From 6313b9c25f30c01117540820f58986b6ebeb4896 Mon Sep 17 00:00:00 2001 From: Chuck Date: Sun, 24 May 2026 14:31:00 -0400 Subject: [PATCH] fix(wifi): strict bool parsing for force; nosec annotation parity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - api_v3.py: replace bool(...) coercion for force with strict check — only actual boolean True or strings "true"/"1" (case-insensitive) pass; "false", integers, and other strings are treated as False so the Ethernet/WiFi guards and _FORCE_AP_FLAG_PATH cannot be bypassed by accident - wifi_manager.py: add nosec B108 annotation to _IP_FORWARD_SAVE_PATH to match the identical annotation already on _FORCE_AP_FLAG_PATH Co-Authored-By: Claude Sonnet 4.6 --- src/wifi_manager.py | 2 +- web_interface/blueprints/api_v3.py | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/wifi_manager.py b/src/wifi_manager.py index d8b5cfa2..a385b7a1 100644 --- a/src/wifi_manager.py +++ b/src/wifi_manager.py @@ -694,7 +694,7 @@ class WiFiManager: # Helpers # --------------------------------------------------------------------------- - _IP_FORWARD_SAVE_PATH = Path("/tmp/ledmatrix_ip_forward_saved") + _IP_FORWARD_SAVE_PATH = Path("/tmp/ledmatrix_ip_forward_saved") # nosec B108 - process-specific named file; device is single-user RPi # Written when AP mode is manually force-enabled; prevents daemon auto-disable _FORCE_AP_FLAG_PATH = Path("/tmp/ledmatrix_force_ap_active") # nosec B108 - process-specific named file; device is single-user RPi diff --git a/web_interface/blueprints/api_v3.py b/web_interface/blueprints/api_v3.py index 5627313a..d434afc2 100644 --- a/web_interface/blueprints/api_v3.py +++ b/web_interface/blueprints/api_v3.py @@ -6680,7 +6680,8 @@ def enable_ap_mode(): from src.wifi_manager import WiFiManager wifi_manager = WiFiManager() - force = bool((request.get_json(silent=True) or {}).get('force', False)) + _force_raw = (request.get_json(silent=True) or {}).get('force', False) + force = _force_raw is True or (isinstance(_force_raw, str) and _force_raw.lower() in ('true', '1')) success, message = wifi_manager.enable_ap_mode(force=force) if success: