Skip to content

Commit f2bbf70

Browse files
sharoneyalsharoneyal
authored
Apply repo settings: Disable loading env files as well as merging from other sources (#2077)
* Apply repo settings: Disable loading env files as well as merging from other sources. * Add warning in case of exception of failed Dynaconf init * code suggestion * Missing e
1 parent 5f8ac3d commit f2bbf70

File tree

1 file changed

+21
-1
lines changed

1 file changed

+21
-1
lines changed

pr_agent/git_providers/utils.py

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,8 +35,28 @@ def apply_repo_settings(pr_url):
3535
try:
3636
fd, repo_settings_file = tempfile.mkstemp(suffix='.toml')
3737
os.write(fd, repo_settings)
38-
new_settings = Dynaconf(settings_files=[repo_settings_file])
38+
39+
try:
40+
new_settings = Dynaconf(settings_files=[repo_settings_file],
41+
# Disable all dynamic loading features
42+
load_dotenv=False, # Don't load .env files
43+
merge_enabled=False, # Don't allow merging from other sources
44+
)
45+
except TypeError as e:
46+
import traceback
47+
# Fallback for older Dynaconf versions that don't support these parameters
48+
get_logger().warning(
49+
"Your Dynaconf version does not support disabled 'load_dotenv'/'merge_enabled' parameters. "
50+
"Loading repo settings without these security features. "
51+
"Please upgrade Dynaconf for better security.",
52+
artifact={"error": e, "traceback": traceback.format_exc()})
53+
new_settings = Dynaconf(settings_files=[repo_settings_file])
54+
3955
for section, contents in new_settings.as_dict().items():
56+
if not contents:
57+
# Skip excluded items, such as forbidden to load env.
58+
get_logger().debug(f"Skipping a section: {section} which is not allowed")
59+
continue
4060
section_dict = copy.deepcopy(get_settings().as_dict().get(section, {}))
4161
for key, value in contents.items():
4262
section_dict[key] = value

0 commit comments

Comments
 (0)