Validate parsed credential and port component types

Co-authored-by: Shri Sukhani <shrisukhani@users.noreply.github.com>

Author: cursoragent

hyperbrowser/config.py

@@ -146,10 +146,18 @@ def normalize_base_url(base_url: str) -> str:
                 "Failed to parse base_url credentials",
                 original_error=exc,
             ) from exc
+        if parsed_base_url_username is not None and not isinstance(
+            parsed_base_url_username, str
+        ):
+            raise HyperbrowserError("base_url parser returned invalid URL components")
+        if parsed_base_url_password is not None and not isinstance(
+            parsed_base_url_password, str
+        ):
+            raise HyperbrowserError("base_url parser returned invalid URL components")
         if parsed_base_url_username is not None or parsed_base_url_password is not None:
             raise HyperbrowserError("base_url must not include user credentials")
         try:
-            parsed_base_url.port
+            parsed_base_url_port = parsed_base_url.port
         except HyperbrowserError:
             raise
         except ValueError as exc:
@@ -162,6 +170,11 @@ def normalize_base_url(base_url: str) -> str:
                 "base_url must contain a valid port number",
                 original_error=exc,
             ) from exc
+        if parsed_base_url_port is not None and (
+            isinstance(parsed_base_url_port, bool)
+            or not isinstance(parsed_base_url_port, int)
+        ):
+            raise HyperbrowserError("base_url parser returned invalid URL components")
 
         decoded_base_path = ClientConfig._decode_url_component_with_limit(
             parsed_base_url.path, component_label="base_url path"

tests/test_config.py

@@ -509,6 +509,81 @@ def port(self) -> int:
         ClientConfig.normalize_base_url("https://example.local")
 
 
+def test_client_config_normalize_base_url_rejects_invalid_username_types(
+    monkeypatch: pytest.MonkeyPatch,
+):
+    class _ParsedURL:
+        scheme = "https"
+        netloc = "example.local"
+        hostname = "example.local"
+        query = ""
+        fragment = ""
+        username = object()
+        password = None
+        path = "/api"
+
+        @property
+        def port(self) -> int:
+            return 443
+
+    monkeypatch.setattr(config_module, "urlparse", lambda _value: _ParsedURL())
+
+    with pytest.raises(
+        HyperbrowserError, match="base_url parser returned invalid URL components"
+    ):
+        ClientConfig.normalize_base_url("https://example.local")
+
+
+def test_client_config_normalize_base_url_rejects_invalid_password_types(
+    monkeypatch: pytest.MonkeyPatch,
+):
+    class _ParsedURL:
+        scheme = "https"
+        netloc = "example.local"
+        hostname = "example.local"
+        query = ""
+        fragment = ""
+        username = None
+        password = object()
+        path = "/api"
+
+        @property
+        def port(self) -> int:
+            return 443
+
+    monkeypatch.setattr(config_module, "urlparse", lambda _value: _ParsedURL())
+
+    with pytest.raises(
+        HyperbrowserError, match="base_url parser returned invalid URL components"
+    ):
+        ClientConfig.normalize_base_url("https://example.local")
+
+
+def test_client_config_normalize_base_url_rejects_invalid_port_types(
+    monkeypatch: pytest.MonkeyPatch,
+):
+    class _ParsedURL:
+        scheme = "https"
+        netloc = "example.local"
+        hostname = "example.local"
+        query = ""
+        fragment = ""
+        username = None
+        password = None
+        path = "/api"
+
+        @property
+        def port(self):
+            return "443"
+
+    monkeypatch.setattr(config_module, "urlparse", lambda _value: _ParsedURL())
+
+    with pytest.raises(
+        HyperbrowserError, match="base_url parser returned invalid URL components"
+    ):
+        ClientConfig.normalize_base_url("https://example.local")
+
+
 def test_client_config_normalize_base_url_wraps_hostname_access_errors(
     monkeypatch: pytest.MonkeyPatch,
 ):