NonStringHeadersEnvStripResult('{"X-Trace-Id":"abc123"}'))
+
+    assert isinstance(exc_info.value.original_error, TypeError)
+
+
 def test_parse_headers_env_json_rejects_invalid_json():
     with pytest.raises(
         HyperbrowserError, match="HYPERBROWSER_HEADERS must be valid JSON object"