github/langchain
1
0
Fork 0
mirror of https://github.com/hwchase17/langchain.git synced 2025-08-07 20:15:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
eugene/why_transition_2
langchain/libs/experimental/tests/unit_tests
History
mercyspirit 0414be4b80
experimental[major]: CVE-2024-46946 fix (#26783) 
Description: Resolve CVE-2024-46946 by switching out sympify with
parse_expr with a very specific allowed set of operations.

https://nvd.nist.gov/vuln/detail/cve-2024-46946

Sympify uses eval which makes it vulnerable to code execution.
parse_expr is limited to specific expressions.

Bandit results

![image](https://github.com/user-attachments/assets/170a6376-7028-4e70-a7ef-9acfb49c1d8a)

---------

Co-authored-by: aqiu7 <aqiu7@gatech.edu>
Co-authored-by: Eugene Yurtsev <eugene@langchain.dev>
Co-authored-by: Eugene Yurtsev <eyurtsev@gmail.com>
2024-09-24 21:37:56 +00:00
..
agents experimental[major]: Force users to opt-in into code that relies on the python repl (#22860) 2024-06-13 15:41:24 -04:00
chat_models infra: rm unused # noqa violations (#22049) 2024-05-22 15:21:08 -07:00
python infra: rm unused # noqa violations (#22049) 2024-05-22 15:21:08 -07:00
rl_chain experimental[patch]: refactor rl chain structure (#25398) 2024-08-14 17:09:43 +00:00
__init__.py black formatting 2023-09-11 13:33:43 -04:00
conftest.py infra: update mypy 1.10, ruff 0.5 (#23721) 2024-07-03 10:33:27 -07:00
fake_llm.py multiple: pydantic 2 compatibility, v0.3 (#26443) 2024-09-13 14:38:45 -07:00
test_bash.py infra: update mypy 1.10, ruff 0.5 (#23721) 2024-07-03 10:33:27 -07:00
test_data_anonymizer.py langchain-experimental: Add allow_list support in experimental/data_anonymizer (#11597) 2023-10-11 14:50:41 -07:00
test_imports.py experimental[patch]: Fix import test (#24672) 2024-07-25 22:14:40 -04:00
test_llm_bash.py infra: add print rule to ruff (#16221) 2024-02-09 16:13:30 -08:00
test_llm_symbolic_math.py experimental[major]: CVE-2024-46946 fix (#26783) 2024-09-24 21:37:56 +00:00
test_logical_fallacy.py infra: update mypy 1.10, ruff 0.5 (#23721) 2024-07-03 10:33:27 -07:00
test_mock.py
test_ollama_functions.py multiple: pydantic 2 compatibility, v0.3 (#26443) 2024-09-13 14:38:45 -07:00
test_pal.py infra: update mypy 1.10, ruff 0.5 (#23721) 2024-07-03 10:33:27 -07:00
test_python.py experimental: clean python repl input(experimental:Added code for PythonREPL) (#20930) 2024-05-01 05:19:09 +00:00
test_reversible_data_anonymizer.py langchain-experimental: Add allow_list support in experimental/data_anonymizer (#11597) 2023-10-11 14:50:41 -07:00
test_smartllm.py infra: update mypy 1.10, ruff 0.5 (#23721) 2024-07-03 10:33:27 -07:00
test_sql.py multiple: pydantic 2 compatibility, v0.3 (#26443) 2024-09-13 14:38:45 -07:00
test_text_splitter.py fix[experimental]: Fix text splitter with gradient (#26629) 2024-09-20 23:35:50 +00:00
test_tot.py core[patch], langchain[patch]: fix required deps (#14373) 2023-12-07 14:24:58 -08:00