Potential security issue of information leakage
nevercodecorrect opened this issue · comments
The robot is interesting and I found a few potential security issue while reading the source code.
In code here, openai_api_key
is directly printed, this could potentially leak the key as decribed in (CWE-532)[https://cwe.mitre.org/data/definitions/532.html]. The print statement could be redacted or set to be read only?
A similar issue is here, the sensitive data is directly written into local file. A more secure way like setting the file only accessible to the current user or keeping the key in memory-only could be used.