Merge pull request #562 from microsoft/codeql_fix

Roopan-Microsoft · web-flow · commit acd7f18096f4 · 2025-10-14T16:10:37.000+05:30
fix: codeQL issue fix
diff --git a/src/backend/common/config/app_config.py b/src/backend/common/config/app_config.py
@@ -120,9 +120,7 @@ def get_azure_credential(self, client_id=None):
             Credential object: Either DefaultAzureCredential or ManagedIdentityCredential.
         """
         if self.APP_ENV == "dev":
-            return (
-                DefaultAzureCredential()
-            )  # CodeQL [SM05139] Okay use of DefaultAzureCredential as it is only used in development
+            return DefaultAzureCredential()  # CodeQL [SM05139]: DefaultAzureCredential is safe here
         else:
             return ManagedIdentityCredential(client_id=client_id)
 
diff --git a/src/backend/v3/orchestration/orchestration_manager.py b/src/backend/v3/orchestration/orchestration_manager.py
@@ -5,7 +5,6 @@
 import uuid
 from typing import List, Optional
 
-from azure.identity import DefaultAzureCredential as SyncDefaultAzureCredential
 from common.config.app_config import config
 from common.models.messages_kernel import TeamConfiguration
 from semantic_kernel.agents.orchestration.magentic import MagenticOrchestration
@@ -46,7 +45,7 @@ async def init_orchestration(
             max_tokens=4000, temperature=0.1
         )
 
-        credential = SyncDefaultAzureCredential()
+        credential = config.get_azure_credential(client_id=config.AZURE_CLIENT_ID)
 
         def get_token():
             token = credential.get_token("https://cognitiveservices.azure.com/.default")
