Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(platform): Remove settings endpoint #8715

Merged
merged 5 commits into from
Nov 19, 2024

Conversation

aarushik93
Copy link
Contributor

@aarushik93 aarushik93 commented Nov 19, 2024

We don't need or use this endpoint and it's a security flaw to have this lying around
Addresses part of https://linear.app/autogpt/issue/SECRT-929

Changes 🏗️

Remove the entire endpoint

Checklist 📋

For code changes:

  • I have clearly listed my changes in the PR description
  • I have made a test plan
  • I have tested my changes according to the test plan:
    • ...
Example test plan
  • Create from scratch and execute an agent with at least 3 blocks
  • Import an agent from file upload, and confirm it executes correctly
  • Upload agent to marketplace
  • Import an agent from marketplace and confirm it executes correctly
  • Edit an agent from monitor, and confirm it executes correctly

For configuration changes:

  • .env.example is updated or already compatible with my changes
  • docker-compose.yml is updated or already compatible with my changes
  • I have included a list of my configuration changes in the PR description (under Changes)
Examples of configuration changes
  • Changing ports
  • Adding new services that need to communicate with each other
  • Secrets or environment variable changes
  • New or infrastructure changes such as databases

@aarushik93 aarushik93 requested a review from a team as a code owner November 19, 2024 12:57
@aarushik93 aarushik93 requested review from kcze and majdyz and removed request for a team November 19, 2024 12:57
@github-actions github-actions bot added the platform/backend AutoGPT Platform - Back end label Nov 19, 2024
@aarushik93 aarushik93 requested a review from ntindle November 19, 2024 12:57
Copy link

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪
🧪 No relevant tests
🔒 No security concerns identified
⚡ Recommended focus areas for review

Code Cleanup
The PR removes the settings endpoint but leaves behind the Settings class import and usage. Should verify if the Settings class is still needed or should be removed as well.

Copy link

netlify bot commented Nov 19, 2024

Deploy Preview for auto-gpt-docs canceled.

Name Link
🔨 Latest commit d8fd174
🔍 Latest deploy log https://app.netlify.com/sites/auto-gpt-docs/deploys/673d209804b7a400083cf862

@aarushik93 aarushik93 enabled auto-merge (squash) November 19, 2024 14:25
@aarushik93 aarushik93 merged commit a5734a5 into dev Nov 19, 2024
15 checks passed
@aarushik93 aarushik93 deleted the aarushikansal/remove-settings-endpoint branch November 19, 2024 23:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants