fix(browser): hardening — dead code, caching, scroll perf, security, thread safety

Salvaged from PR #7276 (hardening-only subset; excluded 6 new tools and unrelated scope additions from the contributor's commit). - Remove dead DEFAULT_SESSION_TIMEOUT and unregistered browser_close schema - Fix _camofox_eval wrong call signatures (_ensure_tab, _post args) - Cache _find_agent_browser, _get_command_timeout, _discover_homebrew_node_dirs - Replace 5x subprocess scroll loop with single pixel-arg call - URL-decode before secret exfiltration check (bypass prevention) - Protect _recording_sessions with _cleanup_lock (thread safety) - Return failure on empty stdout instead of silent success - Structure-aware _truncate_snapshot (cut at line boundaries) Follow-up improvements over contributor's original: - Move _EMPTY_OK_COMMANDS to module-level frozenset (avoid per-call allocation) - Fix list+tuple concat in _run_browser_command PATH construction - Update test_browser_homebrew_paths.py for tuple returns and cache fixtures Co-authored-by: kshitijk4poor <82637225+kshitijk4poor@users.noreply.github.com> Closes #7168, closes #7171, closes #7172, closes #7173
2026-04-26 01:01:40 +00:00 · 2026-04-10 13:00:23 -07:00 · 2026-04-10 13:00:23 -07:00 · 37a1c75716
commit 37a1c75716
parent c6e1add6f1
3 changed files with 406 additions and 64 deletions
--- a/tests/tools/test_browser_homebrew_paths.py
+++ b/tests/tools/test_browser_homebrew_paths.py
@ -15,6 +15,19 @@ from tools.browser_tool import (
    _SANE_PATH,
    check_browser_requirements,
 )
+import tools.browser_tool as _bt
+
+
+@pytest.fixture(autouse=True)
+def _clear_browser_caches():
+    """Clear lru_cache and manual caches between tests."""
+    _discover_homebrew_node_dirs.cache_clear()
+    _bt._cached_agent_browser = None
+    _bt._agent_browser_resolved = False
+    yield
+    _discover_homebrew_node_dirs.cache_clear()
+    _bt._cached_agent_browser = None
+    _bt._agent_browser_resolved = False


 class TestSanePath:
@ -38,7 +51,7 @@ class TestDiscoverHomebrewNodeDirs:
    def test_returns_empty_when_no_homebrew(self):
        """Non-macOS systems without /opt/homebrew/opt should return empty."""
        with patch("os.path.isdir", return_value=False):
-            assert _discover_homebrew_node_dirs() == []
+            assert _discover_homebrew_node_dirs() == ()

    def test_finds_versioned_node_dirs(self):
        """Should discover node@20/bin, node@24/bin etc."""
@ -68,13 +81,13 @@ class TestDiscoverHomebrewNodeDirs:
        with patch("os.path.isdir", return_value=True), \
             patch("os.listdir", return_value=["node"]):
            result = _discover_homebrew_node_dirs()
-        assert result == []
+        assert result == ()

    def test_handles_oserror_gracefully(self):
        """Should return empty list if listdir raises OSError."""
        with patch("os.path.isdir", return_value=True), \
             patch("os.listdir", side_effect=OSError("Permission denied")):
-            assert _discover_homebrew_node_dirs() == []
+            assert _discover_homebrew_node_dirs() == ()


 class TestFindAgentBrowser: