Hugging Face's logo

Spaces:
smolagents
/
ml-intern
Running on CPU Upgrade

App Files Community
33
ml-intern
File size: 2,094 Bytes
2a2e170
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
"""Tests for the secret scrubber used before session upload."""

from agent.core.redact import scrub, scrub_string


def test_hf_token():
    s = "here is a token hf_" + "A" * 35 + " ok"
    out = scrub_string(s)
    assert "hf_" not in out
    assert "[REDACTED_HF_TOKEN]" in out


def test_anthropic_key():
    s = "key=sk-ant-api03_" + "a" * 40
    out = scrub_string(s)
    # The env-var name prefix matches too; just verify we don't leave the body.
    assert "sk-ant-api03_" not in out


def test_github_token():
    s = "ghp_" + "a" * 40
    out = scrub_string(s)
    assert out == "[REDACTED_GITHUB_TOKEN]"


def test_github_fine_grained_pat():
    # Fine-grained PATs: github_pat_<alphanumeric + underscore>, 36+ chars
    s = "github_pat_" + "A1B2_" * 10
    out = scrub_string(s)
    assert "github_pat_" not in out
    assert "[REDACTED_GITHUB_TOKEN]" in out


def test_aws_key_id():
    s = "AWS_ACCESS_KEY_ID=AKIAABCDEFGHIJKLMNOP"
    out = scrub_string(s)
    assert "AKIAABCDEFGHIJKLMNOP" not in out


def test_bearer_header():
    s = "Authorization: Bearer abcdef0123456789abcdef0123456789"
    out = scrub_string(s)
    assert "abcdef0123456789abcdef0123456789" not in out
    assert "Bearer [REDACTED]" in out


def test_env_var_style():
    s = "HF_TOKEN=hf_" + "x" * 40 + " run"
    out = scrub_string(s)
    # Either the value-scrubber or the HF-token regex should fire.
    assert "hf_xxxx" not in out


def test_scrub_nested_dict_and_list():
    payload = {
        "msg": "token hf_" + "Z" * 35,
        "tools": [
            {"args": {"secret": "ghp_" + "Q" * 40}},
            "no secrets here",
        ],
        "n": 42,
    }
    out = scrub(payload)
    # Original not mutated
    assert "hf_" in payload["msg"]
    # Redacted copy
    assert "[REDACTED_HF_TOKEN]" in out["msg"]
    assert out["tools"][0]["args"]["secret"] == "[REDACTED_GITHUB_TOKEN]"
    assert out["tools"][1] == "no secrets here"
    assert out["n"] == 42


def test_scrub_preserves_non_strings():
    assert scrub(None) is None
    assert scrub(123) == 123
    assert scrub(True) is True