fix: make safe_url_for_log public, add SSRF redirect guards to base.py cache helpers

Follow-up to Dusk1e's PR #7120 (Slack send_image redirect guard): - Rename _safe_url_for_log -> safe_url_for_log (drop underscore) since it is now imported cross-module by the Slack adapter - Add _ssrf_redirect_guard httpx event hook to cache_image_from_url() and cache_audio_from_url() in base.py — same pattern as vision_tools and the Slack adapter fix - Update url_safety.py docstring to reflect broader coverage - Add regression tests for image/audio redirect blocking + safe passthrough
2026-04-27 01:11:40 +00:00 · 2026-04-10 05:02:17 -07:00 · 2026-04-10 05:02:17 -07:00 · 7663c98c1e
commit 7663c98c1e
parent 714809634f
5 changed files with 173 additions and 19 deletions
--- a/tests/gateway/test_platform_base.py
+++ b/tests/gateway/test_platform_base.py
@ -8,7 +8,7 @@ from gateway.platforms.base import (
    GATEWAY_SECRET_CAPTURE_UNSUPPORTED_MESSAGE,
    MessageEvent,
    MessageType,
-    _safe_url_for_log,
+    safe_url_for_log,
 )


@ -25,7 +25,7 @@ class TestSafeUrlForLog:
            "https://user:pass@example.com/private/path/image.png"
            "?X-Amz-Signature=supersecret&token=abc#frag"
        )
-        result = _safe_url_for_log(url)
+        result = safe_url_for_log(url)
        assert result == "https://example.com/.../image.png"
        assert "supersecret" not in result
        assert "token=abc" not in result
@ -33,15 +33,15 @@ class TestSafeUrlForLog:

    def test_truncates_long_values(self):
        long_url = "https://example.com/" + ("a" * 300)
-        result = _safe_url_for_log(long_url, max_len=40)
+        result = safe_url_for_log(long_url, max_len=40)
        assert len(result) == 40
        assert result.endswith("...")

    def test_handles_small_and_non_positive_max_len(self):
        url = "https://example.com/very/long/path/file.png?token=secret"
-        assert _safe_url_for_log(url, max_len=3) == "..."
-        assert _safe_url_for_log(url, max_len=2) == ".."
-        assert _safe_url_for_log(url, max_len=0) == ""
+        assert safe_url_for_log(url, max_len=3) == "..."
+        assert safe_url_for_log(url, max_len=2) == ".."
+        assert safe_url_for_log(url, max_len=0) == ""


 # ---------------------------------------------------------------------------