Log in
Log in
Log in
Book a Demo
Get Started
610K 441K 7.6K
Back to Repositories

Testing URL Validation Security Controls in AutoGPT

This test suite validates URL handling functionality in AutoGPT by testing the validate_url utility function. It ensures proper validation of various URL formats and blocks potentially dangerous local network addresses while allowing legitimate external domains.

Test Coverage Overview

The test suite provides comprehensive coverage of URL validation scenarios.

Key areas tested include:
  • Rejection of localhost addresses
  • Blocking of internal IP addresses (192.168.x.x)
  • Prevention of loopback addresses (127.0.0.1)
  • Validation of legitimate external domains
  • Support for both domain-only and full HTTP URLs

Implementation Analysis

The testing approach uses pytest’s exception handling capabilities to verify invalid URL scenarios. The implementation follows the Arrange-Act-Assert pattern, with each test case focusing on a specific URL validation rule.

Key patterns include:
  • Using pytest.raises for exception testing
  • Systematic validation of both invalid and valid cases
  • Clear separation of test cases for different URL types

Technical Details

Testing tools and configuration:
  • pytest as the primary testing framework
  • validate_url utility function from backend.util.request
  • Exception handling for ValueError cases
  • Empty allow-list parameter testing

Best Practices Demonstrated

The test suite demonstrates several testing best practices for security-critical functionality.

Notable practices include:
  • Comprehensive negative testing for security cases
  • Clear and focused test cases
  • Consistent test structure
  • Security-first validation approach

significant-gravitas/autogpt

autogpt_platform/backend/test/util/test_request.py

            
import pytest

from backend.util.request import validate_url


def test_validate_url():
    with pytest.raises(ValueError):
        validate_url("localhost", [])

    with pytest.raises(ValueError):
        validate_url("192.168.1.1", [])

    with pytest.raises(ValueError):
        validate_url("127.0.0.1", [])

    with pytest.raises(ValueError):
        validate_url("0.0.0.0", [])

    validate_url("google.com", [])
    validate_url("github.com", [])
    validate_url("http://github.com", [])