autogen icon indicating copy to clipboard operation
autogen copied to clipboard
verified publisher icon microsoft

[Bug]: Placeholder keys cause false alarms on code-scanning tools

Open afourney opened this issue 1 year ago • 1 comments

Describe the bug

The following lines cause automated code-scanning tools to falsely identify the presence of an API key in the code.

https://github.com/microsoft/autogen/blob/7ceee5dadce85633b9545580cd0e4d765a9ad3e9/test/oai/test_utils.py#L51C4-L58C7

Revise the placeholder to make more obviously fake. E.g.,

    {
        "model": "gpt-35-turbo-v0301",
        "tags": ["gpt-3.5-turbo", "gpt35_turbo"],
        "api_key": "11111222223333344444555556666677",
        "base_url": "https://123456.openai.azure.com",
        "api_type": "azure",
        "api_version": "2024-02-15-preview"
    },

Steps to reproduce

No response

Model Used

No response

Expected Behavior

No response

Screenshots and logs

No response

Additional Information

No response

afourney avatar Jul 23 '24 22:07 afourney

I will do it as a start pr.

Zizo-Vi avatar Jul 24 '24 08:07 Zizo-Vi