Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Python: Use a Jinja2 sandboxed env to prevent running unsafe code. (m…
…icrosoft#6163) ### Motivation and Context The `Jinja2PromptTemplate` allows users to integrate `Jinja2` as `Prompt engine` within a `semantic-kernel` structure LLM application. Nevertheless, `Jinja2PromptTemplate` directly takes **sandbox-less** `jinja2.Environment` as `Jinja2 Environment`, allowing attackers to escape and call arbitrary `__builtins__` methods such as `os.Popen`, resulting possible RCE or further exploitations. <!-- Thank you for your contribution to the semantic-kernel repo! Please help reviewers and future users, providing the following information: 1. Why is this change required? 2. What problem does it solve? 3. What scenario does it contribute to? 4. If it fixes an open issue, please link to the issue here. --> ### Description This PR fixes this by implementing a SandboxedEnvironment to prevent users from being able to run malicious code. - All tests passing. <!-- Describe your changes, the overall approach, the underlying design. These notes will help understanding how your code works. Thanks! --> ### Contribution Checklist <!-- Before submitting this PR, please make sure: --> - [X] The code builds clean without any errors or warnings - [X] The PR follows the [SK Contribution Guidelines](https:/microsoft/semantic-kernel/blob/main/CONTRIBUTING.md) and the [pre-submission formatting script](https:/microsoft/semantic-kernel/blob/main/CONTRIBUTING.md#development-scripts) raises no violations - [X] All unit tests pass, and I have added new tests where possible - [X] I didn't break anyone 😄
- Loading branch information