shoko c49600cd4d Fix CRITICAL: Telegram bot token exposed in process command line ...

Replace curl subprocess with urllib.request to prevent token leakage via
ps aux / /proc/*/cmdline. Token now stays in process memory only.

Changes:
- Remove subprocess import, add urllib.parse.urlencode and urllib.request
- Replace curl subprocess call with urlopen(Request(...))
- Change env var BOT_TOKEN -> TELEGRAM_BOT_TOKEN (clearer naming)
- Raise RuntimeError on missing env vars, API errors, or network errors
- Add 10s timeout to urlopen

Fixes #4

2026-03-25 10:46:10 +00:00

29 KiB

Raw Blame History

View Raw