Harden transport request context normalization fallback boundaries

Co-authored-by: Shri Sukhani <shrisukhani@users.noreply.github.com>

Author: cursoragent

hyperbrowser/transport/error_utils.py

@@ -51,12 +51,17 @@ def _safe_to_string(value: Any) -> str:
         normalized_value = str(value)
     except Exception:
         return f"<unstringifiable {type(value).__name__}>"
-    sanitized_value = "".join(
-        "?" if ord(character) < 32 or ord(character) == 127 else character
-        for character in normalized_value
-    )
-    if sanitized_value.strip():
-        return sanitized_value
+    if not isinstance(normalized_value, str):
+        return f"<{type(value).__name__}>"
+    try:
+        sanitized_value = "".join(
+            "?" if ord(character) < 32 or ord(character) == 127 else character
+            for character in normalized_value
+        )
+        if sanitized_value.strip():
+            return sanitized_value
+    except Exception:
+        return f"<{type(value).__name__}>"
     return f"<{type(value).__name__}>"
 
 
@@ -83,18 +88,31 @@ def _normalize_request_method(method: Any) -> str:
             raw_method = str(raw_method)
         except Exception:
             return "UNKNOWN"
-    if not isinstance(raw_method, str) or not raw_method.strip():
+    try:
+        if not isinstance(raw_method, str):
+            return "UNKNOWN"
+        stripped_method = raw_method.strip()
+        if not isinstance(stripped_method, str) or not stripped_method:
+            return "UNKNOWN"
+        normalized_method = stripped_method.upper()
+        if not isinstance(normalized_method, str):
+            return "UNKNOWN"
+        lowered_method = normalized_method.lower()
+        if not isinstance(lowered_method, str):
+            return "UNKNOWN"
+    except Exception:
         return "UNKNOWN"
-    normalized_method = raw_method.strip().upper()
-    lowered_method = normalized_method.lower()
     if (
         lowered_method in _INVALID_METHOD_SENTINELS
         or _NUMERIC_LIKE_METHOD_PATTERN.fullmatch(normalized_method)
     ):
         return "UNKNOWN"
-    if len(normalized_method) > _MAX_REQUEST_METHOD_LENGTH:
-        return "UNKNOWN"
-    if not _HTTP_METHOD_TOKEN_PATTERN.fullmatch(normalized_method):
+    try:
+        if len(normalized_method) > _MAX_REQUEST_METHOD_LENGTH:
+            return "UNKNOWN"
+        if not _HTTP_METHOD_TOKEN_PATTERN.fullmatch(normalized_method):
+            return "UNKNOWN"
+    except Exception:
         return "UNKNOWN"
     return normalized_method
 
@@ -116,22 +134,31 @@ def _normalize_request_url(url: Any) -> str:
         except Exception:
             return "unknown URL"
 
-    normalized_url = raw_url.strip()
-    if not normalized_url:
+    try:
+        normalized_url = raw_url.strip()
+        if not isinstance(normalized_url, str) or not normalized_url:
+            return "unknown URL"
+        lowered_url = normalized_url.lower()
+        if not isinstance(lowered_url, str):
+            return "unknown URL"
+    except Exception:
         return "unknown URL"
-    lowered_url = normalized_url.lower()
     if lowered_url in _INVALID_URL_SENTINELS or _NUMERIC_LIKE_URL_PATTERN.fullmatch(
         normalized_url
     ):
         return "unknown URL"
-    if any(character.isspace() for character in normalized_url):
-        return "unknown URL"
-    if any(
-        ord(character) < 32 or ord(character) == 127 for character in normalized_url
-    ):
+    try:
+        if any(character.isspace() for character in normalized_url):
+            return "unknown URL"
+        if any(
+            ord(character) < 32 or ord(character) == 127
+            for character in normalized_url
+        ):
+            return "unknown URL"
+        if len(normalized_url) > _MAX_REQUEST_URL_DISPLAY_LENGTH:
+            return f"{normalized_url[:_MAX_REQUEST_URL_DISPLAY_LENGTH]}... (truncated)"
+    except Exception:
         return "unknown URL"
-    if len(normalized_url) > _MAX_REQUEST_URL_DISPLAY_LENGTH:
-        return f"{normalized_url[:_MAX_REQUEST_URL_DISPLAY_LENGTH]}... (truncated)"
     return normalized_url
 
 

tests/test_transport_error_utils.py

@@ -205,6 +205,66 @@ def __str__(self) -> str:
         return "broken-slice-error-list"
 
 
+class _BrokenStripMethod(str):
+    def strip(self, chars=None):  # type: ignore[override]
+        _ = chars
+        raise RuntimeError("method strip exploded")
+
+
+class _BrokenUpperMethod(str):
+    def strip(self, chars=None):  # type: ignore[override]
+        _ = chars
+        return self
+
+    def upper(self):  # type: ignore[override]
+        raise RuntimeError("method upper exploded")
+
+
+class _BrokenMethodLength(str):
+    def strip(self, chars=None):  # type: ignore[override]
+        _ = chars
+        return self
+
+    def __len__(self):
+        raise RuntimeError("method length exploded")
+
+
+class _BrokenStripUrl(str):
+    def strip(self, chars=None):  # type: ignore[override]
+        _ = chars
+        raise RuntimeError("url strip exploded")
+
+
+class _BrokenLowerUrl(str):
+    def strip(self, chars=None):  # type: ignore[override]
+        _ = chars
+        return self
+
+    def lower(self):  # type: ignore[override]
+        raise RuntimeError("url lower exploded")
+
+
+class _BrokenUrlIteration(str):
+    def strip(self, chars=None):  # type: ignore[override]
+        _ = chars
+        return self
+
+    def lower(self):  # type: ignore[override]
+        return "https://example.com/path"
+
+    def __iter__(self):
+        raise RuntimeError("url iteration exploded")
+
+
+class _StringifiesToBrokenSubclass:
+    class _BrokenString(str):
+        def __iter__(self):
+            raise RuntimeError("fallback string iteration exploded")
+
+    def __str__(self) -> str:
+        return self._BrokenString("broken\tfallback\nvalue")
+
+
 def test_extract_request_error_context_uses_unknown_when_request_unset():
     method, url = extract_request_error_context(httpx.RequestError("network down"))
 
@@ -663,6 +723,60 @@ def test_format_generic_request_failure_message_supports_memoryview_method_value
     assert message == "Request PATCH https://example.com/path failed"
 
 
+def test_format_generic_request_failure_message_normalizes_method_strip_failures():
+    message = format_generic_request_failure_message(
+        method=_BrokenStripMethod("get"),
+        url="https://example.com/path",
+    )
+
+    assert message == "Request UNKNOWN https://example.com/path failed"
+
+
+def test_format_generic_request_failure_message_normalizes_method_upper_failures():
+    message = format_generic_request_failure_message(
+        method=_BrokenUpperMethod("get"),
+        url="https://example.com/path",
+    )
+
+    assert message == "Request UNKNOWN https://example.com/path failed"
+
+
+def test_format_generic_request_failure_message_normalizes_method_length_failures():
+    message = format_generic_request_failure_message(
+        method=_BrokenMethodLength("get"),
+        url="https://example.com/path",
+    )
+
+    assert message == "Request UNKNOWN https://example.com/path failed"
+
+
+def test_format_generic_request_failure_message_normalizes_url_strip_failures():
+    message = format_generic_request_failure_message(
+        method="GET",
+        url=_BrokenStripUrl("https://example.com/path"),
+    )
+
+    assert message == "Request GET unknown URL failed"
+
+
+def test_format_generic_request_failure_message_normalizes_url_lower_failures():
+    message = format_generic_request_failure_message(
+        method="GET",
+        url=_BrokenLowerUrl("https://example.com/path"),
+    )
+
+    assert message == "Request GET unknown URL failed"
+
+
+def test_format_generic_request_failure_message_normalizes_url_iteration_failures():
+    message = format_generic_request_failure_message(
+        method="GET",
+        url=_BrokenUrlIteration("https://example.com/path"),
+    )
+
+    assert message == "Request GET unknown URL failed"
+
+
 def test_format_request_failure_message_truncates_very_long_fallback_urls():
     very_long_url = "https://example.com/" + ("a" * 1200)
     message = format_request_failure_message(
@@ -801,6 +915,15 @@ def test_extract_error_message_sanitizes_control_characters_in_fallback_error_te
     assert message == "bad?fallback?text"
 
 
+def test_extract_error_message_handles_fallback_errors_with_broken_string_subclasses():
+    message = extract_error_message(
+        _DummyResponse("   ", text="   "),
+        _StringifiesToBrokenSubclass(),
+    )
+
+    assert message == "<_StringifiesToBrokenSubclass>"
+
+
 def test_extract_error_message_sanitizes_control_characters_in_json_message():
     message = extract_error_message(
         _DummyResponse({"message": "bad\tjson\nmessage"}),