experimental[major]: CVE-2024-46946 fix

libs/experimental/langchain_experimental/llm_symbolic_math/base.py

@@ -66,7 +66,52 @@ def _evaluate_expression(self, expression: str) -> str:
                 "Unable to import sympy, please install it with `pip install sympy`."
             ) from e
         try:
-            output = str(sympy.sympify(expression, evaluate=True))
+            allowed_symbols = {
+                # Basic arithmetic and trigonometry
+                "sin": sympy.sin,
+                "cos": sympy.cos,
+                "tan": sympy.tan,
+                "cot": sympy.cot,
+                "sec": sympy.sec,
+                "csc": sympy.csc,
+                "asin": sympy.asin,
+                "acos": sympy.acos,
+                "atan": sympy.atan,
+                # Hyperbolic functions
+                "sinh": sympy.sinh,
+                "cosh": sympy.cosh,
+                "tanh": sympy.tanh,
+                "asinh": sympy.asinh,
+                "acosh": sympy.acosh,
+                "atanh": sympy.atanh,
+                # Exponentials and logarithms
+                "exp": sympy.exp,
+                "log": sympy.log,
+                "ln": sympy.log,  # natural log (alias)
+                "log10": sympy.log,  # log base 10 (use sympy.log)
+                # Powers and roots
+                "sqrt": sympy.sqrt,
+                "cbrt": lambda x: sympy.Pow(x, sympy.Rational(1, 3)),
+                # Combinatorics and other math functions
+                "factorial": sympy.factorial,
+                "binomial": sympy.binomial,
+                "gcd": sympy.gcd,
+                "lcm": sympy.lcm,
+                "abs": sympy.Abs,
+                "sign": sympy.sign,
+                "mod": sympy.Mod,
+                # Constants
+                "pi": sympy.pi,
+                "e": sympy.E,
+                "I": sympy.I,
+                "oo": sympy.oo,
+                "NaN": sympy.nan,
+            }
+
+            # Use parse_expr with strict settings
+            output = str(
+                sympy.parse_expr(expression, local_dict=allowed_symbols, evaluate=True)
+            )
         except Exception as e:
             raise ValueError(
                 f'LLMSymbolicMathChain._evaluate("{expression}") raised error: {e}.'

libs/experimental/tests/unit_tests/test_llm_symbolic_math.py

@@ -34,6 +34,9 @@ def fake_llm_symbolic_math_chain() -> LLMSymbolicMathChain:
             question="What are the solutions to this equation x**2 - x?"
         ): "```text\nsolveset(x**2 - x, x)\n```",
         _PROMPT_TEMPLATE.format(question="foo"): "foo",
+        _PROMPT_TEMPLATE.format(
+            question="__import__('os').system('rm -rf /')"
+        ): "__import__('os').system('rm -rf /')",
     }
     fake_llm = FakeLLM(queries=queries)
     return LLMSymbolicMathChain.from_llm(fake_llm, input_key="q", output_key="a")
@@ -80,3 +83,15 @@ def test_error(fake_llm_symbolic_math_chain: LLMSymbolicMathChain) -> None:
     """Test question that raises error."""
     with pytest.raises(ValueError):
         fake_llm_symbolic_math_chain.run("foo")
+
+
+def test_security_vulnerability(
+    fake_llm_symbolic_math_chain: LLMSymbolicMathChain,
+) -> None:
+    """Test for potential security vulnerability with malicious input."""
+    # Example of a code injection attempt
+    malicious_input = "__import__('os').system('rm -rf /')"
+
+    # Run the chain with the malicious input and ensure it raises an error
+    with pytest.raises(ValueError):
+        fake_llm_symbolic_math_chain.run(malicious_input)