style: automated autofixes from CodeQL workflow#794
style: automated autofixes from CodeQL workflow#794github-actions[bot] wants to merge 52 commits into
Conversation
Extends the AISafetyMiddleware integration in shared/ai_runner.py to validate the model's reply through validate_output() before returning it. Responses containing secret patterns or dangerous-code markers now raise RuntimeError. The output risk level is surfaced in the returned metadata dict under the "output_risk" key. Six new tests in TestRunChatOnceOutputSafety cover all paths: blocked dangerous code, blocked secret pattern, clean pass-through, metadata presence, risk level value, and error message content. All 32 tests in test_ai_runner.py pass. AI-Generated: true
… jobs Replace placeholder Node.js config with a fully structured CircleCI 2.1 pipeline for this Python project: - Switch executor from cimg/node:24.0-browsers to cimg/python:3.11 - Add pip dependency cache keyed on requirements-dev.txt + requirements.txt (critical for heavy deps: torch, azure-*, gradio) - Add pre-commit hook cache keyed on .pre-commit-config.yaml - Split work into four parallel jobs: lint, type-check, pre-commit, unit-test - unit-test uses parallelism:2 with circleci tests split --split-by=timings - Store JUnit XML via store_test_results (enables test insights / retry failed) - Store coverage XML as artifacts - Fan-in ci-gate job for branch-protection status checks - Shared executor and reusable commands (DRY, consistent env vars) AI-Generated: true
…error The Merge and continue step reads .circleci/cci-agent-setup.yml as the customer job YAML. The file was empty, causing YAML to parse as null (not an object), which failed with "Invalid customer job YAML: root is not an object". Added a valid version 2.1 config with the test job matching config.yml. AI-Generated: true
…nt-setup.yml The setup-workflow (7346b1cd) failed at the "Merge and continue" step with: "Invalid customer job YAML: root is not an object" Root cause: .circleci/cci-agent-setup.yml was 0 bytes. The Chunk agent parses this file as customer YAML and merges it with its generated config; an empty file parses as YAML null (not an object), crashing the merge. Also add a workflows section to config.yml so that webhook-triggered pipelines (which use config.yml directly, bypassing the agent setup) no longer fail with "There are no workflows or build jobs in the config." AI-Generated: true
…, add URL scheme validation, suppress safe uses with noqa - Replace MD5 with SHA256 in apps/aria/server.py and shared/performance_utils.py (CWE-327) - Add URL scheme validation (http/https only) to core/agents/tool_agent.py, core/ingestion/pipeline.py, core/notifications.py, app.py, LMSTUDIO_AGI_INTEGRATION_IMPL.py - Suppress exec() in tool_executor.py with safety comment (RestrictedPython sandboxing) - Suppress trusted pickle loads in deploy_quantum_models_azure.py (path-validated) - Add noqa: S310 to urlopen calls with local/config-driven endpoints in chat_providers.py, data_augmenter.py, metrics_logger.py, train_lora.py, and scripts - Add noqa: S311 for non-cryptographic random usage in data_augmenter.py, quantum_mcp_server.py, serve.py, and server.py
…n-crypto position key Code review feedback: using sha256()[:4] defeats the purpose of SHA256. For non-cryptographic deterministic positioning, Python's built-in hash() is appropriate.
Copilot/make it pass actions
[WIP] Fix import error in token_utils for count_tokens and estimate_tokens
ci: optimize CircleCI config with Python image, caching, and parallel…
…ty-yaml Chunk/fix cci agent setup empty yaml
Signed-off-by: Bryan <74067792+Bryan-Roe@users.noreply.github.com>
style: apply automated autofixes (ruff / prettier / clang-format)
Signed-off-by: Bryan <74067792+Bryan-Roe@users.noreply.github.com>
…1008 style: apply automated autofixes (ruff / prettier / clang-format)
Advanced squirrel
Signed-off-by: Bryan <74067792+Bryan-Roe@users.noreply.github.com>
Update codeql.yml
| resp = self.client.chat.completions.create( | ||
| model=self.model, | ||
| messages=normalized_messages, | ||
| temperature=self.temperature, | ||
| max_tokens=self.max_output_tokens, | ||
| stream=stream, | ||
| ) |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
Possibly found usage of AI: OpenAI
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by detect-openai.
You can view more details about this finding in the Semgrep AppSec Platform.
| resolved_key = api_key or os.getenv("GROQ_API_KEY") | ||
| if not resolved_key: | ||
| raise RuntimeError("Groq provider requires GROQ_API_KEY to be set.") | ||
| self.client = OpenAI(base_url=base_url, api_key=resolved_key) |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
Possibly found usage of AI: OpenAI
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by detect-openai.
You can view more details about this finding in the Semgrep AppSec Platform.
|
|
||
| with open(pca_path, "rb") as f: | ||
| pca = pickle.load(f) | ||
| pca = pickle.load(f) # noqa: S301 |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
The application was found using pickle which is vulnerable to deserialization attacks.
Deserialization attacks exploit the process of reading serialized data and turning it back
into an object. By constructing malicious objects and serializing them, an adversary may
attempt to:
- Inject code that is executed upon object construction, which occurs during the
deserialization process. - Exploit mass assignment by including fields that are not normally a part of the serialized
data but are read in during deserialization.
Consider safer alternatives such as serializing data in the JSON format. Ensure any format
chosen allows the application to specify exactly which object types are allowed to be deserialized.
To protect against mass assignment, only allow deserialization of the specific fields that are
required. If this is not easily done, consider creating an intermediary type that
can be serialized with only the necessary fields exposed.
Example JSON deserializer using an intermediary type that is validated against a schema to ensure
it is safe from mass assignment:
import jsonschema
# Create a schema to validate our user-supplied input against
# an intermediary object
intermediary_schema = {
"type" : "object",
"properties" : {
"name": {"type" : "string"}
},
"required": ["name"],
# Protect against random properties being added to the object
"additionalProperties": False,
}
# If a user attempted to add "'is_admin': True" it would cause a validation error
intermediary_object = {'name': 'test user'}
try:
# Validate the user supplied intermediary object against our schema
jsonschema.validate(instance=intermediary_object, schema=intermediary_schema)
user_object = {'user':
{
# Assign the deserialized data from intermediary object
'name': intermediary_object['name'],
# Add in protected data in object definition (or set it from a class constructor)
'is_admin': False,
}
}
# Work with the user_object
except jsonschema.exceptions.ValidationError as ex:
# Gracefully handle validation errors
# ...
For more details on deserialization attacks in general, see OWASP's guide:
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by B301-1.
You can view more details about this finding in the Semgrep AppSec Platform.
| # Path traversal is prevented above; loading from the trusted results directory only. | ||
| with open(scaler_path, "rb") as f: | ||
| scaler = pickle.load(f) | ||
| scaler = pickle.load(f) # noqa: S301 |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
The application was found using pickle which is vulnerable to deserialization attacks.
Deserialization attacks exploit the process of reading serialized data and turning it back
into an object. By constructing malicious objects and serializing them, an adversary may
attempt to:
- Inject code that is executed upon object construction, which occurs during the
deserialization process. - Exploit mass assignment by including fields that are not normally a part of the serialized
data but are read in during deserialization.
Consider safer alternatives such as serializing data in the JSON format. Ensure any format
chosen allows the application to specify exactly which object types are allowed to be deserialized.
To protect against mass assignment, only allow deserialization of the specific fields that are
required. If this is not easily done, consider creating an intermediary type that
can be serialized with only the necessary fields exposed.
Example JSON deserializer using an intermediary type that is validated against a schema to ensure
it is safe from mass assignment:
import jsonschema
# Create a schema to validate our user-supplied input against
# an intermediary object
intermediary_schema = {
"type" : "object",
"properties" : {
"name": {"type" : "string"}
},
"required": ["name"],
# Protect against random properties being added to the object
"additionalProperties": False,
}
# If a user attempted to add "'is_admin': True" it would cause a validation error
intermediary_object = {'name': 'test user'}
try:
# Validate the user supplied intermediary object against our schema
jsonschema.validate(instance=intermediary_object, schema=intermediary_schema)
user_object = {'user':
{
# Assign the deserialized data from intermediary object
'name': intermediary_object['name'],
# Add in protected data in object definition (or set it from a class constructor)
'is_admin': False,
}
}
# Work with the user_object
except jsonschema.exceptions.ValidationError as ex:
# Gracefully handle validation errors
# ...
For more details on deserialization attacks in general, see OWASP's guide:
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by B301-1.
You can view more details about this finding in the Semgrep AppSec Platform.
| try: | ||
| with self._timeout_context(self.timeout): | ||
| exec(compiled_code, exec_globals, exec_locals) | ||
| exec(compiled_code, exec_globals, exec_locals) # noqa: S102 |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
The application was found calling the exec function with a non-literal variable. If the
variable comes from user-supplied input, an adversary could compromise the entire system by
executing arbitrary python code.
To remediate this issue, remove all calls to exec and consider alternative methods for
executing the necessary business logic. There is almost no safe method of calling eval
with user-supplied input.
If the application only needs to convert strings into objects, consider using json.loads.
In some cases ast.literal_eval is recommended, but this should be avoided as it can still
suffer from other issues such as the ability for malicious code to crash the python
interpreter or application.
Example using `json.loads`` to load in arbitrary data to create data structures:
# User supplied data as a blob of JSON
user_supplied_data = """{"user": "test", "metadata": [1,2,3]}"""
# Load the JSON
user_object = json.loads(user_supplied_data)
# Manually add protected properties _after_ loading, never before
user_object["is_admin"] = False
# Work with the object
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by B102.
You can view more details about this finding in the Semgrep AppSec Platform.
|
|
||
| with open(pca_path, "rb") as f: | ||
| pca = pickle.load(f) | ||
| pca = pickle.load(f) # noqa: S301 |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
Avoid using pickle, which is known to lead to code execution vulnerabilities. When unpickling, the serialized data could be manipulated to run arbitrary code. Instead, consider serializing the relevant data as JSON or a similar text-based serialization format.
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by avoid-pickle.
You can view more details about this finding in the Semgrep AppSec Platform.
| # Path traversal is prevented above; loading from the trusted results directory only. | ||
| with open(scaler_path, "rb") as f: | ||
| scaler = pickle.load(f) | ||
| scaler = pickle.load(f) # noqa: S301 |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
Avoid using pickle, which is known to lead to code execution vulnerabilities. When unpickling, the serialized data could be manipulated to run arbitrary code. Instead, consider serializing the relevant data as JSON or a similar text-based serialization format.
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by avoid-pickle.
You can view more details about this finding in the Semgrep AppSec Platform.
| for _ in range(20): | ||
| try: | ||
| urllib.request.urlopen(probe_url, timeout=2) | ||
| urllib.request.urlopen(probe_url, timeout=2) # noqa: S310 |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
Detected 'urllib.urlopen()' using 'http://'. This request will not be encrypted. Use 'https://' instead.
To resolve this comment:
💡 Follow autofix suggestion
| urllib.request.urlopen(probe_url, timeout=2) # noqa: S310 | |
| urllib.request.urlopen(probe_url, timeout=2) # noqa: S310 |
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by insecure-urlopen.
You can view more details about this finding in the Semgrep AppSec Platform.
| probe_url = "http://127.0.0.1:11434/api/tags" | ||
| try: | ||
| urllib.request.urlopen(probe_url, timeout=2) | ||
| urllib.request.urlopen(probe_url, timeout=2) # noqa: S310 |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
Detected 'urllib.urlopen()' using 'http://'. This request will not be encrypted. Use 'https://' instead.
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by insecure-urlopen.
You can view more details about this finding in the Semgrep AppSec Platform.
| @@ -108,7 +108,7 @@ def _start_ollama_if_needed() -> bool: | |||
|
|
|||
| for _ in range(20): | |||
| try: | |||
| urllib.request.urlopen(probe_url, timeout=2) | |||
| urllib.request.urlopen(probe_url, timeout=2) # noqa: S310 | |||
| print("Ollama server is running.") | |||
| return True | |||
| except Exception: | |||
There was a problem hiding this comment.
Semgrep identified an issue in your code:
Detected 'urllib.urlopen()' using 'http://'. This request will not be encrypted. Use 'https://' instead.
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by insecure-urlopen.
You can view more details about this finding in the Semgrep AppSec Platform.
|
|
||
| url = "http://127.0.0.1:11434/api/tags" | ||
| request = urllib.request.Request(url, headers={"User-Agent": "setup-check"}) | ||
| request = urllib.request.Request(url, headers={"User-Agent": "setup-check"}) # noqa: S310 |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
Detected a 'urllib.request.Request()' object using an insecure transport protocol, 'http://'. This connection will not be encrypted. Use 'https://' instead.
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by insecure-request-object.
You can view more details about this finding in the Semgrep AppSec Platform.
| url = "http://127.0.0.1:11434/api/tags" | ||
| request = urllib.request.Request(url, headers={"User-Agent": "setup-check"}) | ||
| request = urllib.request.Request(url, headers={"User-Agent": "setup-check"}) # noqa: S310 |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
Detected a 'urllib.request.Request()' object using an insecure transport protocol, 'http://'. This connection will not be encrypted. Use 'https://' instead.
To resolve this comment:
💡 Follow autofix suggestion
| url = "http://127.0.0.1:11434/api/tags" | |
| request = urllib.request.Request(url, headers={"User-Agent": "setup-check"}) | |
| request = urllib.request.Request(url, headers={"User-Agent": "setup-check"}) # noqa: S310 | |
| url = "https://127.0.0.1:11434/api/tags" | |
| request = urllib.request.Request(url, headers={"User-Agent": "setup-check"}) # noqa: S310 |
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by insecure-request-object.
You can view more details about this finding in the Semgrep AppSec Platform.
| try: | ||
| req = Request(url, method="GET") | ||
| with urlopen(req, timeout=LOCAL_DEV_ADAPTER_REQUEST_TIMEOUT_SEC) as resp: | ||
| req = Request(url, method="GET") # noqa: S310 |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
Detected a 'urllib.request.Request()' object using an insecure transport protocol, 'http://'. This connection will not be encrypted. Use 'https://' instead.
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by insecure-request-object.
You can view more details about this finding in the Semgrep AppSec Platform.
| try: | ||
| with self._timeout_context(self.timeout): | ||
| exec(compiled_code, exec_globals, exec_locals) | ||
| exec(compiled_code, exec_globals, exec_locals) # noqa: S102 |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
Detected the use of exec(). exec() can be dangerous if used to evaluate dynamic content. If this content can be input from outside the program, this may be a code injection vulnerability. Ensure evaluated content is not definable by external sources.
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by exec-detected.
You can view more details about this finding in the Semgrep AppSec Platform.
|
Semgrep found 16
Depending on the context, generating weak random numbers may expose cryptographic functions, Example using the secrets module: For more information on the Semgrep found 26
Possibly found usage of AI: OpenAI Semgrep found 23
The application was found passing in a non-literal value to the To remediate this issue either hardcode the URLs being used in urllib or use the Example using the Semgrep found 1 Detected 'urllib.urlopen()' using 'http://'. This request will not be encrypted. Use 'https://' instead. Semgrep found 1 Detected a 'urllib.request.Request()' object using an insecure transport protocol, 'http://'. This connection will not be encrypted. Use 'https://' instead. Semgrep found 25
Detected a dynamic value being used with urllib. urllib supports 'file://' schemes, so a dynamic value controlled by a malicious actor may allow them to read arbitrary files. Audit uses of urllib calls to ensure user data cannot control the URLs, or consider using the 'requests' library instead. |
Automated cleanup pushed by the CodeQL Advanced workflow.
Tools applied:
ruff check --fix+ruff format(unsafe fixes only enabled when allow_unsafe_fixes=true on scheduled/manual runs)prettier --writeeslint --fix(if configured in the repository)clang-format -i --style=file(when C/C++ files are present)Triggered by:
pushonrefs/heads/main(run #28843570227).