Add sniff to detect direct access to AI Connector API keys and give error#1362
Add sniff to detect direct access to AI Connector API keys and give error#1362ishitaj34 wants to merge 2 commits into
Conversation
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message. To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
|
Thanks for the PR, this looks well scoped and the detection matches the issue nicely. One thing I’d suggest tightening before merge: get_option( option: 'connectors_ai_openai_api_key' );
get_network_option( network_id: null, option: 'connectors_ai_grok_api_key' );
get_options( options: array( 'connectors_ai_openai_api_key' ) );should also be flagged. |
What?
Closes #1342
Adds a new
AIConnectorAPIKeySniffto detect direct access to WordPress AI Connector API key options.Why?
WordPress AI Connector API keys are managed by site owners and are intended to be used through the WordPress AI Client. Plugins should not read these keys directly from the options table.
How?
AIConnectorAPIKeySnifffile.PluginCheck/ruleset.xml.Added support for:
get_option()get_site_option()get_network_option()get_options()Added unit tests covering all supported functions.
Testing Instructions
AI Usage Disclosure
If AI tools were used, please describe how they were used: