experimental[patch]: Enhance protection against arbitrary code execution in PALChain (#17091)

- **Description:** Block some ways to trigger arbitrary code execution bug in PALChain. --------- Co-authored-by: Eugene Yurtsev <eyurtsev@gmail.com>
8 months ago · de9a6cdf16
parent 8562a1e7d4
commit de9a6cdf16
1 changed files with 19 additions and 0 deletions
--- a/libs/experimental/langchain_experimental/pal_chain/base.py
+++ b/libs/experimental/langchain_experimental/pal_chain/base.py
@ -21,6 +21,16 @@ from langchain_experimental.pal_chain.math_prompt import MATH_PROMPT
 from langchain_experimental.pydantic_v1 import Extra, Field

 COMMAND_EXECUTION_FUNCTIONS = ["system", "exec", "execfile", "eval", "__import__"]
+COMMAND_EXECUTION_ATTRIBUTES = [
+    "__import__",
+    "__subclasses__",
+    "__builtins__",
+    "__globals__",
+    "__getattribute__",
+    "__bases__",
+    "__mro__",
+    "__base__",
+]


 class PALValidation:
@ -232,6 +242,15 @@ class PALChain(Chain):
            or not code_validations.allow_imports
        ):
            for node in ast.walk(code_tree):
+                if (
+                    not code_validations.allow_command_exec
+                    and isinstance(node, ast.Attribute)
+                    and node.attr in COMMAND_EXECUTION_ATTRIBUTES
+                ):
+                    raise ValueError(
+                        f"Found illegal command execution function "
+                        f"{node.attr} in code {code}"
+                    )
                if (not code_validations.allow_command_exec) and isinstance(
                    node, ast.Call
                ):