Skip to content

test: add Python SDK unit tests for input_processor (SSRF, URL validation)#1139

Merged
homanp merged 1 commit into
superagent-ai:mainfrom
frankentini:add-python-input-processor-tests
Mar 23, 2026
Merged

test: add Python SDK unit tests for input_processor (SSRF, URL validation)#1139
homanp merged 1 commit into
superagent-ai:mainfrom
frankentini:add-python-input-processor-tests

Conversation

@frankentini
Copy link
Copy Markdown
Contributor

@frankentini frankentini commented Mar 21, 2026

Problem

The TypeScript SDK has comprehensive SSRF protection tests (ssrf-protection.test.ts) but the Python SDK's input_processor.py module has no dedicated unit tests. This module handles URL validation, private IP blocking, content type detection, and input routing -- all security-critical functionality.

Solution

Add test_input_processor.py with 30+ mock-based unit tests covering:

  • URL detection -- _is_url_string for http/https/plain text/empty strings
  • MIME type helpers -- image, text, and PDF type detection; URL extension inference
  • SSRF protection -- private IP ranges (10.x, 172.16.x, 192.168.x, 169.254.x), localhost blocking, DNS rebind protection via mocked gethostbyname
  • URL validation -- protocol restrictions (file://, ftp://), length limits, localhost/private IP rejection
  • Vision model detection -- OpenAI, Anthropic, Google vision-capable models vs non-vision models
  • process_input integration -- plain text passthrough, URL delegation, bytes detection (PDF magic bytes, PNG/JPEG headers, text fallback)

All network calls are mocked (unittest.mock), so tests run fully offline.

Testing

Tests use pytest + pytest-asyncio with the project's existing asyncio_mode = "auto" config. No new dependencies required.

Partially addresses #1111

@frankentini
test: add Python SDK unit tests for input_processor (SSRF, URL valida…
5a0599c 
…tion)

Add comprehensive mock-based unit tests for the Python SDK's
input_processor module, covering:

- URL string detection (_is_url_string)
- MIME type helper functions (image, text, PDF detection)
- MIME type inference from URL extensions
- Private IP / SSRF protection (_is_private_ip, _validate_url)
- Vision model detection (is_vision_model)
- process_input integration tests with mocked network calls

These tests mirror the TypeScript SDK's ssrf-protection.test.ts
coverage. All network calls are mocked so tests run fully offline.

Addresses superagent-ai#1111
@vercel
Copy link
Copy Markdown

vercel Bot commented Mar 21, 2026

@frankentini is attempting to deploy a commit to the Superagent Team on Vercel.

A member of the Team first needs to authorize it.

@homanp
Copy link
Copy Markdown
Collaborator

homanp commented Mar 21, 2026

@frankentini thanks for the PR, is it ready?!

@homanp homanp marked this pull request as ready for review March 21, 2026 09:55
@homanp homanp merged commit e4a733a into superagent-ai:main Mar 23, 2026
3 of 5 checks passed
@homanp homanp self-assigned this Mar 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@homanp homanp

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@frankentini @homanp