mirror of
https://github.com/hwchase17/langchain.git
synced 2026-03-18 11:07:36 +00:00
6335968237
## Summary - Fixes [CodeQL alert #43](https://github.com/langchain-ai/langchain/security/code-scanning/43) (CWE-20: incomplete URL substring sanitization) - Replaces `"azure.com" in url` substring check with `urlparse`-based hostname validation to prevent bypass via crafted URLs (e.g., `https://evil-azure.com`, `https://example.com/azure.com`) - Adds bypass-attempt test cases to the existing Azure endpoint detection tests ## Why The substring check `"azure.com" in url` matches URLs where `azure.com` appears anywhere in the string, not just in the hostname. An attacker-controlled endpoint like `https://evil-azure.com` or `https://example.com/azure.com` would incorrectly trigger the Azure code path. Using `urlparse` to extract and validate the hostname is the standard fix per CodeQL guidance. ## Test plan - [x] Existing Azure endpoint detection tests pass - [x] New negative test cases for bypass attempts pass - [x] `uv run pytest tests/unit_tests/test_chat_models.py -k azure` — 6/6 passing > [!NOTE] > This PR was authored with assistance from an AI agent (Claude Code). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
langchain-deepseek
Looking for the JS/TS version? Check out LangChain.js.
Quick Install
pip install langchain-deepseek
🤔 What is this?
This package contains the LangChain integration with DeepSeek.
📖 Documentation
For full documentation, see the API reference. For conceptual guides, tutorials, and examples on using these classes, see the LangChain Docs.
📕 Releases & Versioning
See our Releases and Versioning policies.
💁 Contributing
As an open-source project in a rapidly developing field, we are extremely open to contributions, whether it be in the form of a new feature, improved infrastructure, or better documentation.
For detailed information on how to contribute, see the Contributing Guide.