Skip to content

Fix calling key with access to model alias #13830

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Aug 23, 2025
Merged

Fix calling key with access to model alias #13830

merged 8 commits into from
Aug 23, 2025

Conversation

krrishdholakia
Copy link
Contributor

Title

Relevant issues

Fixes #13310

Pre-Submission checklist

Please complete all items before asking a LiteLLM maintainer to review your PR

  • I have Added testing in the tests/litellm/ directory, Adding at least 1 test is a hard requirement - see details
  • I have added a screenshot of my new test passing locally
  • My PR passes all unit tests on make test-unit
  • My PR's scope is as isolated as possible, it only solves 1 specific problem

Type

🆕 New Feature
🐛 Bug Fix
🧹 Refactoring
📖 Documentation
🚄 Infrastructure
✅ Test

Changes

@vercel Vercel
Copy link

vercel bot commented Aug 20, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
litellm Ready Ready Preview Comment Aug 23, 2025 7:12pm

@cursor Cursor
Copy link

cursor bot commented Aug 20, 2025

🚨 Bugbot Trial Expired

Your Bugbot trial has expired. Please purchase a license in the Cursor dashboard to continue using Bugbot.

github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 20, 2025
View reviewed changes
litellm/proxy/auth/auth_checks.py
verbose_proxy_logger.exception(
"Error getting team membership for user_id: %s, team_id: %s",
user_id,
team_id,

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

This expression logs sensitive data (password) as clear text.

Copilot Autofix

AI about 1 month ago

To fix the problem, we should avoid logging the raw value of team_id in the exception message. Instead, we can log a generic error message or, if necessary, log only non-sensitive context (such as the presence of a failure, not the actual ID). If more context is needed for debugging, consider hashing or redacting the identifier, or logging only that an error occurred for a given user without specifying the team ID. The change should be made in the get_team_membership function in litellm/proxy/auth/auth_checks.py, specifically in the block where the exception is logged (lines 554-558). Only the log message and arguments need to be changed; no new imports or methods are required.

Suggested changeset 1
litellm/proxy/auth/auth_checks.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/litellm/proxy/auth/auth_checks.py b/litellm/proxy/auth/auth_checks.py
--- a/litellm/proxy/auth/auth_checks.py
+++ b/litellm/proxy/auth/auth_checks.py
@@ -552,9 +552,8 @@
         return _response
     except Exception:
         verbose_proxy_logger.exception(
-            "Error getting team membership for user_id: %s, team_id: %s",
+            "Error getting team membership for user_id: %s",
             user_id,
-            team_id,
         )
         return None
 
EOF
@@ -552,9 +552,8 @@
return _response
except Exception:
verbose_proxy_logger.exception(
"Error getting team membership for user_id: %s, team_id: %s",
"Error getting team membership for user_id: %s",
user_id,
team_id,
)
return None

Copilot is powered by AI and may make mistakes. Always verify output.
@krrishdholakia krrishdholakia merged commit a5b12c9 into main Aug 23, 2025
9 of 11 checks passed
@krrishdholakia krrishdholakia deleted the litellm_dev_08_20_2025_p1 branch August 23, 2025 19:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug]: Model Alias Resolution Causes Permission Check Failure
1 participant
@krrishdholakia