ti.sil/pr-agent
1
0
Fork 0
mirror of https://github.com/qodo-ai/pr-agent.git synced 2025-12-12 02:45:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Apply repo settings: Disable loading env files as well as merging from other sources (#2077)

Browse source 
* Apply repo settings: Disable loading env files as well as merging from other sources.

* Add warning in case of exception of failed Dynaconf init

* code suggestion

* Missing e
This commit is contained in:
sharoneyal 2025-10-22 08:53:16 +03:00 committed by GitHub
parent 5f8ac3d8cf
commit f2bbf708f2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 21 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
pr_agent/git_providers/utils.py
View file

@ -35,8 +35,28 @@ def apply_repo_settings(pr_url):
try: try:
fd, repo_settings_file = tempfile.mkstemp(suffix='.toml') fd, repo_settings_file = tempfile.mkstemp(suffix='.toml')
os.write(fd, repo_settings) os.write(fd, repo_settings)
new_settings = Dynaconf(settings_files=[repo_settings_file])
try:
new_settings = Dynaconf(settings_files=[repo_settings_file],
# Disable all dynamic loading features
load_dotenv=False, # Don't load .env files
merge_enabled=False, # Don't allow merging from other sources
)
except TypeError as e:
import traceback
# Fallback for older Dynaconf versions that don't support these parameters
get_logger().warning(
"Your Dynaconf version does not support disabled 'load_dotenv'/'merge_enabled' parameters. "
"Loading repo settings without these security features. "
"Please upgrade Dynaconf for better security.",
artifact={"error": e, "traceback": traceback.format_exc()})
new_settings = Dynaconf(settings_files=[repo_settings_file])
for section, contents in new_settings.as_dict().items(): for section, contents in new_settings.as_dict().items():
if not contents:
# Skip excluded items, such as forbidden to load env.
get_logger().debug(f"Skipping a section: {section} which is not allowed")
continue
section_dict = copy.deepcopy(get_settings().as_dict().get(section, {})) section_dict = copy.deepcopy(get_settings().as_dict().get(section, {}))
for key, value in contents.items(): for key, value in contents.items():
section_dict[key] = value section_dict[key] = value