search

quarkiverse / quarkus-langchain4j

Quarkus Langchain4j extension
https://docs.quarkiverse.io/quarkus-langchain4j/dev/index.html
Apache License 2.0
147 stars 88 forks source link

Security issue using QuarkusTavilyWebSearchEngine #958

Closed lordofthejars closed 1 month ago

lordofthejars commented 1 month ago

Security issue using QuarkusTavilyWebSearchEngine as, by default, it logs the API key:

2024-10-01 23:53:12,259 INFO  [io.qua.lan.tav.QuarkusTavilyWebSearchEngine$TavilyClientLogger] (vert.x-eventloop-thread-2) Request:
- method: POST
- url: https://api.tavily.com/search
- headers: [Accept: application/json], [Content-Type: application/json], [User-Agent: Quarkus REST Client], [content-length: 240]
- body: {"query":"\"flights from Barcelona to Brussels\"","api_key":"API key used

I think it should provide the first 4 chars and the *

@jmartisk

lordofthejars commented 1 month ago

I can provide a PR

jmartisk commented 1 month ago

I can provide a PR

That would be great, thanks :)

jmartisk commented 1 month ago

Interesting, I thought I'd specifically checked the log for it but didn't see it. Maybe I was blind.

lordofthejars commented 1 month ago

I'm working now on this; no worries, I'll send you a PR.

lordofthejars commented 1 month ago

Done :)