Wrap header character validation boundary failures

cursoragent · shrisukhani · cursoragent · commit e934581bce00 · 2026-02-14T00:43:01.000Z
Co-authored-by: Shri Sukhani &lt;shrisukhani@users.noreply.github.com&gt;
diff --git a/hyperbrowser/header_utils.py b/hyperbrowser/header_utils.py
@@ -72,17 +72,35 @@ def normalize_headers(
             raise HyperbrowserError(
                 "header names must contain only valid HTTP token characters"
             )
-        if (
-            "\n" in normalized_key
-            or "\r" in normalized_key
-            or "\n" in value
-            or "\r" in value
-        ):
+        try:
+            contains_newline = (
+                "\n" in normalized_key
+                or "\r" in normalized_key
+                or "\n" in value
+                or "\r" in value
+            )
+        except HyperbrowserError:
+            raise
+        except Exception as exc:
+            raise HyperbrowserError(
+                "Failed to validate header characters",
+                original_error=exc,
+            ) from exc
+        if contains_newline:
             raise HyperbrowserError("headers must not contain newline characters")
-        if any(
-            ord(character) < 32 or ord(character) == 127
-            for character in f"{normalized_key}{value}"
-        ):
+        try:
+            contains_control_character = any(
+                ord(character) < 32 or ord(character) == 127
+                for character in f"{normalized_key}{value}"
+            )
+        except HyperbrowserError:
+            raise
+        except Exception as exc:
+            raise HyperbrowserError(
+                "Failed to validate header characters",
+                original_error=exc,
+            ) from exc
+        if contains_control_character:
             raise HyperbrowserError("headers must not contain control characters")
         try:
             canonical_header_name = normalized_key.lower()
diff --git a/tests/test_header_utils.py b/tests/test_header_utils.py
@@ -72,6 +72,17 @@ def strip(self, chars=None):  # type: ignore[override]
         return object()
 
 
+class _BrokenHeaderValueContains(str):
+    def __contains__(self, item):  # type: ignore[override]
+        _ = item
+        raise RuntimeError("header value contains exploded")
+
+
+class _BrokenHeaderValueStringify(str):
+    def __str__(self) -> str:
+        raise RuntimeError("header value stringify exploded")
+
+
 def test_normalize_headers_trims_header_names():
     headers = normalize_headers(
         {"  X-Correlation-Id  ": "abc123"},
@@ -328,6 +339,45 @@ def test_normalize_headers_rejects_control_characters():
         )
 
 
+def test_normalize_headers_wraps_header_character_validation_contains_failures():
+    with pytest.raises(
+        HyperbrowserError, match="Failed to validate header characters"
+    ) as exc_info:
+        normalize_headers(
+            {"X-Trace-Id": _BrokenHeaderValueContains("value")},
+            mapping_error_message="headers must be a mapping of string pairs",
+        )
+
+    assert isinstance(exc_info.value.original_error, RuntimeError)
+
+
+def test_normalize_headers_preserves_header_character_validation_contains_hyperbrowser_failures():
+    class _BrokenHeaderValueContains(str):
+        def __contains__(self, item):  # type: ignore[override]
+            _ = item
+            raise HyperbrowserError("custom contains failure")
+
+    with pytest.raises(HyperbrowserError, match="custom contains failure") as exc_info:
+        normalize_headers(
+            {"X-Trace-Id": _BrokenHeaderValueContains("value")},
+            mapping_error_message="headers must be a mapping of string pairs",
+        )
+
+    assert exc_info.value.original_error is None
+
+
+def test_normalize_headers_wraps_header_character_validation_stringify_failures():
+    with pytest.raises(
+        HyperbrowserError, match="Failed to validate header characters"
+    ) as exc_info:
+        normalize_headers(
+            {"X-Trace-Id": _BrokenHeaderValueStringify("value")},
+            mapping_error_message="headers must be a mapping of string pairs",
+        )
+
+    assert isinstance(exc_info.value.original_error, RuntimeError)
+
+
 def test_parse_headers_env_json_rejects_control_characters():
     with pytest.raises(
         HyperbrowserError, match="headers must not contain control characters"
