Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extend Jinja Environment to allow Haystack data classes in ConditionalRouter #8691

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Extend Jinja Environment to allow Haystack data classes in ConditionalRouter #8691

wants to merge 3 commits into from

Conversation

Amnah199
Copy link
Contributor

@Amnah199 Amnah199 commented Jan 9, 2025
edited
Loading

Related Issues

Proposed Changes:

Currently, to use Haystack data classes as an output type in ConditionalRouter, users must set unsafe=True. This limitation arises because SandboxedEnvironment does not support the safe evaluation of Python objects, and extending ast.literal_eval to handle custom data classes is neither practical nor secure.

As a solution, this PR introduces NativeSandboxedEnvironment, a custom Jinja2 environment that tries to combine the sandboxing capabilities of SandboxedEnvironment with the native type rendering of NativeEnvironment. I tried to whitelist Haystack data classes in the is_safe_attribute method, allowing them to be safely rendered as native Python objects. Everything else should pass through default sandbox security rules.

❌ However, currently everything is being rendered as a NativeTemplate which possibly causes a security vulnerability.

Highlights:

  • Subclass both SandboxedEnvironment and NativeEnvironment → NativeSandboxedEnvironment.

  • Override from_string and template_class so the environment uses a “native” template but still enforces the sandbox.

  • Use is_safe_attribute to whitelist Haystack data classes.

How did you test it?

Ran the tests

Notes for the reviewer

As I am still evaluating the vulnerabilities of the above approach, an alternative solution could be to check the output_type. If it corresponds to a Haystack data class, the NativeSandboxedEnvironment could be used specifically for rendering Haystack data classes, while the SandboxedEnvironment is retained for all other cases to enhance overall safety.

Checklist

  • I have read the contributors guidelines and the code of conduct
  • I have updated the related issue with new insights and changes
  • I added unit tests and updated the docstrings
  • I've used one of the conventional commit types for my PR title: fix:, feat:, build:, chore:, ci:, docs:, style:, refactor:, perf:, test: and added ! in case the PR includes breaking changes.
  • I documented my code
  • I ran pre-commit hooks and fixed any issue

@github-actions github-actions bot added the type:documentation Improvements on the docs label Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
type:documentation Improvements on the docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow for Haystack native data types as outputs to ConditionalRouter
1 participant
@Amnah199