feat(security): Enforce blacklist for discussion history files

2026-02-24 22:05:44 -05:00
parent ba02c8ed12
commit 7bed5efe61
3 changed files with 69 additions and 6 deletions
--- a/aggregate.py
+++ b/aggregate.py
@@ -37,14 +37,24 @@ def is_absolute_with_drive(entry: str) -> bool:
 def resolve_paths(base_dir: Path, entry: str) -> list[Path]:
    has_drive = is_absolute_with_drive(entry)
    is_wildcard = "*" in entry
+    
+    matches = []
    if is_wildcard:
        root = Path(entry) if has_drive else base_dir / entry
        matches = [Path(p) for p in glob.glob(str(root), recursive=True) if Path(p).is_file()]
-        return sorted(matches)
    else:
-        if has_drive:
-            return [Path(entry)]
-        return [(base_dir / entry).resolve()]
+        p = Path(entry) if has_drive else (base_dir / entry).resolve()
+        matches = [p]
+        
+    # Blacklist filter
+    filtered = []
+    for p in matches:
+        name = p.name.lower()
+        if name == "history.toml" or name.endswith("_history.toml"):
+            continue
+        filtered.append(p)
+        
+    return sorted(filtered)

 def build_discussion_section(history: list[str]) -> str:
    sections = []