mirror of
https://github.com/crewAIInc/crewAI.git
synced 2026-01-03 05:08:29 +00:00
Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
16524ccfa8 |
23
.github/SECURITY.md
vendored
Normal file
23
.github/SECURITY.md
vendored
Normal file
@@ -0,0 +1,23 @@
|
|||||||
|
CrewAI takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organization.
|
||||||
|
|
||||||
|
If you believe you have found a security vulnerability in any CrewAI product or service, please report it to us as described below.
|
||||||
|
|
||||||
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
|
Please do not report security vulnerabilities through public GitHub issues.
|
||||||
|
|
||||||
|
To report a vulnerability, please email us at security@crewai.com.
|
||||||
|
|
||||||
|
Please include the requested information listed below so that we can triage your report more quickly
|
||||||
|
|
||||||
|
- Type of issue (e.g. SQL injection, cross-site scripting, etc.)
|
||||||
|
- Full paths of source file(s) related to the manifestation of the issue
|
||||||
|
- The location of the affected source code (tag/branch/commit or direct URL)
|
||||||
|
- Any special configuration required to reproduce the issue
|
||||||
|
- Step-by-step instructions to reproduce the issue (please include screenshots if needed)
|
||||||
|
- Proof-of-concept or exploit code (if possible)
|
||||||
|
- Impact of the issue, including how an attacker might exploit the issue
|
||||||
|
|
||||||
|
Once we have received your report, we will respond to you at the email address you provide. If the issue is confirmed, we will release a patch as soon as possible depending on the complexity of the issue.
|
||||||
|
|
||||||
|
At this time, we are not offering a bug bounty program. Any rewards will be at our discretion.
|
||||||
1
.gitignore
vendored
1
.gitignore
vendored
@@ -17,3 +17,4 @@ rc-tests/*
|
|||||||
temp/*
|
temp/*
|
||||||
.vscode/*
|
.vscode/*
|
||||||
crew_tasks_output.json
|
crew_tasks_output.json
|
||||||
|
.dccache
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
import uuid
|
import uuid
|
||||||
from abc import ABC, abstractmethod
|
from abc import ABC, abstractmethod
|
||||||
from copy import copy as shallow_copy
|
from copy import copy as shallow_copy
|
||||||
from hashlib import md5
|
from hashlib import sha256
|
||||||
from typing import Any, Dict, List, Optional, TypeVar
|
from typing import Any, Dict, List, Optional, TypeVar
|
||||||
|
|
||||||
from pydantic import (
|
from pydantic import (
|
||||||
@@ -181,7 +181,7 @@ class BaseAgent(ABC, BaseModel):
|
|||||||
self._original_goal or self.goal,
|
self._original_goal or self.goal,
|
||||||
self._original_backstory or self.backstory,
|
self._original_backstory or self.backstory,
|
||||||
]
|
]
|
||||||
return md5("|".join(source).encode(), usedforsecurity=False).hexdigest()
|
return sha256("|".join(source).encode()).hexdigest()
|
||||||
|
|
||||||
@abstractmethod
|
@abstractmethod
|
||||||
def execute_task(
|
def execute_task(
|
||||||
|
|||||||
@@ -4,7 +4,7 @@ import os
|
|||||||
import uuid
|
import uuid
|
||||||
import warnings
|
import warnings
|
||||||
from concurrent.futures import Future
|
from concurrent.futures import Future
|
||||||
from hashlib import md5
|
from hashlib import sha256
|
||||||
from typing import TYPE_CHECKING, Any, Dict, List, Optional, Tuple, Union
|
from typing import TYPE_CHECKING, Any, Dict, List, Optional, Tuple, Union
|
||||||
|
|
||||||
from pydantic import (
|
from pydantic import (
|
||||||
@@ -388,7 +388,7 @@ class Crew(BaseModel):
|
|||||||
source = [agent.key for agent in self.agents] + [
|
source = [agent.key for agent in self.agents] + [
|
||||||
task.key for task in self.tasks
|
task.key for task in self.tasks
|
||||||
]
|
]
|
||||||
return md5("|".join(source).encode(), usedforsecurity=False).hexdigest()
|
return sha256("|".join(source).encode()).hexdigest()
|
||||||
|
|
||||||
def _setup_from_config(self):
|
def _setup_from_config(self):
|
||||||
assert self.config is not None, "Config should not be None."
|
assert self.config is not None, "Config should not be None."
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ import threading
|
|||||||
import uuid
|
import uuid
|
||||||
from concurrent.futures import Future
|
from concurrent.futures import Future
|
||||||
from copy import copy
|
from copy import copy
|
||||||
from hashlib import md5
|
from hashlib import sha256
|
||||||
from typing import Any, Dict, List, Optional, Set, Tuple, Type, Union
|
from typing import Any, Dict, List, Optional, Set, Tuple, Type, Union
|
||||||
|
|
||||||
from opentelemetry.trace import Span
|
from opentelemetry.trace import Span
|
||||||
@@ -196,7 +196,7 @@ class Task(BaseModel):
|
|||||||
expected_output = self._original_expected_output or self.expected_output
|
expected_output = self._original_expected_output or self.expected_output
|
||||||
source = [description, expected_output]
|
source = [description, expected_output]
|
||||||
|
|
||||||
return md5("|".join(source).encode(), usedforsecurity=False).hexdigest()
|
return sha256("|".join(source).encode()).hexdigest()
|
||||||
|
|
||||||
def execute_async(
|
def execute_async(
|
||||||
self,
|
self,
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
import hashlib
|
from hashlib import sha256
|
||||||
from typing import Any, List, Optional
|
from typing import Any, List, Optional
|
||||||
|
|
||||||
from crewai.agents.agent_builder.base_agent import BaseAgent
|
from crewai.agents.agent_builder.base_agent import BaseAgent
|
||||||
@@ -32,5 +32,5 @@ def test_key():
|
|||||||
goal="test goal",
|
goal="test goal",
|
||||||
backstory="test backstory",
|
backstory="test backstory",
|
||||||
)
|
)
|
||||||
hash = hashlib.md5("test role|test goal|test backstory".encode()).hexdigest()
|
hash = sha256("test role|test goal|test backstory".encode()).hexdigest()
|
||||||
assert agent.key == hash
|
assert agent.key == hash
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
"""Test Agent creation and execution basic functionality."""
|
"""Test Agent creation and execution basic functionality."""
|
||||||
|
|
||||||
import hashlib
|
from hashlib import sha256
|
||||||
import json
|
import json
|
||||||
from concurrent.futures import Future
|
from concurrent.futures import Future
|
||||||
from unittest import mock
|
from unittest import mock
|
||||||
@@ -2328,7 +2328,7 @@ def test_key():
|
|||||||
process=Process.sequential,
|
process=Process.sequential,
|
||||||
tasks=tasks,
|
tasks=tasks,
|
||||||
)
|
)
|
||||||
hash = hashlib.md5(
|
hash = sha256(
|
||||||
f"{researcher.key}|{writer.key}|{tasks[0].key}|{tasks[1].key}".encode()
|
f"{researcher.key}|{writer.key}|{tasks[0].key}|{tasks[1].key}".encode()
|
||||||
).hexdigest()
|
).hexdigest()
|
||||||
|
|
||||||
@@ -2368,7 +2368,7 @@ def test_key_with_interpolated_inputs():
|
|||||||
process=Process.sequential,
|
process=Process.sequential,
|
||||||
tasks=tasks,
|
tasks=tasks,
|
||||||
)
|
)
|
||||||
hash = hashlib.md5(
|
hash = sha256(
|
||||||
f"{researcher.key}|{writer.key}|{tasks[0].key}|{tasks[1].key}".encode()
|
f"{researcher.key}|{writer.key}|{tasks[0].key}|{tasks[1].key}".encode()
|
||||||
).hexdigest()
|
).hexdigest()
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
"""Test Agent creation and execution basic functionality."""
|
"""Test Agent creation and execution basic functionality."""
|
||||||
|
|
||||||
import hashlib
|
from hashlib import sha256
|
||||||
import json
|
import json
|
||||||
import os
|
import os
|
||||||
from unittest.mock import MagicMock, patch
|
from unittest.mock import MagicMock, patch
|
||||||
@@ -819,7 +819,7 @@ def test_key():
|
|||||||
description=original_description,
|
description=original_description,
|
||||||
expected_output=original_expected_output,
|
expected_output=original_expected_output,
|
||||||
)
|
)
|
||||||
hash = hashlib.md5(
|
hash = sha256(
|
||||||
f"{original_description}|{original_expected_output}".encode()
|
f"{original_description}|{original_expected_output}".encode()
|
||||||
).hexdigest()
|
).hexdigest()
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user