-
Notifications
You must be signed in to change notification settings - Fork 170
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rafal/ai video remoteaiworker pr rebase fixed tests #3198
base: ai-video
Are you sure you want to change the base?
Rafal/ai video remoteaiworker pr rebase fixed tests #3198
Conversation
…strator and aiworker
… capabilities is used
…through. small update to aiResults endpoint and related test update
…ving ai capabilities
…nto rafal/ai-video-fix-unit-tests
…teaiworker-pr-rebase-fixed-tests
|
||
authType := r.Header.Get("Authorization") | ||
if protoVerAIWorker != authType { | ||
glog.Error("Invalid auth type ", authType) |
Check failure
Code scanning / CodeQL
Clear-text logging of sensitive information High
Sensitive data returned by HTTP request headers
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 21 days ago
To fix the problem, we should avoid logging the sensitive authType
value directly. Instead, we can log a generic message indicating an invalid authorization type without including the actual value. This approach maintains the functionality of logging errors while protecting sensitive information.
- Modify the logging statement on line 533 to remove the
authType
value. - Ensure that the log message still provides useful information for debugging without exposing sensitive data.
-
Copy modified line R533
@@ -532,3 +532,3 @@ | ||
if protoVerAIWorker != authType { | ||
glog.Error("Invalid auth type ", authType) | ||
glog.Error("Invalid auth type") | ||
http.Error(w, "Unauthorized", http.StatusUnauthorized) |
} | ||
|
||
func runAIWorker(n *core.LivepeerNode, orchAddr string, capacity int, caps *net.Capabilities) error { | ||
tlsConfig := &tls.Config{InsecureSkipVerify: true} |
Check failure
Code scanning / CodeQL
Disabled TLS certificate check High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 21 days ago
To fix the problem, we need to ensure that TLS certificate verification is enabled. This involves removing the InsecureSkipVerify: true
setting and properly configuring the TLS settings to use valid certificates.
- Remove
InsecureSkipVerify: true
: This setting should be removed from thetls.Config
initialization. - Load system CA certificates: Use the system's CA certificates to verify the server's certificate.
- Handle errors appropriately: Ensure that any errors related to TLS configuration are properly handled.
-
Copy modified lines R97-R102 -
Copy modified line R104 -
Copy modified line R106 -
Copy modified line R136
@@ -96,7 +96,12 @@ | ||
func runAIWorker(n *core.LivepeerNode, orchAddr string, capacity int, caps *net.Capabilities) error { | ||
tlsConfig := &tls.Config{InsecureSkipVerify: true} | ||
tlsConfig := &tls.Config{} | ||
creds, err := credentials.NewClientTLSFromFile("/path/to/ca-certificates.crt", "") | ||
if err != nil { | ||
glog.Error("Failed to load CA certificates: ", err) | ||
return err | ||
} | ||
conn, err := grpc.Dial(orchAddr, | ||
grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig))) | ||
grpc.WithTransportCredentials(creds)) | ||
if err != nil { | ||
glog.Error("Did not connect AI worker to orchesrator: ", err) | ||
glog.Error("Did not connect AI worker to orchestrator: ", err) | ||
return err | ||
@@ -130,3 +135,3 @@ | ||
|
||
httpc := &http.Client{Transport: &http2.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}} | ||
httpc := &http.Client{Transport: &http2.Transport{TLSClientConfig: &tls.Config{}}} | ||
var wg sync.WaitGroup |
} | ||
}() | ||
|
||
httpc := &http.Client{Transport: &http2.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}} |
Check failure
Code scanning / CodeQL
Disabled TLS certificate check High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 21 days ago
To fix the problem, we need to ensure that TLS certificate verification is enabled. This involves setting up proper TLS configuration with valid certificates. The best way to fix this without changing existing functionality is to remove the InsecureSkipVerify: true
setting and ensure that the application uses valid certificates for TLS communication.
- Remove the
InsecureSkipVerify: true
setting: This will enforce the default behavior of verifying the server's certificate chain and host name. - Ensure valid certificates are used: This might involve configuring the application to use a certificate authority (CA) or providing the necessary certificates.
-
Copy modified line R131
@@ -130,3 +130,3 @@ | ||
|
||
httpc := &http.Client{Transport: &http2.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}} | ||
httpc := &http.Client{Transport: &http2.Transport{TLSClientConfig: &tls.Config{}}} | ||
var wg sync.WaitGroup |
No description provided.