Salastil/odysseus
1
0
Fork 0
mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-16 01:35:36 -04:00
Code Issues Packages Projects Releases Wiki Activity

Harden note reminder dispatch ownership (#2999)

Browse Source
This commit is contained in:
Vykos
2026-06-07 12:52:27 +02:00
committed by GitHub
parent 67aeea4f8b
commit 299538ea4e
4 changed files with 264 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/settings_scrub.py
+8
View File
@@ -18,12 +18,20 @@ _SECRET_KEY_PATTERNS = (
"_credential", "_credentials", "_key",
)
_SECRET_KEY_ALLOW = ("google_pse_cx",) # public identifiers, not secrets
_SENSITIVE_KEY_EXACT = (
# A stable global integration id is a capability handle for routes that can
# trigger outbound webhook sends; do not expose it to non-admin settings
# callers even though it is not secret-shaped.
"reminder_webhook_integration_id",
)
def is_secret_key(name: str) -> bool:
n = (name or "").lower()
if n in _SECRET_KEY_ALLOW:
return False
if n in _SENSITIVE_KEY_EXACT:
return True
return any(n.endswith(p) or n == p.lstrip("_") for p in _SECRET_KEY_PATTERNS)