fix: check if whitelisted lib is actually exists in the additional deps #1499
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
👍 Looks good to me! Reviewed everything up to 7fe07fa in 43 seconds
More details
- Looked at
58lines of code in2files - Skipped
0files when reviewing. - Skipped posting
2drafted comments based on config settings.
1. tests/unit_tests/pipelines/smart_datalake/test_code_cleaning.py:309
- Draft comment:
Consider adding a test to verify that non-whitelisted libraries are not added to_additional_dependencies. This ensures that the security measure is functioning correctly. - Reason this comment was not posted:
Confidence changes required:50%
The PR modifies the_check_importsmethod to ensure that only whitelisted libraries are added to_additional_dependencies. The testtest_custom_whitelisted_dependencieschecks this behavior by asserting that a custom whitelisted library is added to_additional_dependencies. However, the test does not verify that non-whitelisted libraries are not added, which is crucial for security.
2. pandasai/pipelines/chat/code_cleaning.py:632
- Draft comment:
The error message can be improved for clarity and conciseness.
f"Library '{library}' is not whitelisted. "
- Reason this comment was not posted:
Comment was on unchanged code.
Workflow ID: wflow_4WXEpaoHtpmCvqAY
You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1499 +/- ##
==========================================
- Coverage 78.57% 78.56% -0.01%
==========================================
Files 158 158
Lines 6323 6322 -1
==========================================
- Hits 4968 4967 -1
Misses 1355 1355 ☔ View full report in Codecov by Sentry. |
gventuri
added a commit
that referenced
this pull request
Jan 8, 2025
* fix: fixed duplicate export dynamics (#1399) * chore: minor updates in the README (#1400) * docs: update library.mdx (#1406) Add 's' in the end of keyword "clarification_question" agent.clarification_question('What is the GDP of the United States?') * fix[#1415]: using torch 2.2.0 in macOS x86_64 (#1417) * Add /app to PYTHONPATH * fix for issue #1415 --------- Co-authored-by: Giuseppe Coco <giuseppe.coco@besharp.it> * chore: add /app to PYTHONPATH (#1416) Co-authored-by: Giuseppe Coco <giuseppe.coco@besharp.it> * docs: update llms.mdx (#1410) Add documentation of how to use pandasai.json file * fix[output_format]: accept dataframe dict as output and secure sql qu… (#1432) * fix[output_format]: accept dataframe dict as output and secure sql query execution * fix: ruff errors * chore[Security]: restrict libs to allow specific functionalities (#1429) * chore[Security]: restrict libs to allow specific functionalities * remove: extra lib handling * fix: ruff errors * fix: error message for bad import * fix: add io library in the blacklist * docs: update docs about customer whitelisted dependencies * Release v2.4.0 * fix: update last_code_generated in smart_dataframe's __init__.py (#1484) In SmartDataframe class the last_code_generated property returned _agent.last_code_executed instead of _agent.last_code_generated. In SmartDatalake it is implemented properly. Co-authored-by: Bence Kecskés <bence.public@outlook.hu> * Release v2.4.1 * fix: docker-compose-npm-error (#1486) -Simplified the type of children to just React.ReactNode, which is the standard type for React components' children prop. * fix: remove plt.show if exists in the generated code (#1501) * fix: make seaborn as an optional dependency (#1500) * fix: make seaborn as an optional dependency * fix: linting errors * fix: check if whitelisted lib is actually exists in the additional deps (#1499) * feat(security): add security config to disable it (#1498) * feat(security): add security config to disable it * fix: linting errors * fix(safety): push exact match for get attributes * add additional test case * fix: test case * fix: linting errors * fix: linting errors * docs(config): update config doc to add new config attribute * Release v2.4.2 * fix(test_cases): handle and clean test cases of pandasai * ruff changes * add poetry lock file * fix github ci workflow * fix: extension deps installation * fix: github workflows * fix: unnecessary comments * fix: ruff errors * fix: ruff errors * fix: typos * fix ci yml file * fix: ci * fix make file for hardcoded env * fix make file for hardcoded env * fix make file for hardcoded env * fix make file for hardcoded env * fix: imports in extensions * fix(testcases): extension test cases fixed * fix: ci clear cache and suggested improvements * clean up before running CI * fix ci pipeline * fix ci pipeline * fix ci pipeline * fix ci pipeline * fix ci pipeline * fix: ci * fix: ci * fix: ci * fix github bug * fix: CI * fix: CI * fix: test case on windows * fix: test case on windows * fix: test case on windows * fix: test case on windows * fix: CI * feat(biqquery): add test cases for big query connector * fix env issue of pandas not found * fix: ci use pyproject * fix: lock file --------- Co-authored-by: AlessandroMarc <52158784+AlessandroMarc@users.noreply.github.com> Co-authored-by: Smoothengineer <160827599+Smoothengineer@users.noreply.github.com> Co-authored-by: Muhammad Adam <118662764+Muhammad-Adam1@users.noreply.github.com> Co-authored-by: giuseppe-coco <76009241+giuseppe-coco@users.noreply.github.com> Co-authored-by: Giuseppe Coco <giuseppe.coco@besharp.it> Co-authored-by: Gabriele Venturi <lele.venturi@gmail.com> Co-authored-by: bencekecskes <bence.most@outlook.hu> Co-authored-by: Bence Kecskés <bence.public@outlook.hu> Co-authored-by: Charis Nikolaidis <Ncharis97@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Important
Fix
_check_importsincode_cleaning.pyto ensure libraries are whitelisted before adding to_additional_dependencies, and update test to verify this.code_cleaning.py,_check_importsnow checks if a library is inWHITELISTED_LIBRARIESorcustom_whitelisted_dependenciesbefore adding to_additional_dependencies.test_code_cleaning.py,test_custom_whitelisted_dependenciesnow verifies thatmy_custom_libraryis added to_additional_dependencieswhen whitelisted.This description was created by
for 7fe07fa. It will automatically update as commits are pushed.