From c2d40734150d8955b885752d55d1d2306b734701 Mon Sep 17 00:00:00 2001
From: Rip&Tear <84775494+theCyberTech@users.noreply.github.com>
Date: Sat, 8 Nov 2025 21:34:00 +0800
Subject: [PATCH] Potential fix for code scanning alert no. 23: Incomplete URL
 substring sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 lib/crewai-tools/tests/tools/stagehand_tool_test.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/lib/crewai-tools/tests/tools/stagehand_tool_test.py b/lib/crewai-tools/tests/tools/stagehand_tool_test.py
index bed0cd311..d2aa5229a 100644
--- a/lib/crewai-tools/tests/tools/stagehand_tool_test.py
+++ b/lib/crewai-tools/tests/tools/stagehand_tool_test.py
@@ -2,7 +2,7 @@ import sys
 from unittest.mock import MagicMock, patch
 
 import pytest
-
+from urllib.parse import urlparse
 
 # Create mock classes that will be used by our fixture
 class MockStagehandModule:
@@ -171,8 +171,13 @@ def test_navigate_command(mock_run, stagehand_tool):
     )
 
     # Assertions
-    assert "https://example.com" in result
-
+    # Extract URL from result string and check its host
+    # Example result: "Successfully navigated to https://example.com"
+    import re
+    url_match = re.search(r'https?://[^\s]+', result)
+    assert url_match is not None
+    parsed = urlparse(url_match.group(0))
+    assert parsed.hostname == "example.com"
 
 @patch(
     "crewai_tools.tools.stagehand_tool.stagehand_tool.StagehandTool._run", autospec=True