Add more security notes (#11990)

Add more security notes

libs/langchain/langchain/chains/llm_requests.py

@@ -15,7 +15,16 @@ DEFAULT_HEADERS = {
 
 
 class LLMRequestsChain(Chain):
-    """Chain that requests a URL and then uses an LLM to parse results."""
+    """Chain that requests a URL and then uses an LLM to parse results.
+
+    **Security Note**: This chain can make GET requests to arbitrary URLs,
+        including internal URLs.
+
+        Control access to who can run this chain and what network access
+        this chain has.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
 
     llm_chain: LLMChain
     requests_wrapper: TextRequestsWrapper = Field(

libs/langchain/langchain/chains/natbot/base.py

@@ -16,6 +16,19 @@ from langchain.schema.language_model import BaseLanguageModel
 class NatBotChain(Chain):
     """Implement an LLM driven browser.
 
+    **Security Note**: This toolkit provides code to control a web-browser.
+
+        The web-browser can be used to navigate to:
+
+        - Any URL (including any internal network URLs)
+        - And local files
+
+        Exercise care if exposing this chain to end-users. Control who is able to
+        access and use this chain, and isolate the network access of the server
+        that hosts this chain.
+
+        See https://python.langchain.com/docs/security for more information.
+
     Example:
         .. code-block:: python
 

libs/langchain/langchain/chains/natbot/crawler.py

@@ -49,7 +49,22 @@ class ElementInViewPort(TypedDict):
 
 
 class Crawler:
-    """A crawler for web pages."""
+    """A crawler for web pages.
+
+    **Security Note**: This is an implementation of a crawler that uses a browser via
+        Playwright.
+
+        This crawler can be used to load arbitrary webpages INCLUDING content
+        from the local file system.
+
+        Control access to who can submit crawling requests and what network access
+        the crawler has.
+
+        Make sure to scope permissions to the minimal permissions necessary for
+        the application.
+
+        See https://python.langchain.com/docs/security for more information.
+    """
 
     def __init__(self) -> None:
         try:

libs/langchain/langchain/chains/sql_database/query.py

@@ -33,6 +33,21 @@ def create_sql_query_chain(
 ) -> Runnable[Union[SQLInput, SQLInputWithTables], str]:
     """Create a chain that generates SQL queries.
 
+    *Security Note*: This chain generates SQL queries for the given database.
+
+        The SQLDatabase class provides a get_table_info method that can be used
+        to get column information as well as sample data from the table.
+
+        To mitigate risk of leaking sensitive data, limit permissions
+        to read and scope to the tables that are needed.
+
+        Optionally, use the SQLInputWithTables input type to specify which tables
+        are allowed to be accessed.
+
+        Control access to who can submit requests to this chain.
+
+        See https://python.langchain.com/docs/security for more information.
+
     Args:
         llm: The language model to use
         db: The SQLDatabase to generate the query for