From dd5e3ffc4172c9c427d1b9d3319055c7d7166019 Mon Sep 17 00:00:00 2001
From: Cosmin Cojocar <ccojocar@google.com>
Date: Sun, 18 Aug 2024 15:45:55 +0000
Subject: [PATCH 1/2] Read the AI API key also from an environment variable

Change-Id: If18fd025ab2ef68a3690f8a69d1c8894e44a87ef
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
---
 README.md         |  3 ++-
 cmd/gosec/main.go | 10 ++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 2101e35b58..a9384c970c 100644
--- a/README.md
+++ b/README.md
@@ -279,7 +279,8 @@ gosec can suggest fixes based on AI recommendation. It will call an AI API to re
 
 You can enable this feature by providing the following command line arguments:
 - `ai-api-provider`: the name of the AI API provider, currently only `gemini`is supported.
-- `ai-api-key`: the key to access the AI API, For gemini, you can create an API key following [these instructions](https://ai.google.dev/gemini-api/docs/api-key).
+- `ai-api-key` or set the environment variable `GOSEC_AI_API_KEY`: the key to access the AI API,
+For gemini, you can create an API key following [these instructions](https://ai.google.dev/gemini-api/docs/api-key).
 - `ai-endpoint`: the endpoint of the AI provider, this is optional argument.
 
 
diff --git a/cmd/gosec/main.go b/cmd/gosec/main.go
index 902e0762eb..61cdc162bd 100644
--- a/cmd/gosec/main.go
+++ b/cmd/gosec/main.go
@@ -59,6 +59,8 @@ USAGE:
 	$ gosec -exclude=G101 $GOPATH/src/github.com/example/project/...
 
 `
+	// Environment variable for AI API key.
+	aiApiKeyEnv = "GOSEC_AI_API_KEY"
 )
 
 type arrayFlags []string
@@ -468,8 +470,12 @@ func main() {
 	reportInfo := gosec.NewReportInfo(issues, metrics, errors).WithVersion(Version)
 
 	// Call AI request to solve the issues
-	if *flagAiApiProvider != "" && *flagAiApiKey != "" {
-		err := autofix.GenerateSolution(*flagAiApiProvider, *flagAiApiKey, *flagAiEndpoint, issues)
+	aiApiKey := os.Getenv(aiApiKeyEnv)
+	if aiApiKeyEnv == "" {
+		aiApiKey = *flagAiApiKey
+	}
+	if *flagAiApiProvider != "" && aiApiKey != "" {
+		err := autofix.GenerateSolution(*flagAiApiProvider, aiApiKey, *flagAiEndpoint, issues)
 		if err != nil {
 			logger.Print(err)
 		}

From 5adb600ca628c9bf7afc8d3b048fee87a91e64e9 Mon Sep 17 00:00:00 2001
From: Cosmin Cojocar <ccojocar@google.com>
Date: Sun, 18 Aug 2024 15:52:30 +0000
Subject: [PATCH 2/2] Fix lint warning

Change-Id: Icd3eb8a029764db76596c3e171275c03a23f8cef
Signed-off-by: Cosmin Cojocar <ccojocar@google.com>
---
 cmd/gosec/main.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/gosec/main.go b/cmd/gosec/main.go
index 61cdc162bd..62424bb1e5 100644
--- a/cmd/gosec/main.go
+++ b/cmd/gosec/main.go
@@ -60,7 +60,7 @@ USAGE:
 
 `
 	// Environment variable for AI API key.
-	aiApiKeyEnv = "GOSEC_AI_API_KEY"
+	aiApiKeyEnv = "GOSEC_AI_API_KEY" // #nosec G101
 )
 
 type arrayFlags []string