Skip to content

fix(tests): replace hardcoded API key values to resolve SAST findings#406

Open
BolotnyaBoss wants to merge 2 commits into
codemie-ai:mainfrom
BolotnyaBoss:fix/sast-hardcoded-secrets
Open

fix(tests): replace hardcoded API key values to resolve SAST findings#406
BolotnyaBoss wants to merge 2 commits into
codemie-ai:mainfrom
BolotnyaBoss:fix/sast-hardcoded-secrets

Conversation

@BolotnyaBoss

Copy link
Copy Markdown
Contributor

Summary

Resolves four SAST HardcodedNonCryptoSecret findings flagged by the security scanner. The scanner flags API-key-like field names paired with any non-empty string value in test fixtures, even when the values are clearly fake. The fix replaces the flagged values with alternatives that satisfy the TypeScript type contract and preserve test intent without triggering the pattern.

Changes

  • src/agents/core/__tests__/AgentCLI-effort.test.tsapiKey: 'test-key'apiKey: '' (×2); neither test asserts on apiKey, so an empty string is the minimal valid input
  • src/providers/plugins/moonshot-subscription/__tests__/moonshot-subscription.template.test.tsKIMI_MODEL_API_KEY: 'some-key''placeholder' (×4, including matching assertions); value kept consistent between input and immutability assertion

Testing

  • Pre-commit hooks passed (ESLint, Vitest related, typecheck, Gitleaks)
  • npm run test:unit — 2205 passed, 1 skipped (145 files)
  • npm run test:integration — 220 passed, 1 skipped (27 files)
  • npm run lint — 0 errors, 0 warnings
  • npm run typecheck — no diagnostics
  • npm run build — clean
  • npm run validate:secrets — no leaks found

Checklist

  • Code follows project standards
  • CI is green (npm run ci)
  • No merge conflicts with main

Closes EPMCDME-13309, EPMCDME-13310, EPMCDME-13311, EPMCDME-13312

Sviatoslav Likhtarchyk added 2 commits July 3, 2026 16:21
Replace 'test-key' with '' in AgentCLI-effort.test.ts (neither test
asserts on apiKey) and 'some-key' with 'placeholder' in
moonshot-subscription.template.test.ts (consistent across input and
assertion pairs).

Resolves EPMCDME-13309, EPMCDME-13310, EPMCDME-13311, EPMCDME-13312
Plan, technical analysis, code review, QA report, and complexity
assessment for EPMCDME-13309/13310/13311/13312.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant