CodeCow/generative-ai-for-beginners
1
0
Fork 0
mirror of https://github.com/microsoft/generative-ai-for-beginners.git synced 2026-06-05 21:07:14 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
7ea589a718
generative-ai-for-beginners/shared/python/env_utils.py
Claude 2bdc61d4cd
feat: Add comprehensive security fixes, code quality improvements, and documentation 
Security Fixes (HIGH Severity):
- Fix hardcoded SECRET_KEY in Flask app - now uses environment variable
- Add function validation to prevent arbitrary function execution in JS
- Add path traversal protection in certificate handling
- Fix unsafe JSON parsing with proper error handling

Security Fixes (MEDIUM Severity):
- Add environment variable validation with helpful error messages
- Add request timeouts and proper error handling for HTTP calls
- Fix file handle leaks using context managers
- Add input validation and sanitization for user inputs

Code Quality Improvements:
- Add ESLint configuration for JavaScript/TypeScript linting
- Add Prettier configuration for consistent code formatting
- Add pyproject.toml with Black, Ruff, mypy, and pytest configuration
- Create shared Python utilities module with:
  - env_utils.py: Environment variable handling
  - input_validation.py: Input validation and sanitization
  - api_utils.py: Safe API request wrappers

Documentation:
- Add SECURITY_GUIDELINES.md with best practices for AI applications
- Add ENHANCED_FEATURES_ROADMAP.md with improvement recommendations
  including new lesson topics, API modernization, and CI/CD enhancements

Files Modified:
- 05-advanced-prompts/{python,javascript}/*
- 06-text-generation-apps/{python,js-githubmodels}/*
- 07-building-chat-applications/js-githubmodels/*
- 08-building-search-applications/{js-githubmodels,scripts}/*
- 09-building-image-applications/python/*
- 11-integrating-with-function-calling/{js-githubmodels,typescript}/*
2026-01-21 10:00:28 +00:00

90 lines
2.5 KiB
Python
Raw Blame History

"""
Environment variable utilities for secure configuration management.
This module provides functions to safely retrieve and validate environment
variables, ensuring that sensitive configuration is properly handled.
"""
import os
from typing import Optional
def get_required_env(var_name: str, description: Optional[str] = None) -> str:
"""
Get a required environment variable or raise an error with helpful message.
Args:
var_name: The name of the environment variable to retrieve.
description: Optional description of what the variable is used for.
Returns:
The value of the environment variable.
Raises:
ValueError: If the environment variable is not set or is empty.
Example:
>>> api_key = get_required_env("OPENAI_API_KEY", "OpenAI API authentication")
"""
value = os.getenv(var_name)
if not value:
desc_part = f" ({description})" if description else ""
raise ValueError(
f"Missing required environment variable: {var_name}{desc_part}. "
f"Please set it in your .env file or environment."
)
return value
def validate_env_vars(*var_names: str) -> dict[str, str]:
"""
Validate that multiple environment variables are set.
Args:
*var_names: Variable names to check.
Returns:
Dictionary mapping variable names to their values.
Raises:
ValueError: If any of the required variables are missing.
Example:
>>> env = validate_env_vars("AZURE_OPENAI_ENDPOINT", "AZURE_OPENAI_API_KEY")
>>> print(env["AZURE_OPENAI_ENDPOINT"])
"""
missing = []
values = {}
for var_name in var_names:
value = os.getenv(var_name)
if not value:
missing.append(var_name)
else:
values[var_name] = value
if missing:
raise ValueError(
f"Missing required environment variables: {', '.join(missing)}. "
f"Please set them in your .env file or environment."
)
return values
def get_env_with_default(var_name: str, default: str) -> str:
"""
Get an environment variable with a default value.
Args:
var_name: The name of the environment variable.
default: The default value if the variable is not set.
Returns:
The value of the environment variable or the default.
Example:
>>> model = get_env_with_default("MODEL_NAME", "gpt-4o")
"""
return os.getenv(var_name, default)
Reference in New Issue View Git Blame Copy Permalink