Skip to content

Warn if api_key in Config #1049

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
erickgalinkin merged 7 commits into from
Jan 7, 2025
Merged

Warn if api_key in Config #1049

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
a7fbe6c
Look for the presence of `api_key` as a key when loading config files…
erickgalinkin Dec 20, 2024
8da4fe2
Remove warning exception, check recursively.
erickgalinkin Dec 20, 2024
68d123b
Remove import
erickgalinkin Dec 20, 2024
e1ca672
Additional, minor improvements. Use `command.hint`, clarify message.
erickgalinkin Jan 2, 2025
f02d735
Add expansion for lists
erickgalinkin Jan 6, 2025
5013642
Remove circular dependency
erickgalinkin Jan 6, 2025
da78594
Add alternative warning message for Windows users. Add unit test in t…
erickgalinkin Jan 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 31 additions & 1 deletion garak/_config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,13 @@

# logging should be set up before config is loaded

import platform
from collections import defaultdict
from dataclasses import dataclass
import importlib
import logging
import os
import stat
import pathlib
from typing import List
import yaml
Expand Down Expand Up @@ -116,13 +118,25 @@ def _nested_dict():
# generator, probe, detector, buff = {}, {}, {}, {}


def _key_exists(d: dict, key: str) -> bool:
# Check for the presence of a key in a nested dict.
if not isinstance(d, dict) and not isinstance(d, list):
return False
if isinstance(d, list):
return any([_key_exists(item, key) for item in d])
if isinstance(d, dict) and key in d.keys():
return True
else:
return any([_key_exists(val, key) for val in d.values()])


def _set_settings(config_obj, settings_obj: dict):
for k, v in settings_obj.items():
setattr(config_obj, k, v)
return config_obj


def _combine_into(d: dict, combined: dict) -> None:
def _combine_into(d: dict, combined: dict) -> dict:
if d is None:
return combined
for k, v in d.items():
Expand All @@ -141,6 +155,22 @@ def _load_yaml_config(settings_filenames) -> dict:
with open(settings_filename, encoding="utf-8") as settings_file:
settings = yaml.safe_load(settings_file)
if settings is not None:
if _key_exists(settings, "api_key"):
if platform.system() == "Windows":
msg = (f"A possibly secret value (`api_key`) was detected in {settings_filename}. "
f"We recommend removing potentially sensitive values from config files or "
f"ensuring the file is readable only by you.")
logging.warning(msg)
print(f"⚠️ {msg}")
else:
logging.info(f"API key found in {settings_filename}. Checking readability...")
res = os.stat(settings_filename)
if res.st_mode & stat.S_IROTH or res.st_mode & stat.S_IRGRP:
msg = (f"A possibly secret value (`api_key`) was detected in {settings_filename}, "
f"which is readable by users other than yourself. "
f"Consider changing permissions on this file to only be readable by you.")
logging.warning(msg)
print(f"⚠️ {msg}")
config = _combine_into(settings, config)
return config

Expand Down
7 changes: 7 additions & 0 deletions tests/test_config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -826,3 +826,10 @@ async def main():
"/", headers={"User-Agent": AGENT_TEST}
).respond_with_data("")
asyncio.run(main())


def test_api_key_in_config():
importlib.reload(_config)

_config.plugins.generators["a"]["b"]["c"]["api_key"] = "something"
assert _config._key_exists(_config.plugins.generators, "api_key")
Loading