github/langchain
1
0
Fork 0
mirror of https://github.com/hwchase17/langchain.git synced 2025-06-21 22:29:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

experimental[patch]: block a few more things from PALValidator (#24379)

Browse Source 
* Please see security warning already in existing class.
* The approach here is fundamentally insecure as it's relying on a block
  approach rather than an approach based on only running allowed nodes.
So users should only use this code if its running from a properly
sandboxed  environment.
This commit is contained in:
Eugene Yurtsev 2024-07-18 08:22:45 -04:00 committed by GitHub
parent 0dec72cab0
commit 6182a402f1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libs/experimental/langchain_experimental/pal_chain/base.py
View File

@ -20,13 +20,21 @@ from langchain_experimental.pal_chain.math_prompt import MATH_PROMPT
from langchain_experimental.pydantic_v1 import Extra, Field, root_validator from langchain_experimental.pydantic_v1 import Extra, Field, root_validator
from langchain_experimental.utilities import PythonREPL from langchain_experimental.utilities import PythonREPL
COMMAND_EXECUTION_FUNCTIONS = ["system", "exec", "execfile", "eval", "__import__"] COMMAND_EXECUTION_FUNCTIONS = [
"system",
"exec",
"execfile",
"eval",
"__import__",
"compile",
]
COMMAND_EXECUTION_ATTRIBUTES = [ COMMAND_EXECUTION_ATTRIBUTES = [
"__import__", "__import__",
"__subclasses__", "__subclasses__",
"__builtins__", "__builtins__",
"__globals__", "__globals__",
"__getattribute__", "__getattribute__",
"__code__",
"__bases__", "__bases__",
"__mro__", "__mro__",
"__base__", "__base__",