Sanitize upload path display in file input errors

cursoragent · shrisukhani · cursoragent · commit 8073e9466ee8 · 2026-02-14T20:50:58.000Z
Co-authored-by: Shri Sukhani &lt;shrisukhani@users.noreply.github.com&gt;
diff --git a/hyperbrowser/client/managers/session_upload_utils.py b/hyperbrowser/client/managers/session_upload_utils.py
@@ -8,6 +8,25 @@
 
 from ..file_utils import ensure_existing_file_path, open_binary_file
 
+_MAX_FILE_PATH_DISPLAY_LENGTH = 200
+
+
+def _format_upload_path_for_error(raw_file_path: object) -> str:
+    if not is_plain_string(raw_file_path):
+        return "<provided path>"
+    try:
+        normalized_path = "".join(
+            "?" if ord(character) < 32 or ord(character) == 127 else character
+            for character in raw_file_path
+        )
+    except Exception:
+        return "<provided path>"
+    if not is_plain_string(normalized_path):
+        return "<provided path>"
+    if len(normalized_path) <= _MAX_FILE_PATH_DISPLAY_LENGTH:
+        return normalized_path
+    return f"{normalized_path[:_MAX_FILE_PATH_DISPLAY_LENGTH]}..."
+
 
 def normalize_upload_file_input(
     file_input: Union[str, PathLike[str], IO],
@@ -22,10 +41,11 @@ def normalize_upload_file_input(
                 "file_input path is invalid",
                 original_error=exc,
             ) from exc
+        file_path_display = _format_upload_path_for_error(raw_file_path)
         file_path = ensure_existing_file_path(
             raw_file_path,
-            missing_file_message=f"Upload file not found at path: {raw_file_path}",
-            not_file_message=f"Upload file path must point to a file: {raw_file_path}",
+            missing_file_message=f"Upload file not found at path: {file_path_display}",
+            not_file_message=f"Upload file path must point to a file: {file_path_display}",
         )
         return file_path, None
 
diff --git a/tests/test_session_upload_utils.py b/tests/test_session_upload_utils.py
@@ -71,6 +71,34 @@ def __str__(self) -> str:
     assert exc_info.value.original_error is None
 
 
+def test_normalize_upload_file_input_survives_string_subclass_fspath_in_error_messages():
+    class _PathString(str):
+        def __str__(self) -> str:  # type: ignore[override]
+            raise RuntimeError("broken stringify")
+
+    class _PathLike(PathLike[str]):
+        def __fspath__(self) -> str:
+            return _PathString("/tmp/nonexistent-subclass-path-for-upload-utils-test")
+
+    with pytest.raises(
+        HyperbrowserError,
+        match="file_path must resolve to a string path",
+    ) as exc_info:
+        normalize_upload_file_input(_PathLike())
+
+    assert exc_info.value.original_error is None
+
+
+def test_normalize_upload_file_input_rejects_control_character_paths_before_message_validation():
+    with pytest.raises(
+        HyperbrowserError,
+        match="file_path must not contain control characters",
+    ) as exc_info:
+        normalize_upload_file_input("bad\tpath.txt")
+
+    assert exc_info.value.original_error is None
+
+
 def test_normalize_upload_file_input_returns_open_file_like_object():
     file_obj = io.BytesIO(b"content")
 
