This repository was archived by the owner on Feb 5, 2026. It is now read-only.
Conversation
Jack-Q
approved these changes
Jan 27, 2026
liqul
added a commit
to liqul/TaskWeaverFork
that referenced
this pull request
Feb 3, 2026
# Summary of Security Improvements ## 1. Strengthened AST Validation (code_verification.py) - Added DANGEROUS_BUILTINS constant listing security-sensitive functions/attributes - Enhanced visit_Call() to detect: - Subscript-based function calls (e.g., obj["method"]()) - Chained calls for dynamic resolution (e.g., getattr(obj, 'method')()) - Unrecognized call patterns - Dangerous builtin functions - Added visit_Subscript() to detect dictionary-based dunder access (e.g., obj["__class__"]) - Added visit_Attribute() to detect direct dangerous attribute access (e.g., obj.__class__) ## 2. Updated Default Blocklist (code_interpreter.py) Added these dangerous functions to the default blocked list: - getattr, setattr, delattr - vars, globals, locals - __getattribute__, __setattr__, __delattr__ ## 3. Code Verification Enabled by Default for Local Mode (code_interpreter.py) - Code verification is now automatically enabled when running in local mode - A warning is logged to inform users about the security implications - Users can still explicitly disable it, but this is discouraged ## 4. Security Guidance in Code Generator Prompt (code_generator_prompt.yaml & code_generator.py) Added explicit security guidelines that instruct the LLM to: - Never use dangerous functions like eval(), exec(), getattr(), etc. - Never access dunder attributes - Never execute shell commands unless required - Refuse requests that attempt to bypass security - The security requirements are included in the prompt when code verification is enabled ## 5. New Unit Tests (test_code_verification.py) Added comprehensive tests for: - Dynamic attribute access (getattr, setattr, delattr) - globals() and locals() blocking - Dunder attribute access (__class__, __bases__) - Subscript-based dunder access - Subscript-based function call bypass patterns - vars() function blocking
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary of Security Improvements
1. Strengthened AST Validation (code_verification.py)
2. Updated Default Blocklist (code_interpreter.py)
Added these dangerous functions to the default blocked list:
3. Code Verification Enabled by Default for Local Mode (code_interpreter.py)
4. Security Guidance in Code Generator Prompt (code_generator_prompt.yaml & code_generator.py)
Added explicit security guidelines that instruct the LLM to:
5. New Unit Tests (test_code_verification.py)
Added comprehensive tests for: