From 6cf469c8ac928a779231110a82843886087bee38 Mon Sep 17 00:00:00 2001 From: fjolne Date: Mon, 2 Mar 2026 07:51:53 +0000 Subject: [PATCH] fix: deny root-level files with default deny_globs (#216) --- src/takopi/settings.py | 4 ++-- tests/test_telegram_files.py | 9 +++++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/src/takopi/settings.py b/src/takopi/settings.py index 230876f..13a939a 100644 --- a/src/takopi/settings.py +++ b/src/takopi/settings.py @@ -76,8 +76,8 @@ class TelegramFilesSettings(BaseModel): ".git/**", ".env", ".envrc", - "**/*.pem", - "**/.ssh/**", + "*.pem", + ".ssh/**", ] ) diff --git a/tests/test_telegram_files.py b/tests/test_telegram_files.py index 48a5fae..3a499fc 100644 --- a/tests/test_telegram_files.py +++ b/tests/test_telegram_files.py @@ -6,6 +6,7 @@ from pathlib import Path import pytest +from takopi.settings import TelegramFilesSettings from takopi.telegram import files as tg_files from takopi.telegram.files import ZipTooLargeError, zip_directory @@ -100,6 +101,14 @@ def test_deny_reason_matches_patterns() -> None: assert tg_files.deny_reason(Path("secrets/key.pem"), ["**/*.pem"]) == "**/*.pem" +def test_default_deny_globs_cover_sensitive_paths() -> None: + patterns = TelegramFilesSettings().deny_globs + assert tg_files.deny_reason(Path("key.pem"), patterns) == "*.pem" + assert tg_files.deny_reason(Path(".ssh/id_rsa"), patterns) == ".ssh/**" + assert tg_files.deny_reason(Path("secrets/key.pem"), patterns) == "*.pem" + assert tg_files.deny_reason(Path("configs/.ssh/id_rsa"), patterns) == ".ssh/**" + + def test_format_bytes_various_units() -> None: assert tg_files.format_bytes(0) == "0 b" assert tg_files.format_bytes(1536) == "1.5 kb"