From 2a48e24d9843d89402c7d33578fc978bb5ef9cc2 Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Mon, 9 Jun 2025 14:35:04 +0000 Subject: [PATCH] Address CI failures and code review feedback MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Remove unused pytest imports from test files (fixes lint errors) - Fix CodeQL security alert by using exact URL validation instead of substring check - Enhance SSL function documentation with detailed environment variable precedence - Improve error handling in fetch_provider_data with current CA bundle path display - Add more helpful guidance for SSL certificate configuration issues Addresses feedback from AI code review and resolves CI lint/security failures. Co-Authored-By: João --- src/crewai/cli/provider.py | 16 ++++++++++++++-- tests/cli/test_constants.py | 4 +--- tests/cli/test_provider_ssl.py | 1 - 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/src/crewai/cli/provider.py b/src/crewai/cli/provider.py index 848d68272..e9e18638c 100644 --- a/src/crewai/cli/provider.py +++ b/src/crewai/cli/provider.py @@ -159,8 +159,17 @@ def get_ssl_verify_config(): """ Get SSL verification configuration from environment variables or use certifi default. + Environment Variables (checked in order of precedence): + REQUESTS_CA_BUNDLE: Path to the primary CA bundle file. + SSL_CERT_FILE: Path to the secondary CA bundle file. + CURL_CA_BUNDLE: Path to the tertiary CA bundle file. + Returns: - - str: Path to CA bundle file or certifi default path + str: Path to CA bundle file or certifi default path. + + Example: + >>> get_ssl_verify_config() + '/path/to/ca-bundle.pem' """ for env_var in ['REQUESTS_CA_BUNDLE', 'SSL_CERT_FILE', 'CURL_CA_BUNDLE']: ca_bundle = os.environ.get(env_var) @@ -180,8 +189,9 @@ def fetch_provider_data(cache_file): Returns: - dict or None: The fetched provider data or None if the operation fails. """ + ssl_config = get_ssl_verify_config() try: - response = requests.get(JSON_URL, stream=True, timeout=60, verify=get_ssl_verify_config()) + response = requests.get(JSON_URL, stream=True, timeout=60, verify=ssl_config) response.raise_for_status() data = download_data(response) with open(cache_file, "w") as f: @@ -189,7 +199,9 @@ def fetch_provider_data(cache_file): return data except requests.exceptions.SSLError as e: click.secho(f"SSL certificate verification failed: {e}", fg="red") + click.secho(f"Current CA bundle path: {ssl_config}", fg="yellow") click.secho("Try setting REQUESTS_CA_BUNDLE environment variable to your CA bundle path", fg="yellow") + return None except requests.RequestException as e: click.secho(f"Error fetching provider data: {e}", fg="red") except json.JSONDecodeError: diff --git a/tests/cli/test_constants.py b/tests/cli/test_constants.py index d0840cb33..ce57c1548 100644 --- a/tests/cli/test_constants.py +++ b/tests/cli/test_constants.py @@ -1,5 +1,3 @@ -import pytest - from crewai.cli.constants import ENV_VARS, JSON_URL, MODELS, PROVIDERS @@ -26,4 +24,4 @@ def test_huggingface_models(): def test_json_url_is_https(): """Test that JSON_URL uses HTTPS for secure connection.""" assert JSON_URL.startswith("https://") - assert "raw.githubusercontent.com" in JSON_URL + assert JSON_URL == "https://raw.githubusercontent.com/BerriAI/litellm/main/model_prices_and_context_window.json" diff --git a/tests/cli/test_provider_ssl.py b/tests/cli/test_provider_ssl.py index 8cce92df1..bd99697df 100644 --- a/tests/cli/test_provider_ssl.py +++ b/tests/cli/test_provider_ssl.py @@ -3,7 +3,6 @@ import tempfile from pathlib import Path from unittest.mock import Mock, patch -import pytest import requests from crewai.cli.provider import fetch_provider_data, get_ssl_verify_config