fix(core): improve PR #16 with bug fixes and security enhancements

claude · claude · commit 36d1a42e857d · 2025-11-18T16:41:24.000Z
This commit addresses several issues found during PR #16 analysis: 1. Fix cache management bug: Replace `del` with `pop()` to prevent KeyError when processing sequential stop/die events on same container 2. Add explicit security warning: Log warning message when attempting to connect to 'host' network, improving visibility of security blocks 3. Add configuration validation: Validate monitoredLabel and monitoredLabelCondition are not empty at startup to fail fast These changes improve robustness and security of the PR #16 implementation.
diff --git a/config.py b/config.py
@@ -185,6 +185,15 @@ def load_config() -> Config:
         general=config_data["logLevel"]["general"],
         application=config_data["logLevel"]["application"])
 
+    # Validate Traefik configuration
+    if not config_data["traefik"]["monitoredLabel"]:
+        logging.critical("traefik.monitoredLabel cannot be empty. Exiting program.")
+        sys.exit(1)
+
+    if not config_data["traefik"]["monitoredLabelCondition"]:
+        logging.critical("traefik.monitoredLabelCondition cannot be empty. Exiting program.")
+        sys.exit(1)
+
     traefik: TraefikConfig = TraefikConfig(
         containerName=config_data["traefik"]["containerName"],
         monitoredLabel=config_data["traefik"]["monitoredLabel"],
diff --git a/main.py b/main.py
@@ -158,7 +158,9 @@ def connect_traefik_to_network(container):
                     app_logger.debug(f"Adjusted allowed network to {real_network}.")
 
         # Connect Traefik to the network if allowed, or log that it's skipping the connection
-        if (allowed_networks == [''] or net in allowed_networks) and net.lower() != 'host':
+        if net.lower() == 'host':
+            app_logger.warning(f"Skipping connection to 'host' network for security reasons. Container: {container.name}")
+        elif allowed_networks == [''] or net in allowed_networks:
             if net not in traefik_container.attrs["NetworkSettings"]["Networks"]:
                 app_logger.debug(f"Connecting Traefik to network {net}.")
                 network.connect(traefik_container)
@@ -268,14 +270,14 @@ def monitor_events():
                     f"Container {container.name} is being stopped. Attempting to disconnect Traefik from relevant networks."
                 )
                 disconnect_traefik_from_network(container)
-                del container_cache[event["id"]]
+                container_cache.pop(event["id"], None)
 
             elif event["Action"] == "die":
                 app_logger.info(
                     f"Container {container.name} is being killed. Attempting to disconnect Traefik from relevant networks."
                 )
                 disconnect_traefik_from_network(container)
-                del container_cache[event["id"]]
+                container_cache.pop(event["id"], None)
 
 if __name__ == "__main__":
     # Display the version
