fix(security): hoist platform allowlist to module scope as frozenset

2026-04-05 15:06:06 +03:00 · 2026-04-05 15:06:06 +03:00 · 71a4582bf8
commit 71a4582bf8
parent 1ebc932417
1 changed files with 10 additions and 8 deletions
--- a/cron/scheduler.py
+++ b/cron/scheduler.py
@ -13,6 +13,12 @@ import concurrent.futures
 import json
 import logging
 import os
+_KNOWN_DELIVERY_PLATFORMS = frozenset({
+    "telegram", "discord", "slack", "whatsapp", "signal",
+    "matrix", "mattermost", "dingtalk", "feishu", "wecom",
+    "sms", "email", "webhook",
+})
+import subprocess
 import subprocess
 import sys

@ -135,14 +141,10 @@ def _resolve_delivery_target(job: dict) -> Optional[dict]:
            "thread_id": origin.get("thread_id"),
        }

-    _KNOWN_PLATFORMS = {
-            "telegram", "discord", "slack", "whatsapp", "signal",
-            "matrix", "mattermost", "dingtalk", "feishu", "wecom",
-            "sms", "email", "webhook",
-        }
-        if platform_name.lower() not in _KNOWN_PLATFORMS:
-            return None
-        chat_id = os.getenv(f"{platform_name.upper()}_HOME_CHANNEL", "")
+    
+    if platform_name.lower() not in _KNOWN_DELIVERY_PLATFORMS:
+        return None
+    chat_id = os.getenv(f"{platform_name.upper()}_HOME_CHANNEL", "")
    if not chat_id:
        return None