test(browser): cover guard-inactive + camofox short-circuit paths; fix blank lines

Review follow-up on the private-page action guard:
- Add test_guard_inactive_does_not_block_or_probe: when the SSRF guard is
  inactive (local backend / allow_private_urls), click/type/press must proceed
  WITHOUT probing the page URL. This is the branch most likely to silently
  regress if the guard condition is inverted; a mutation check (flipping the
  condition) confirms the test fails as designed.
- Add test_camofox_short_circuits_before_guard: camofox mode returns from the
  dedicated camofox_* path before the guard runs; guards never consulted.
- Fix PEP8: 3 -> 2 blank lines before _blocked_private_page_action.
This commit is contained in:
kshitijk4poor 2026-07-01 13:46:06 +05:30 committed by kshitij
parent 3e4c138251
commit 83ae65487e
2 changed files with 47 additions and 3 deletions

View file

@ -3139,9 +3139,6 @@ def browser_press(key: str, task_id: Optional[str] = None) -> str:
return json.dumps(_copy_fallback_warning(response, result), ensure_ascii=False)
def _blocked_private_page_action(effective_task_id: str, action: str) -> Optional[str]:
"""Return a blocked payload when an unsafe cloud page would receive input."""
if not _eval_ssrf_guard_active(effective_task_id):