SQL block potential harmful commands

[Uranium2]

Description:
This PR aims to give a bit more control on the commands executed by the SQLDatabase. At the moment, if you ask "Drop the table X in database Y" with SQLDatabaseChain, it will generate code to drop the table that will be run by SQLDatabase. Today no checks are made on the commands in SQLDatabase, it's free real estate.

Ideally, rights on user must be set to perform or not this kind of action on the database. In real life, lot of people use full rights. To prevent this I added a feature that could, if provided a list of restricted actions, stop the execution of the SQL query.

It will raise a PermissionError when restricted keywords are in the command for SQLDatabase

Key Changes:

• Add a new argument to SQLDatabase class named restricted_keywords
• Add a new method to detect restricted keywords in the SQL command
• Raise PermissionError if keywords are found in the sql command
• Execute sql command like before if not keyworkds were found
• Add a test to check if the raise is working while adding one restricted keyword

make format, make lint and make test were tested locally

I think this could help for CVE-2023-36189 Where the developer could block any keywords that could be generated by SQLDatabaseChain. It can block any string, so he could also block the usage of wildcards, name of tables, databases. I think it can be powerfull, it gives control to the developer and protect the user doing unwanted actions or protect his database.

@baskaryan

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

2 Ignored Deployments

Name	Status	Preview	Comments	Updated (UTC)
langchain	⬜️ Ignored (Inspect)	Visit Preview		Feb 18, 2024 6:53pm
langchain-deprecated	⬜️ Ignored (Inspect)			Feb 18, 2024 6:53pm

[leo-gan]

@baskaryan Could you, please, review it?

[baskaryan]

Apologies for the slow review! Pr has a number of merge conflicts, happy to re-review if you'd like to resolve

[eyurtsev]

Same logic as here: #22780 (review)