mirror of
https://github.com/hwchase17/langchain.git
synced 2025-06-24 15:43:54 +00:00
Add security considerations (#11869)
Add security considerations to existing graph tools.
This commit is contained in:
Eugene Yurtsev
GitHub
parent
201b7ce9af
commit
210a48cfb5
@ -4,7 +4,17 @@ from typing import Any, Dict, List, Optional
|
||||
|
||||
|
||||
class ArangoGraph:
|
||||
"""ArangoDB wrapper for graph operations."""
|
||||
"""ArangoDB wrapper for graph operations.
|
||||
|
||||
*Security note*: Make sure that the database connection uses credentials
|
||||
that are narrowly-scoped to only include necessary permissions.
|
||||
Failure to do so may result in data corruption or loss, since the calling
|
||||
code may attempt commands that would result in deletion, mutation
|
||||
of data if appropriately prompted or reading sensitive data if such
|
||||
data is present in the database.
|
||||
The best way to guard against such negative outcomes is to (as appropriate)
|
||||
limit the permissions granted to the credentials used with this tool.
|
||||
"""
|
||||
|
||||
def __init__(self, db: Any) -> None:
|
||||
"""Create a new ArangoDB graph wrapper instance."""
|
||||
|
||||
@ -33,7 +33,17 @@ RETURN DISTINCT {start: src_label, type: rel_type, end: dst_label} AS output
|
||||
|
||||
|
||||
class FalkorDBGraph(Neo4jGraph):
|
||||
"""FalkorDB wrapper for graph operations."""
|
||||
"""FalkorDB wrapper for graph operations.
|
||||
|
||||
*Security note*: Make sure that the database connection uses credentials
|
||||
that are narrowly-scoped to only include necessary permissions.
|
||||
Failure to do so may result in data corruption or loss, since the calling
|
||||
code may attempt commands that would result in deletion, mutation
|
||||
of data if appropriately prompted or reading sensitive data if such
|
||||
data is present in the database.
|
||||
The best way to guard against such negative outcomes is to (as appropriate)
|
||||
limit the permissions granted to the credentials used with this tool.
|
||||
"""
|
||||
|
||||
def __init__(
|
||||
self, database: str, host: str = "localhost", port: int = 6379
|
||||
|
||||
@ -2,7 +2,17 @@ from typing import Any, Dict, List
|
||||
|
||||
|
||||
class HugeGraph:
|
||||
"""HugeGraph wrapper for graph operations"""
|
||||
"""HugeGraph wrapper for graph operations.
|
||||
|
||||
*Security note*: Make sure that the database connection uses credentials
|
||||
that are narrowly-scoped to only include necessary permissions.
|
||||
Failure to do so may result in data corruption or loss, since the calling
|
||||
code may attempt commands that would result in deletion, mutation
|
||||
of data if appropriately prompted or reading sensitive data if such
|
||||
data is present in the database.
|
||||
The best way to guard against such negative outcomes is to (as appropriate)
|
||||
limit the permissions granted to the credentials used with this tool.
|
||||
"""
|
||||
|
||||
def __init__(
|
||||
self,
|
||||
|
||||
@ -2,7 +2,17 @@ from typing import Any, Dict, List
|
||||
|
||||
|
||||
class KuzuGraph:
|
||||
"""Kùzu wrapper for graph operations."""
|
||||
"""Kùzu wrapper for graph operations.
|
||||
|
||||
*Security note*: Make sure that the database connection uses credentials
|
||||
that are narrowly-scoped to only include necessary permissions.
|
||||
Failure to do so may result in data corruption or loss, since the calling
|
||||
code may attempt commands that would result in deletion, mutation
|
||||
of data if appropriately prompted or reading sensitive data if such
|
||||
data is present in the database.
|
||||
The best way to guard against such negative outcomes is to (as appropriate)
|
||||
limit the permissions granted to the credentials used with this tool.
|
||||
"""
|
||||
|
||||
def __init__(self, db: Any, database: str = "kuzu") -> None:
|
||||
try:
|
||||
|
||||
@ -14,7 +14,17 @@ RETURN *
|
||||
|
||||
|
||||
class MemgraphGraph(Neo4jGraph):
|
||||
"""Memgraph wrapper for graph operations."""
|
||||
"""Memgraph wrapper for graph operations.
|
||||
|
||||
*Security note*: Make sure that the database connection uses credentials
|
||||
that are narrowly-scoped to only include necessary permissions.
|
||||
Failure to do so may result in data corruption or loss, since the calling
|
||||
code may attempt commands that would result in deletion, mutation
|
||||
of data if appropriately prompted or reading sensitive data if such
|
||||
data is present in the database.
|
||||
The best way to guard against such negative outcomes is to (as appropriate)
|
||||
limit the permissions granted to the credentials used with this tool.
|
||||
"""
|
||||
|
||||
def __init__(
|
||||
self, url: str, username: str, password: str, *, database: str = "memgraph"
|
||||
|
||||
@ -17,8 +17,18 @@ RETRY_TIMES = 3
|
||||
|
||||
|
||||
class NebulaGraph:
|
||||
"""NebulaGraph wrapper for graph operations
|
||||
"""NebulaGraph wrapper for graph operations.
|
||||
|
||||
NebulaGraph inherits methods from Neo4jGraph to bring ease to the user space.
|
||||
|
||||
*Security note*: Make sure that the database connection uses credentials
|
||||
that are narrowly-scoped to only include necessary permissions.
|
||||
Failure to do so may result in data corruption or loss, since the calling
|
||||
code may attempt commands that would result in deletion, mutation
|
||||
of data if appropriately prompted or reading sensitive data if such
|
||||
data is present in the database.
|
||||
The best way to guard against such negative outcomes is to (as appropriate)
|
||||
limit the permissions granted to the credentials used with this tool.
|
||||
"""
|
||||
|
||||
def __init__(
|
||||
|
||||
@ -29,7 +29,17 @@ RETURN {start: label, type: property, end: toString(other_node)} AS output
|
||||
|
||||
|
||||
class Neo4jGraph:
|
||||
"""Neo4j wrapper for graph operations."""
|
||||
"""Neo4j wrapper for graph operations.
|
||||
|
||||
*Security note*: Make sure that the database connection uses credentials
|
||||
that are narrowly-scoped to only include necessary permissions.
|
||||
Failure to do so may result in data corruption or loss, since the calling
|
||||
code may attempt commands that would result in deletion, mutation
|
||||
of data if appropriately prompted or reading sensitive data if such
|
||||
data is present in the database.
|
||||
The best way to guard against such negative outcomes is to (as appropriate)
|
||||
limit the permissions granted to the credentials used with this tool.
|
||||
"""
|
||||
|
||||
def __init__(
|
||||
self, url: str, username: str, password: str, database: str = "neo4j"
|
||||
|
||||
@ -38,6 +38,15 @@ class NeptuneGraph:
|
||||
host='<my-cluster>',
|
||||
port=8182
|
||||
)
|
||||
|
||||
*Security note*: Make sure that the database connection uses credentials
|
||||
that are narrowly-scoped to only include necessary permissions.
|
||||
Failure to do so may result in data corruption or loss, since the calling
|
||||
code may attempt commands that would result in deletion, mutation
|
||||
of data if appropriately prompted or reading sensitive data if such
|
||||
data is present in the database.
|
||||
The best way to guard against such negative outcomes is to (as appropriate)
|
||||
limit the permissions granted to the credentials used with this tool.
|
||||
"""
|
||||
|
||||
def __init__(
|
||||
|
||||
@ -47,7 +47,17 @@ def get_entities(entity_str: str) -> List[str]:
|
||||
|
||||
|
||||
class NetworkxEntityGraph:
|
||||
"""Networkx wrapper for entity graph operations."""
|
||||
"""Networkx wrapper for entity graph operations.
|
||||
|
||||
*Security note*: Make sure that the database connection uses credentials
|
||||
that are narrowly-scoped to only include necessary permissions.
|
||||
Failure to do so may result in data corruption or loss, since the calling
|
||||
code may attempt commands that would result in deletion, mutation
|
||||
of data if appropriately prompted or reading sensitive data if such
|
||||
data is present in the database.
|
||||
The best way to guard against such negative outcomes is to (as appropriate)
|
||||
limit the permissions granted to the credentials used with this tool.
|
||||
"""
|
||||
|
||||
def __init__(self, graph: Optional[Any] = None) -> None:
|
||||
"""Create a new graph."""
|
||||
|
||||
@ -87,13 +87,22 @@ dp_query_owl = (
|
||||
|
||||
|
||||
class RdfGraph:
|
||||
"""
|
||||
RDFlib wrapper for graph operations.
|
||||
"""RDFlib wrapper for graph operations.
|
||||
|
||||
Modes:
|
||||
* local: Local file - can be queried and changed
|
||||
* online: Online file - can only be queried, changes can be stored locally
|
||||
* store: Triple store - can be queried and changed if update_endpoint available
|
||||
Together with a source file, the serialization should be specified.
|
||||
|
||||
*Security note*: Make sure that the database connection uses credentials
|
||||
that are narrowly-scoped to only include necessary permissions.
|
||||
Failure to do so may result in data corruption or loss, since the calling
|
||||
code may attempt commands that would result in deletion, mutation
|
||||
of data if appropriately prompted or reading sensitive data if such
|
||||
data is present in the database.
|
||||
The best way to guard against such negative outcomes is to (as appropriate)
|
||||
limit the permissions granted to the credentials used with this tool.
|
||||
"""
|
||||
|
||||
def __init__(
|
||||
|
||||
Loading…
Reference in New Issue
Block a user