microsoft / autogen

A programming framework for agentic AI 🤖
https://microsoft.github.io/autogen/
Creative Commons Attribution 4.0 International
32.42k stars 4.72k forks source link

[Bug]: Placeholder keys cause false alarms on code-scanning tools #3195

Closed afourney closed 1 month ago

afourney commented 3 months ago

Describe the bug

The following lines cause automated code-scanning tools to falsely identify the presence of an API key in the code.

https://github.com/microsoft/autogen/blob/7ceee5dadce85633b9545580cd0e4d765a9ad3e9/test/oai/test_utils.py#L51C4-L58C7

Revise the placeholder to make more obviously fake. E.g.,

    {
        "model": "gpt-35-turbo-v0301",
        "tags": ["gpt-3.5-turbo", "gpt35_turbo"],
        "api_key": "11111222223333344444555556666677",
        "base_url": "https://123456.openai.azure.com",
        "api_type": "azure",
        "api_version": "2024-02-15-preview"
    },

Steps to reproduce

No response

Model Used

No response

Expected Behavior

No response

Screenshots and logs

No response

Additional Information

No response

wenngong commented 3 months ago

I will do it as a start pr.