Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secrets are double-counted via Copilot Explain function #519

Closed
danbarr opened this issue Jan 8, 2025 · 3 comments · Fixed by #581
Closed

Secrets are double-counted via Copilot Explain function #519

danbarr opened this issue Jan 8, 2025 · 3 comments · Fixed by #581
Assignees
@aponcedeleonch
Labels
bug

Comments

@danbarr
Copy link
Collaborator

danbarr commented Jan 8, 2025

Describe the issue

Secrets detected in code are being double-counted when I use the Copilot Explain feature (select some code, right-click and Copilot->Explain). This does not happen if I send the same file as context in a Chat prompt.

Video shows the expected result via Chat (2 secrets detected), then the double-result via Explain (4 secrets detected):

2025-01-08_17-15-55.mp4

Steps to Reproduce

See video - I used the conf.ini file in codegate-demonstration.

Operating System

MacOS (Arm)

IDE and Version

VS Code 1.96.2

Extension and Version

GitHub Copilot 1.256.0

Provider

GitHub Copilot

Model

GPT-4

Logs

2025-01-08T22:29:38.008Z [debug    ] Processing body through pipeline: 5483 bytes module=provider origin=copilot_proxy pathname=/app/src/codegate/providers/copilot/provider.py
2025-01-08T22:29:38.008Z [debug    ] Found 2 secrets in the user message module=secrets pathname=/app/src/codegate/pipeline/secrets/secrets.py
2025-01-08T22:29:38.008Z [info     ]
Found secrets:                module=secrets pathname=/app/src/codegate/pipeline/secrets/secrets.py
2025-01-08T22:29:38.008Z [debug    ] Stored secret                  encrypted=qsuXopnOcxUETo0zhMclZoYijjGri86kTvIqAjZhfcfk5VCTeI/xsI+EObT3WJY8aJx3uAx6afFuBs4= module=manager pathname=/app/src/codegate/pipeline/secrets/manager.py service=Amazon type=Access Key
2025-01-08T22:29:38.008Z [info     ]
Service: Amazon
Type: Access Key
Original: AKIAIOSFODNN7EXAMPLE
Encrypted: REDACTED<$qsuXopnOcxUETo0zhMclZoYijjGri86kTvIqAjZhfcfk5VCTeI/xsI+EObT3WJY8aJx3uAx6afFuBs4=> module=secrets pathname=/app/src/codegate/pipeline/secrets/secrets.py
2025-01-08T22:29:38.008Z [debug    ] Stored secret                  encrypted=FyIp5X8HeM9BbQJG1cTWTyNfSfRkjlQz8z+MRVolVcmpLCiXNi0UlFlzP9Kdd6xdAZDslp8Np2XWyBjFDNZMPSjxHxTLrKXVlD/A7zVqPg== module=manager pathname=/app/src/codegate/pipeline/secrets/manager.py service=GitHub type=Access Token
2025-01-08T22:29:38.008Z [info     ]
Service: GitHub
Type: Access Token
Original: ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ0123456789
Encrypted: REDACTED<$FyIp5X8HeM9BbQJG1cTWTyNfSfRkjlQz8z+MRVolVcmpLCiXNi0UlFlzP9Kdd6xdAZDslp8Np2XWyBjFDNZMPSjxHxTLrKXVlD/A7zVqPg==> module=secrets pathname=/app/src/codegate/pipeline/secrets/secrets.py

Protected text:
# FILE:CONF.INI CONTEXT
User's active selection:
Excerpt from conf.ini, lines 1 to 4:
```ini
GITHUB_TOKEN="REDACTED<$FyIp5X8HeM9BbQJG1cTWTyNfSfRkjlQz8z+MRVolVcmpLCiXNi0UlFlzP9Kdd6xdAZDslp8Np2XWyBjFDNZMPSjxHxTLrKXVlD/A7zVqPg==>"
AWS_ACCESS_KEY_ID="REDACTED<$qsuXopnOcxUETo0zhMclZoYijjGri86kTvIqAjZhfcfk5VCTeI/xsI+EObT3WJY8aJx3uAx6afFuBs4=>"
AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
```
2025-01-08T22:29:38.008Z [debug    ] Found 2 secrets in the user message module=secrets pathname=/app/src/codegate/pipeline/secrets/secrets.py
2025-01-08T22:29:38.008Z [info     ]
Found secrets:                module=secrets pathname=/app/src/codegate/pipeline/secrets/secrets.py
2025-01-08T22:29:38.008Z [debug    ] Stored secret                  encrypted=hOsAGj8QuBpPZZkvaTQ2wKWzNCUoKHFVVrjnL1vagoiFYBqerkyuRwx7+KuZWIvwGEakQkKZLiYODkg= module=manager pathname=/app/src/codegate/pipeline/secrets/manager.py service=Amazon type=Access Key
2025-01-08T22:29:38.008Z [info     ]
Service: Amazon
Type: Access Key
Original: AKIAIOSFODNN7EXAMPLE
Encrypted: REDACTED<$hOsAGj8QuBpPZZkvaTQ2wKWzNCUoKHFVVrjnL1vagoiFYBqerkyuRwx7+KuZWIvwGEakQkKZLiYODkg=> module=secrets pathname=/app/src/codegate/pipeline/secrets/secrets.py
2025-01-08T22:29:38.008Z [debug    ] Stored secret                  encrypted=P7hN6gSYTs3sOyPOUy9I0ND/doxeH/+z1gfm20Qyo/fJ6EYkfClqrHDBUu2pbolSKg4uu1fvRz4jO7ukOSvlaoEhyYjPXN0OnKF0KtuwmA== module=manager pathname=/app/src/codegate/pipeline/secrets/manager.py service=GitHub type=Access Token
2025-01-08T22:29:38.008Z [info     ]
Service: GitHub
Type: Access Token
Original: ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ0123456789
Encrypted: REDACTED<$P7hN6gSYTs3sOyPOUy9I0ND/doxeH/+z1gfm20Qyo/fJ6EYkfClqrHDBUu2pbolSKg4uu1fvRz4jO7ukOSvlaoEhyYjPXN0OnKF0KtuwmA==> module=secrets pathname=/app/src/codegate/pipeline/secrets/secrets.py

Protected text:
Write an explanation for the active selection as paragraphs of text.

```ini
GITHUB_TOKEN="REDACTED<$P7hN6gSYTs3sOyPOUy9I0ND/doxeH/+z1gfm20Qyo/fJ6EYkfClqrHDBUu2pbolSKg4uu1fvRz4jO7ukOSvlaoEhyYjPXN0OnKF0KtuwmA==>"
AWS_ACCESS_KEY_ID="REDACTED<$hOsAGj8QuBpPZZkvaTQ2wKWzNCUoKHFVVrjnL1vagoiFYBqerkyuRwx7+KuZWIvwGEakQkKZLiYODkg=>"
AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
```
2025-01-08T22:29:38.008Z [debug    ] Found 2 secrets in the user message module=secrets pathname=/app/src/codegate/pipeline/secrets/secrets.py
2025-01-08T22:29:38.008Z [info     ]
Found secrets:                module=secrets pathname=/app/src/codegate/pipeline/secrets/secrets.py
2025-01-08T22:29:38.008Z [debug    ] Stored secret                  encrypted=DfI+RkE2aETnQIIbYDAAI/LSiGkSg5i4EGzrQHmaRxIneByrItK3eMrdReUYzSoxHFVE7+5J+V+eFKw= module=manager pathname=/app/src/codegate/pipeline/secrets/manager.py service=Amazon type=Access Key
2025-01-08T22:29:38.008Z [info     ]
Service: Amazon
Type: Access Key
Original: AKIAIOSFODNN7EXAMPLE
Encrypted: REDACTED<$DfI+RkE2aETnQIIbYDAAI/LSiGkSg5i4EGzrQHmaRxIneByrItK3eMrdReUYzSoxHFVE7+5J+V+eFKw=> module=secrets pathname=/app/src/codegate/pipeline/secrets/secrets.py
2025-01-08T22:29:38.008Z [debug    ] Stored secret                  encrypted=p0fT4XXnsl7XftNNRWzsDO4nCqm3CUZ62TBw+K9kdengNFB7eNWOz/D+T8i1OYBMiP1NLKRPje7DvxFBHjWlfKUM5Md/NbVR1Pormc/bGA== module=manager pathname=/app/src/codegate/pipeline/secrets/manager.py service=GitHub type=Access Token
2025-01-08T22:29:38.008Z [info     ]
Service: GitHub
Type: Access Token
Original: ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ0123456789
Encrypted: REDACTED<$p0fT4XXnsl7XftNNRWzsDO4nCqm3CUZ62TBw+K9kdengNFB7eNWOz/D+T8i1OYBMiP1NLKRPje7DvxFBHjWlfKUM5Md/NbVR1Pormc/bGA==> module=secrets pathname=/app/src/codegate/pipeline/secrets/secrets.py

Protected text:
Active selection:


From the file: conf.ini
```ini
GITHUB_TOKEN="REDACTED<$p0fT4XXnsl7XftNNRWzsDO4nCqm3CUZ62TBw+K9kdengNFB7eNWOz/D+T8i1OYBMiP1NLKRPje7DvxFBHjWlfKUM5Md/NbVR1Pormc/bGA==>"
AWS_ACCESS_KEY_ID="REDACTED<$DfI+RkE2aETnQIIbYDAAI/LSiGkSg5i4EGzrQHmaRxIneByrItK3eMrdReUYzSoxHFVE7+5J+V+eFKw=>"
AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
```
2025-01-08T22:29:38.008Z [debug    ] Found 2 secrets in the user message module=secrets pathname=/app/src/codegate/pipeline/secrets/secrets.py
2025-01-08T22:29:38.008Z [info     ]
Found secrets:                module=secrets pathname=/app/src/codegate/pipeline/secrets/secrets.py
2025-01-08T22:29:38.008Z [debug    ] Stored secret                  encrypted=vpIBfIiiAHezNC+k+nwb126+DO5CgSLROOiNbHuKAh3P5Z74yvpQHUSJI2PTxUG0itB70+0Ctp5L4Zo= module=manager pathname=/app/src/codegate/pipeline/secrets/manager.py service=Amazon type=Access Key
2025-01-08T22:29:38.008Z [info     ]
Service: Amazon
Type: Access Key
Original: AKIAIOSFODNN7EXAMPLE
Encrypted: REDACTED<$vpIBfIiiAHezNC+k+nwb126+DO5CgSLROOiNbHuKAh3P5Z74yvpQHUSJI2PTxUG0itB70+0Ctp5L4Zo=> module=secrets pathname=/app/src/codegate/pipeline/secrets/secrets.py
2025-01-08T22:29:38.008Z [debug    ] Stored secret                  encrypted=luqVICeRggKIcvsXWqEwpjoX6NMKHvNN797P7K7YVbA4W4ey/evkqGucR5XTlwNFTLgR0FITLmoFD2eLEkODmeU+YMsFgRe06QBx4ciPCQ== module=manager pathname=/app/src/codegate/pipeline/secrets/manager.py service=GitHub type=Access Token
2025-01-08T22:29:38.008Z [info     ]
Service: GitHub
Type: Access Token
Original: ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ0123456789
Encrypted: REDACTED<$luqVICeRggKIcvsXWqEwpjoX6NMKHvNN797P7K7YVbA4W4ey/evkqGucR5XTlwNFTLgR0FITLmoFD2eLEkODmeU+YMsFgRe06QBx4ciPCQ==> module=secrets pathname=/app/src/codegate/pipeline/secrets/secrets.py

Protected text:
Write an explanation for the active selection as paragraphs of text.

```ini
GITHUB_TOKEN="REDACTED<$luqVICeRggKIcvsXWqEwpjoX6NMKHvNN797P7K7YVbA4W4ey/evkqGucR5XTlwNFTLgR0FITLmoFD2eLEkODmeU+YMsFgRe06QBx4ciPCQ==>"
AWS_ACCESS_KEY_ID="REDACTED<$vpIBfIiiAHezNC+k+nwb126+DO5CgSLROOiNbHuKAh3P5Z74yvpQHUSJI2PTxUG0itB70+0Ctp5L4Zo=>"
AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
```
2025-01-08T22:29:38.008Z [info     ] Total secrets redacted since last assistant message: 4 module=secrets pathname=/app/src/codegate/pipeline/secrets/secrets.py

Additional Context

No response
@danbarr danbarr added the bug label Jan 8, 2025
@lukehinds
Copy link
Contributor

@aponcedeleonch is this covered by the patch you were working on ?

@lukehinds
Copy link
Contributor

@danbarr please retest in v0.1.6

@danbarr
Copy link
Collaborator Author

danbarr commented Jan 13, 2025

Still seeing the double-count in 0.1.6.

Using Explain:

Image

Using chat:

Image

@aponcedeleonch aponcedeleonch mentioned this issue Jan 14, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aponcedeleonch aponcedeleonch

Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Do not double count secrets on /explain copilot function stacklok/codegate
3 participants
@danbarr @lukehinds @aponcedeleonch