Add comment explaining each guard in validate_source_url

rounak610 · claude · rounak610 · commit 4357ee9e4b2d · 2026-06-10T13:34:27.000+05:30
Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/lib/browserstack/fetch_download_source_url.rb b/lib/browserstack/fetch_download_source_url.rb
@@ -11,6 +11,11 @@ module FetchDownloadSourceUrl
     ALLOWED_DOWNLOAD_HOSTS = ['browserstack.com'].freeze
     ALLOWED_DOWNLOAD_HOST_SUFFIXES = ['.browserstack.com'].freeze
 
+    # Each guard below covers a case the final host-equals check does not:
+    #   - nil/empty URL: URI.parse(nil) raises TypeError before the rescue can catch it.
+    #   - URI::InvalidURIError: convert raw Ruby error into BrowserStack::LocalException for the public contract.
+    #   - HTTPS check: allowlist matches host only; without this, http://browserstack.com would pass.
+    #   - nil/empty host: uri.host is nil for URIs like https:///foo, which would crash on downcase.
     def self.validate_source_url(url)
       if url.nil? || url.to_s.empty?
         raise BrowserStack::LocalException.new('Refusing binary download: empty source URL')
