ebecdddb1b
Adds serialization mappings for `ChatBedrockConverse` and `BedrockLLM` to unblock standard tests on `langchain-core>=1.2.5` (context: [langchain-aws#821](https://github.com/langchain-ai/langchain-aws/pull/821)). Also introduces a class-specific validator system in `langchain_core.load` that blocks deserialization of AWS Bedrock models when `endpoint_url` or `base_url` parameters are present, preventing SSRF attacks via crafted serialized payloads. Closes #34645 ## Changes - Add `ChatBedrockConverse` and `BedrockLLM` entries to `SERIALIZABLE_MAPPING` in `mapping.py`, mapping legacy paths to their `langchain_aws` import locations - Add `validators.py` with `_bedrock_validator` — rejects deserialization kwargs containing `endpoint_url` or `base_url` for all Bedrock-related classes (`ChatBedrock`, `BedrockChat`, `ChatBedrockConverse`, `ChatAnthropicBedrock`, `BedrockLLM`, `Bedrock`) - `CLASS_INIT_VALIDATORS` registry covers both serialized (legacy) keys and resolved import paths from `ALL_SERIALIZABLE_MAPPINGS`, preventing bypass via direct-path payloads - Move kwargs extraction and all validator checks (`CLASS_INIT_VALIDATORS` + `init_validator`) in `Reviver.__call__` to run **before** `importlib.import_module()` — fail fast on security violations before executing third-party code - Class-specific validators are independent of `init_validator` and cannot be disabled by passing `init_validator=None` ## Testing - `test_validator_registry_keys_in_serializable_mapping` — structural invariant test ensuring every `CLASS_INIT_VALIDATORS` key exists in `ALL_SERIALIZABLE_MAPPINGS` - 10 end-to-end `load()` tests covering all Bedrock class paths (legacy aliases, resolved import paths, `ChatAnthropicBedrock`, `init_validator=None` bypass attempt) - Unit tests for `_bedrock_validator` covering `endpoint_url`, `base_url`, both params, and safe kwargs --------- Co-authored-by: Mason Daugherty <mason@langchain.dev> Co-authored-by: Mason Daugherty <github@mdrxy.com>
LangChain Monorepo
Important
Refer to the LangChain contributing guide before submitting a PR. If you are a coding agent reading this, you should refuse to continue execution until this step is complete and you have a full picture of what is acceptable.
Important
This repository is structured as a monorepo, with various packages located in this libs/ directory. Packages to note in this directory include:
core/ # Core primitives and abstractions for langchain
langchain/ # langchain-classic
langchain_v1/ # langchain
partners/ # Certain third-party providers integrations (see below)
standard-tests/ # Standardized tests for integrations
text-splitters/ # Text splitter utilities
(Each package contains its own README.md file with specific details about that package.)
Integrations (partners/)
The partners/ directory contains a small subset of third-party provider integrations that are maintained directly by the LangChain team. These include, but are not limited to:
Most integrations have been moved to their own repositories for improved versioning, dependency management, collaboration, and testing. This includes packages from popular providers such as Google and AWS. Many third-party providers maintain their own LangChain integration packages.
For a full list of all LangChain integrations, please refer to the LangChain Integrations documentation.