Fix XMLParserBlock list object error

[ntindle]

Need for these changes 💡

The XMLParserBlock was susceptible to crashing with an AttributeError: 'List' object has no attribute 'add_text' when processing malformed XML inputs, such as documents with multiple root elements or stray text outside the root. This PR introduces robust validation to prevent these crashes and provide clear, actionable error messages to users.

Changes 🏗️

• Added a _validate_tokens static method to XMLParserBlock to perform pre-parsing validation on the token stream. This method ensures the XML input has a single root element and no text content outside of it.
• Modified the XMLParserBlock.run method to call _validate_tokens immediately after tokenization and before passing the tokens to gravitasml.Parser.
• Introduced a new test case, test_rejects_text_outside_root, in test_blocks_dos_vulnerability.py to verify that the XMLParserBlock correctly raises a ValueError when encountering XML with text outside the root element.
• Imported Token for type hinting in xml_parser.py.

Checklist 📋

For code changes:

• I have clearly listed my changes in the PR description
• I have made a test plan
• I have tested my changes according to the test plan:
  • Generate Prisma client artifacts (e.g., poetry run prisma generate against a configured DB).
  • Run the targeted pytest command: /home/ubuntu/.local/bin/poetry --directory /workspace/autogpt_platform/backend run pytest backend/blocks/test/test_blocks_dos_vulnerability.py -k xml
  • Confirm that the test_rejects_text_outside_root test passes, asserting that ValueError is raised for invalid XML.
  • Confirm that other relevant XML parsing tests continue to pass.

For configuration changes:

• .env.default is updated or already compatible with my changes
• docker-compose.yml is updated or already compatible with my changes
• I have included a list of my configuration changes in the PR description (under Changes)

---

Linear Issue: OPEN-2835

 

[cursor]

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
_{Learn more about Cursor Agents}

[netlify]

✅ Deploy Preview for auto-gpt-docs-dev canceled.

Name	Link
🔨 Latest commit	6bf2945
🔍 Latest deploy log	https://app.netlify.com/projects/auto-gpt-docs-dev/deploys/692f1ef1f5d524000808a4af

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch cursor/OPEN-2835-fix-xmlparserblock-list-object-error-29c3

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[netlify]

✅ Deploy Preview for auto-gpt-docs canceled.

Name	Link
🔨 Latest commit	6bf2945
🔍 Latest deploy log	https://app.netlify.com/projects/auto-gpt-docs/deploys/692f1ef19ae03d00084f541e

[deepsource-io]

Here's the code health analysis summary for commits 2cb6fd5..6bf2945. View details on DeepSource ↗.

Analysis Summary

Analyzer	Status	Summary	Link
JavaScript	✅ Success		View Check ↗
Python	✅ Success	❗ 1 occurence introduced	View Check ↗

---

💡 If you’re a repository administrator, you can configure the quality gates from the settings.

[AutoGPT-Agent]

Thank you for this well-documented PR addressing the XMLParserBlock crash issue. Your implementation of input validation looks solid and will help prevent the reported error.

Before this can be merged, please complete the testing checklist. You've outlined a good test plan but haven't marked it as completed. Please run through the tests you've specified:

1. Generate Prisma client artifacts
2. Run the targeted pytest command
3. Confirm the new test passes
4. Verify other XML parsing tests continue to pass

Once you've completed these tests, please check the corresponding box in your PR description. The code changes themselves look good, but we need confirmation that they've been properly tested.