Harden response utility operation-name and key validation

Co-authored-by: Shri Sukhani <shrisukhani@users.noreply.github.com>

Author: cursoragent

hyperbrowser/client/managers/response_utils.py

@@ -4,6 +4,25 @@
 from hyperbrowser.exceptions import HyperbrowserError
 
 T = TypeVar("T")
+_MAX_OPERATION_NAME_DISPLAY_LENGTH = 120
+_TRUNCATED_OPERATION_NAME_SUFFIX = "... (truncated)"
+
+
+def _normalize_operation_name_for_error(operation_name: str) -> str:
+    normalized_name = "".join(
+        "?" if ord(character) < 32 or ord(character) == 127 else character
+        for character in operation_name
+    ).strip()
+    if not normalized_name:
+        return "operation"
+    if len(normalized_name) <= _MAX_OPERATION_NAME_DISPLAY_LENGTH:
+        return normalized_name
+    available_length = _MAX_OPERATION_NAME_DISPLAY_LENGTH - len(
+        _TRUNCATED_OPERATION_NAME_SUFFIX
+    )
+    if available_length <= 0:
+        return _TRUNCATED_OPERATION_NAME_SUFFIX
+    return f"{normalized_name[:available_length]}{_TRUNCATED_OPERATION_NAME_SUFFIX}"
 
 
 def parse_response_model(
@@ -14,23 +33,33 @@ def parse_response_model(
 ) -> T:
     if not isinstance(operation_name, str) or not operation_name.strip():
         raise HyperbrowserError("operation_name must be a non-empty string")
+    normalized_operation_name = _normalize_operation_name_for_error(operation_name)
     if not isinstance(response_data, Mapping):
-        raise HyperbrowserError(f"Expected {operation_name} response to be an object")
+        raise HyperbrowserError(
+            f"Expected {normalized_operation_name} response to be an object"
+        )
     try:
         response_payload = dict(response_data)
     except HyperbrowserError:
         raise
     except Exception as exc:
         raise HyperbrowserError(
-            f"Failed to read {operation_name} response data",
+            f"Failed to read {normalized_operation_name} response data",
             original_error=exc,
         ) from exc
+    for key in response_payload.keys():
+        if isinstance(key, str):
+            continue
+        raise HyperbrowserError(
+            "Expected "
+            f"{normalized_operation_name} response object keys to be strings"
+        )
     try:
         return model(**response_payload)
     except HyperbrowserError:
         raise
     except Exception as exc:
         raise HyperbrowserError(
-            f"Failed to parse {operation_name} response",
+            f"Failed to parse {normalized_operation_name} response",
             original_error=exc,
         ) from exc

tests/test_response_utils.py

@@ -166,6 +166,47 @@ def test_parse_response_model_rejects_non_mapping_payloads():
         )
 
 
+def test_parse_response_model_rejects_non_string_keys():
+    with pytest.raises(
+        HyperbrowserError,
+        match="Expected basic operation response object keys to be strings",
+    ):
+        parse_response_model(
+            {1: True},  # type: ignore[dict-item]
+            model=BasicResponse,
+            operation_name="basic operation",
+        )
+
+
+def test_parse_response_model_sanitizes_operation_name_in_errors():
+    with pytest.raises(
+        HyperbrowserError,
+        match="Expected basic\\?operation response to be an object",
+    ):
+        parse_response_model(
+            ["bad"],  # type: ignore[arg-type]
+            model=BasicResponse,
+            operation_name="basic\toperation",
+        )
+
+
+def test_parse_response_model_truncates_operation_name_in_errors():
+    long_operation_name = "basic operation " + ("x" * 200)
+
+    with pytest.raises(
+        HyperbrowserError,
+        match=(
+            r"Expected basic operation x+\.\.\. \(truncated\) "
+            r"response to be an object"
+        ),
+    ):
+        parse_response_model(
+            ["bad"],  # type: ignore[arg-type]
+            model=BasicResponse,
+            operation_name=long_operation_name,
+        )
+
+
 def test_parse_response_model_wraps_mapping_read_failures():
     with pytest.raises(
         HyperbrowserError,