From 5df9698baee2d954708a3bf9deb266a5b4548071 Mon Sep 17 00:00:00 2001
From: mrT23 <tal.r@codium.ai>
Date: Mon, 30 Dec 2024 13:57:55 +0200
Subject: [PATCH] fix: restrict sensitive configuration parameters in CLI
 arguments

---
 pr_agent/agent/pr_agent.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pr_agent/agent/pr_agent.py b/pr_agent/agent/pr_agent.py
index 2ea72077..51c939db 100644
--- a/pr_agent/agent/pr_agent.py
+++ b/pr_agent/agent/pr_agent.py
@@ -46,7 +46,6 @@ commands = list(command2class.keys())
 class PRAgent:
     def __init__(self, ai_handler: partial[BaseAiHandler,] = LiteLLMAIHandler):
         self.ai_handler = ai_handler  # will be initialized in run_action
-        self.forbidden_cli_args = ['enable_auto_approval']
 
     async def handle_request(self, pr_url, request, notify=None) -> bool:
         # First, apply repo specific settings if exists
@@ -61,8 +60,11 @@ class PRAgent:
         else:
             action, *args = request
 
+        forbidden_cli_args = ['enable_auto_approval', 'base_url', 'url', 'app_name', 'secret_provider',
+                              'git_provider', 'skip_keys', 'key', 'ANALYTICS_FOLDER', 'uri', 'app_id', 'webhook_secret',
+                              'bearer_token', 'PERSONAL_ACCESS_TOKEN', 'override_deployment_type', 'private_key']
         if args:
-            for forbidden_arg in self.forbidden_cli_args:
+            for forbidden_arg in forbidden_cli_args:
                 for arg in args:
                     if forbidden_arg in arg:
                         get_logger().error(