From 2c2af93eedeaadcbe7221b632964331cd4cf38ec Mon Sep 17 00:00:00 2001
From: mrT23 <tal.r@codium.ai>
Date: Wed, 1 Jan 2025 15:19:27 +0200
Subject: [PATCH] fix: improve CLI argument validation for sensitive parameters

---
 pr_agent/agent/pr_agent.py | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/pr_agent/agent/pr_agent.py b/pr_agent/agent/pr_agent.py
index 1678978d..72e59470 100644
--- a/pr_agent/agent/pr_agent.py
+++ b/pr_agent/agent/pr_agent.py
@@ -64,13 +64,17 @@ class PRAgent:
                               'git_provider', 'skip_keys', 'key', 'ANALYTICS_FOLDER', 'uri', 'app_id', 'webhook_secret',
                               'bearer_token', 'PERSONAL_ACCESS_TOKEN', 'override_deployment_type', 'private_key', 'api_base', 'api_type', 'api_version']
         if args:
-            for forbidden_arg in forbidden_cli_args:
-                for arg in args:
-                    if forbidden_arg.lower() in arg.lower():
-                        get_logger().error(
-                            f"CLI argument for param '{forbidden_arg}' is forbidden. Use instead a configuration file."
-                        )
-                        return False
+            for arg in args:
+                if arg.startswith('--'):
+                    for forbidden_arg in forbidden_cli_args:
+                        forbidden_arg_word = forbidden_arg.lower()
+                        if '.' not in forbidden_arg_word:
+                            forbidden_arg_word = '.' + forbidden_arg_word
+                        if forbidden_arg_word in arg.lower():
+                            get_logger().error(
+                                f"CLI argument for param '{forbidden_arg}' is forbidden. Use instead a configuration file."
+                            )
+                            return False
         args = update_settings_from_args(args)
 
         action = action.lstrip("/").lower()