fix code injection vuln (#11233)

- **Description:** Fix a code injection vuln by adding one more keyword into the filtering list - **Issue:** N/A - **Dependencies:** N/A - **Tag maintainer:** - **Twitter handle:** Co-authored-by: Eugene Yurtsev <eyurtsev@gmail.com>
9 months ago · 4c97a10bd0
parent aebdb1ad01
commit 4c97a10bd0
1 changed files with 1 additions and 1 deletions
--- a/libs/experimental/langchain_experimental/pal_chain/base.py
+++ b/libs/experimental/langchain_experimental/pal_chain/base.py
@ -20,7 +20,7 @@ from langchain_experimental.pal_chain.colored_object_prompt import COLORED_OBJEC
 from langchain_experimental.pal_chain.math_prompt import MATH_PROMPT
 from langchain_experimental.pydantic_v1 import Extra, Field

-COMMAND_EXECUTION_FUNCTIONS = ["system", "exec", "execfile", "eval"]
+COMMAND_EXECUTION_FUNCTIONS = ["system", "exec", "execfile", "eval", "__import__"]


 class PALValidation: