fix: Address issues and improve code quality #80
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR improves the security, stability, and maintainability of the WorkArena codebase through several targeted fixes and enhancements.
Security: Remove Hardcoded Password
What changed: Replaced the static password "aStrongPassword!" in src/browsergym/workarena/api/user.py with a secure, random token generated via secrets.token_urlsafe(16).
Why it was an issue: Hardcoding credentials is a critical security flaw that risks unauthorized access if the code is exposed.
Impact: Eliminates this vulnerability by ensuring each new user account receives a unique, cryptographically strong password.
API Stability: Refactor Retry Logic
What changed: Replaced a recursive call in table_api_call within src/browsergym/workarena/api/utils.py with a direct requests.request call for GET operations.
Why it was an issue: Recursive retries risked exceeding Python’s recursion limit and complicated error handling.
Impact: Provides reliable, stack-safe retry logic with predictable error management, improving ServiceNow API interaction stability.
Dependency Management: Playwright Version Pinning
What changed: Added playwright==1.53.0 to requirements.txt.
Why it was an issue: Dependency installation failures (notably with greenlet on Windows + Python 3.13) prevented the project from being installed in some environments.
Impact: Resolves a critical installation blocker, improving setup reliability and developer experience across platforms.
Code Consistency: Black Auto-Formatting
What changed: Applied Black to format the entire codebase.
Why it was an issue: Inconsistent code style increased cognitive load, hindered readability, and risked merge conflicts.
Impact: Enforces a clean, uniform code style, streamlining future development and code reviews.
Overall, these changes strengthen project security, enhance system reliability, and improve maintainability for all contributors.