cabljac
commented
4 months ago Hi thanks for raising this! You are correct, the API has since fixed this security issue. I will remove the comment.
Closed Zaffer closed 4 months ago
cabljac
commented
4 months ago Hi thanks for raising this! You are correct, the API has since fixed this security issue. I will remove the comment.
storage-label-videos, etc)Steps to reproduce:
Visit this section of the extension code: https://github.com/GoogleCloudPlatform/firebase-extensions/blob/a027bae2a2a7bff0d3ebcd2b118627c121ddde56/firestore-genai-chatbot/functions/src/generative-client/vertex_ai.ts#L103
There is a //TODO comment in the Vertex AI version of the generative client stating the API key get leaked. I have not tested this but it indicates a security with the API being used.
Expected result
No API key leakage comments.
Actual result
Comment indicating API key will be leaked.