test: unskip qa_headless.py linter tests

[mamadoudicko]

Description

Unskip qa_headless.py linter tests

Screen.Recording.2023-08-25.at.12.39.29.mov

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Aug 25, 2023 10:39am
quivrapp	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Aug 25, 2023 10:39am

[github-actions]

Risk Level 3 - /home/runner/work/quivr/quivr/backend/routes/chat_routes.py

1. The delete_chat_from_db function is catching all exceptions and simply printing them. This is not a good practice as it can lead to silent failures. Instead, consider logging the exceptions and re-throwing them or handling them appropriately. For example:

try:
    supabase_db.delete_chat_history(chat_id)
except Exception as e:
    logger.error(e)
    raise

2. The check_user_requests_limit function is using os.getenv to get the MAX_REQUESTS_NUMBER environment variable. This is fine, but it would be better to use a configuration file or a dedicated configuration management system to manage your application's configuration. This would make your code cleaner and easier to manage.

3. The create_question_handler and create_stream_question_handler functions are retrieving the user's OpenAI API key from the request headers. This is a potential security risk as it exposes the API key in the request headers. Consider using a more secure method to transmit the API key, such as using HTTPS and storing the API key in a secure cookie or in the request body encrypted.

4. The create_question_handler and create_stream_question_handler functions are also directly assigning the API key to the current_user object. This is a potential security risk as it exposes the API key in the application's memory. Consider using a secure method to store the API key in memory, such as using a secure memory storage library.

---

Risk Level 4 - /home/runner/work/quivr/quivr/backend/llm/qa_headless.py

1. API keys are being handled in plain text which is a security risk. Consider using environment variables or a secure vault service to store sensitive information.

2. Avoid using print statements for debugging. Consider using a logger for a more robust solution.

3. The _determine_streaming method is redundant as it simply returns the input argument. Consider removing this method.

4. The _determine_callback_array method could be simplified. If streaming is True, return [AsyncIteratorCallbackHandler()], else return [].

Example:

    def _determine_callback_array(self, streaming: bool) -> List[AsyncIteratorCallbackHandler]:
        return [AsyncIteratorCallbackHandler()] if streaming else []

5. The generate_answer method is quite long and complex. Consider breaking it down into smaller, more manageable methods.

---

🔒🔧📚

---

Powered by Code Review GPT