github/langchain
1
0
Fork 0
mirror of https://github.com/hwchase17/langchain.git synced 2025-07-05 20:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add more security notes (#11990)

Browse Source 
Add more security notes
This commit is contained in:
Eugene Yurtsev 2023-10-18 15:00:56 -04:00 committed by GitHub
parent 3d81c76160
commit f4bec9686d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 54 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
libs/langchain/langchain/chains/llm_requests.py
View File

@ -15,7 +15,16 @@ DEFAULT_HEADERS = {
class LLMRequestsChain(Chain): class LLMRequestsChain(Chain):
"""Chain that requests a URL and then uses an LLM to parse results.""" """Chain that requests a URL and then uses an LLM to parse results.
**Security Note**: This chain can make GET requests to arbitrary URLs,
including internal URLs.
Control access to who can run this chain and what network access
this chain has.
See https://python.langchain.com/docs/security for more information.
"""
llm_chain: LLMChain llm_chain: LLMChain
requests_wrapper: TextRequestsWrapper = Field( requests_wrapper: TextRequestsWrapper = Field(

13
libs/langchain/langchain/chains/natbot/base.py
View File

@ -16,6 +16,19 @@ from langchain.schema.language_model import BaseLanguageModel
class NatBotChain(Chain): class NatBotChain(Chain):
"""Implement an LLM driven browser. """Implement an LLM driven browser.
**Security Note**: This toolkit provides code to control a web-browser.
The web-browser can be used to navigate to:
- Any URL (including any internal network URLs)
- And local files
Exercise care if exposing this chain to end-users. Control who is able to
access and use this chain, and isolate the network access of the server
that hosts this chain.
See https://python.langchain.com/docs/security for more information.
Example: Example:
.. code-block:: python .. code-block:: python

17
libs/langchain/langchain/chains/natbot/crawler.py
View File

@ -49,7 +49,22 @@ class ElementInViewPort(TypedDict):
class Crawler: class Crawler:
"""A crawler for web pages.""" """A crawler for web pages.
**Security Note**: This is an implementation of a crawler that uses a browser via
Playwright.
This crawler can be used to load arbitrary webpages INCLUDING content
from the local file system.
Control access to who can submit crawling requests and what network access
the crawler has.
Make sure to scope permissions to the minimal permissions necessary for
the application.
See https://python.langchain.com/docs/security for more information.
"""
def __init__(self) -> None: def __init__(self) -> None:
try: try:

15
libs/langchain/langchain/chains/sql_database/query.py
View File

@ -33,6 +33,21 @@ def create_sql_query_chain(
) -> Runnable[Union[SQLInput, SQLInputWithTables], str]: ) -> Runnable[Union[SQLInput, SQLInputWithTables], str]:
"""Create a chain that generates SQL queries. """Create a chain that generates SQL queries.
*Security Note*: This chain generates SQL queries for the given database.
The SQLDatabase class provides a get_table_info method that can be used
to get column information as well as sample data from the table.
To mitigate risk of leaking sensitive data, limit permissions
to read and scope to the tables that are needed.
Optionally, use the SQLInputWithTables input type to specify which tables
are allowed to be accessed.
Control access to who can submit requests to this chain.
See https://python.langchain.com/docs/security for more information.
Args: Args:
llm: The language model to use llm: The language model to use
db: The SQLDatabase to generate the query for db: The SQLDatabase to generate the query for