Skip to content

Harden DocumentDB client: safe URI lookup + conditional TLS cert bypass#6

Draft
Copilot wants to merge 2 commits intomainfrom
copilot/sub-pr-5
Draft

Harden DocumentDB client: safe URI lookup + conditional TLS cert bypass#6
Copilot wants to merge 2 commits intomainfrom
copilot/sub-pr-5

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 19, 2026
edited
Loading

get_client() in all three samples used os.environ["DOCUMENTDB_URI"] (bare KeyError on missing var) and hardcoded tlsAllowInvalidCertificates=True unconditionally, disabling certificate validation even in production deployments.

Changes

  • fraud-detection-agent-py/utils/db.py and clinical-note-similarity-py/utils/db.py

    • Replace os.environ[...] with os.getenv(...) + sys.exit(...) on missing URI
    • Gate tlsAllowInvalidCertificates behind DOCUMENTDB_ALLOW_INVALID_CERTS env flag (consistent with the already-fixed content-semantic-search-py)

  • .env.example (both samples)

    • Remove tlsAllowInvalidCertificates=true from the sample URI
    • Document the new DOCUMENTDB_ALLOW_INVALID_CERTS flag
def get_client() -> MongoClient:
    uri = os.getenv("DOCUMENTDB_URI")
    if not uri:
        sys.exit("Error: DOCUMENTDB_URI environment variable is not set. Please configure it before running.")
    allow_invalid_certs = os.getenv("DOCUMENTDB_ALLOW_INVALID_CERTS", "false").lower() in ("1", "true", "yes")
    if allow_invalid_certs:
        return MongoClient(uri, tlsAllowInvalidCertificates=True)
    return MongoClient(uri)

DOCUMENTDB_ALLOW_INVALID_CERTS defaults to false; set it to true only for local containers with self-signed certificates.

📱 Kick off Copilot coding agent tasks wherever you are with GitHub Mobile, available on iOS and Android.

Copilot AI mentioned this pull request Mar 19, 2026
Merged
@khelanmodi
Fix get_client(): safe URI lookup and gated TLS bypass via DOCUMENTDB…
1daf6a3 
…_ALLOW_INVALID_CERTS

Co-authored-by: khelanmodi <141972056+khelanmodi@users.noreply.github.com>
Copilot AI changed the title [WIP] [WIP] Address feedback on adding 3 more samples Harden DocumentDB client: safe URI lookup + conditional TLS cert bypass Mar 19, 2026
Copilot AI requested a review from khelanmodi March 19, 2026 23:30
Base automatically changed from more-samples to main March 19, 2026 23:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@khelanmodi khelanmodi Awaiting requested review from khelanmodi

Assignees

@khelanmodi khelanmodi

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@khelanmodi