Harden URL parsing boundaries in client path builder

Co-authored-by: Shri Sukhani <shrisukhani@users.noreply.github.com>

Author: cursoragent

hyperbrowser/client/base.py

@@ -80,6 +80,50 @@ def __init__(
         self.config = config
         self.transport = transport(config.api_key, headers=config.headers)
 
+    @staticmethod
+    def _parse_url_components(
+        url_value: str, *, component_label: str
+    ) -> tuple[str, str, str, str, str]:
+        try:
+            parsed_url = urlparse(url_value)
+        except HyperbrowserError:
+            raise
+        except Exception as exc:
+            raise HyperbrowserError(
+                f"Failed to parse {component_label}",
+                original_error=exc,
+            ) from exc
+        try:
+            parsed_url_scheme = parsed_url.scheme
+            parsed_url_netloc = parsed_url.netloc
+            parsed_url_path = parsed_url.path
+            parsed_url_query = parsed_url.query
+            parsed_url_fragment = parsed_url.fragment
+        except HyperbrowserError:
+            raise
+        except Exception as exc:
+            raise HyperbrowserError(
+                f"Failed to parse {component_label} components",
+                original_error=exc,
+            ) from exc
+        if (
+            type(parsed_url_scheme) is not str
+            or type(parsed_url_netloc) is not str
+            or type(parsed_url_path) is not str
+            or type(parsed_url_query) is not str
+            or type(parsed_url_fragment) is not str
+        ):
+            raise HyperbrowserError(
+                f"{component_label} parser returned invalid URL components"
+            )
+        return (
+            parsed_url_scheme,
+            parsed_url_netloc,
+            parsed_url_path,
+            parsed_url_query,
+            parsed_url_fragment,
+        )
+
     def _build_url(self, path: str) -> str:
         if not isinstance(path, str):
             raise HyperbrowserError("path must be a string")
@@ -94,10 +138,16 @@ def _build_url(self, path: str) -> str:
             raise HyperbrowserError("path must not contain backslashes")
         if "\n" in stripped_path or "\r" in stripped_path:
             raise HyperbrowserError("path must not contain newline characters")
-        parsed_path = urlparse(stripped_path)
-        if parsed_path.scheme:
+        (
+            parsed_path_scheme,
+            _parsed_path_netloc,
+            _parsed_path_path,
+            parsed_path_query,
+            parsed_path_fragment,
+        ) = self._parse_url_components(stripped_path, component_label="path")
+        if parsed_path_scheme:
             raise HyperbrowserError("path must be a relative API path")
-        if parsed_path.fragment:
+        if parsed_path_fragment:
             raise HyperbrowserError("path must not include URL fragments")
         raw_query_component = (
             stripped_path.split("?", 1)[1] if "?" in stripped_path else ""
@@ -115,17 +165,20 @@ def _build_url(self, path: str) -> str:
             )
         if any(
             character.isspace() or ord(character) < 32 or ord(character) == 127
-            for character in parsed_path.query
+            for character in parsed_path_query
         ):
             raise HyperbrowserError(
                 "path query must not contain unencoded whitespace or control characters"
             )
         normalized_path = f"/{stripped_path.lstrip('/')}"
-        normalized_parts = urlparse(normalized_path)
-        normalized_path_only = normalized_parts.path
-        normalized_query_suffix = (
-            f"?{normalized_parts.query}" if normalized_parts.query else ""
-        )
+        (
+            _normalized_path_scheme,
+            _normalized_path_netloc,
+            normalized_path_only,
+            normalized_path_query,
+            _normalized_path_fragment,
+        ) = self._parse_url_components(normalized_path, component_label="normalized path")
+        normalized_query_suffix = f"?{normalized_path_query}" if normalized_path_query else ""
         decoded_path = ClientConfig._decode_url_component_with_limit(
             normalized_path_only, component_label="path"
         )
@@ -149,8 +202,14 @@ def _build_url(self, path: str) -> str:
         if any(segment in {".", ".."} for segment in normalized_segments):
             raise HyperbrowserError("path must not contain relative path segments")
         normalized_base_url = ClientConfig.normalize_base_url(self.config.base_url)
-        parsed_base_url = urlparse(normalized_base_url)
-        base_has_api_suffix = parsed_base_url.path.rstrip("/").endswith("/api")
+        (
+            _base_url_scheme,
+            _base_url_netloc,
+            parsed_base_url_path,
+            _base_url_query,
+            _base_url_fragment,
+        ) = self._parse_url_components(normalized_base_url, component_label="base_url")
+        base_has_api_suffix = parsed_base_url_path.rstrip("/").endswith("/api")
 
         if normalized_path_only == "/api" or normalized_path_only.startswith("/api/"):
             if base_has_api_suffix:

tests/test_url_building.py

@@ -1,6 +1,7 @@
 import pytest
 from urllib.parse import quote
 
+import hyperbrowser.client.base as client_base_module
 from hyperbrowser import Hyperbrowser
 from hyperbrowser.config import ClientConfig
 from hyperbrowser.exceptions import HyperbrowserError
@@ -392,3 +393,135 @@ def test_client_build_url_normalizes_runtime_trailing_slashes():
         assert client._build_url("/session") == "https://example.local/api/session"
     finally:
         client.close()
+
+
+def test_client_build_url_wraps_path_parse_runtime_errors(
+    monkeypatch: pytest.MonkeyPatch,
+):
+    client = Hyperbrowser(config=ClientConfig(api_key="test-key"))
+    try:
+        def _raise_parse_runtime_error(_value: str):
+            raise RuntimeError("path parse exploded")
+
+        monkeypatch.setattr(client_base_module, "urlparse", _raise_parse_runtime_error)
+
+        with pytest.raises(HyperbrowserError, match="Failed to parse path") as exc_info:
+            client._build_url("/session")
+
+        assert isinstance(exc_info.value.original_error, RuntimeError)
+    finally:
+        client.close()
+
+
+def test_client_build_url_preserves_hyperbrowser_path_parse_errors(
+    monkeypatch: pytest.MonkeyPatch,
+):
+    client = Hyperbrowser(config=ClientConfig(api_key="test-key"))
+    try:
+        def _raise_parse_hyperbrowser_error(_value: str):
+            raise HyperbrowserError("custom path parse failure")
+
+        monkeypatch.setattr(
+            client_base_module,
+            "urlparse",
+            _raise_parse_hyperbrowser_error,
+        )
+
+        with pytest.raises(
+            HyperbrowserError, match="custom path parse failure"
+        ) as exc_info:
+            client._build_url("/session")
+
+        assert exc_info.value.original_error is None
+    finally:
+        client.close()
+
+
+def test_client_build_url_wraps_path_component_access_runtime_errors(
+    monkeypatch: pytest.MonkeyPatch,
+):
+    client = Hyperbrowser(config=ClientConfig(api_key="test-key"))
+    try:
+        class _BrokenParsedPath:
+            @property
+            def scheme(self) -> str:
+                raise RuntimeError("path scheme exploded")
+
+        monkeypatch.setattr(client_base_module, "urlparse", lambda _value: _BrokenParsedPath())
+
+        with pytest.raises(
+            HyperbrowserError, match="Failed to parse path components"
+        ) as exc_info:
+            client._build_url("/session")
+
+        assert isinstance(exc_info.value.original_error, RuntimeError)
+    finally:
+        client.close()
+
+
+def test_client_build_url_rejects_invalid_path_parser_component_types(
+    monkeypatch: pytest.MonkeyPatch,
+):
+    client = Hyperbrowser(config=ClientConfig(api_key="test-key"))
+    try:
+        class _InvalidParsedPath:
+            scheme = object()
+            netloc = ""
+            path = "/session"
+            query = ""
+            fragment = ""
+
+        monkeypatch.setattr(client_base_module, "urlparse", lambda _value: _InvalidParsedPath())
+
+        with pytest.raises(
+            HyperbrowserError, match="path parser returned invalid URL components"
+        ):
+            client._build_url("/session")
+    finally:
+        client.close()
+
+
+def test_client_build_url_wraps_normalized_path_parse_runtime_errors(
+    monkeypatch: pytest.MonkeyPatch,
+):
+    client = Hyperbrowser(config=ClientConfig(api_key="test-key"))
+    try:
+        original_urlparse = client_base_module.urlparse
+
+        def _conditional_urlparse(value: str):
+            if value == "/session":
+                raise RuntimeError("normalized path parse exploded")
+            return original_urlparse(value)
+
+        monkeypatch.setattr(client_base_module, "urlparse", _conditional_urlparse)
+
+        with pytest.raises(
+            HyperbrowserError, match="Failed to parse normalized path"
+        ) as exc_info:
+            client._build_url("session")
+
+        assert isinstance(exc_info.value.original_error, RuntimeError)
+    finally:
+        client.close()
+
+
+def test_client_build_url_wraps_base_url_parse_runtime_errors(
+    monkeypatch: pytest.MonkeyPatch,
+):
+    client = Hyperbrowser(config=ClientConfig(api_key="test-key"))
+    try:
+        original_urlparse = client_base_module.urlparse
+
+        def _conditional_urlparse(value: str):
+            if value == "https://api.hyperbrowser.ai":
+                raise RuntimeError("base_url parse exploded")
+            return original_urlparse(value)
+
+        monkeypatch.setattr(client_base_module, "urlparse", _conditional_urlparse)
+
+        with pytest.raises(HyperbrowserError, match="Failed to parse base_url") as exc_info:
+            client._build_url("/session")
+
+        assert isinstance(exc_info.value.original_error, RuntimeError)
+    finally:
+        client.close()