Community: Using ro_qeury with FalkorDB doesn't allow destructive operations #28095

gkorland · 2024-11-13T19:26:56Z

Thank you for contributing to LangChain!

PR title: "package: description"
- Where "package" is whichever of langchain, community, core, etc. is being modified. Use "docs: ..." for purely docs changes, "infra: ..." for CI changes.
- Example: "community: add foobar LLM"
PR message: No need to force opt in with FalkorDB
- Description: Using ro_qeury with FalkorDB doesn't allow destructive operations
- Twitter handle: @g_korland
Lint and test: Run make format, make lint and make test from the root of the package(s) you've modified. See contribution guidelines for more: https://python.langchain.com/docs/contributing/

vercel · 2024-11-13T19:27:00Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Skipped Deployment

Name	Status	Preview	Comments	Updated (UTC)
langchain	⬜️ Ignored (Inspect)	Visit Preview		Dec 5, 2024 7:01pm

efriis · 2024-12-05T23:33:27Z

this introduces a CVE by removing danger warnings about sql injection

efriis · 2024-12-05T23:34:23Z

the issue is not only destructive actions, but also data exfiltration

efriis · 2024-12-05T23:37:13Z

if you wanted to reopen this just switching to ro_query that could work, under some flag. But it would have to keep the security warning

using ro_qeury with FalkorDB doesn't allow destructive operations

621249f

dosubot bot added the size:M This PR changes 30-99 lines, ignoring generated files. label Nov 13, 2024

Merge branch 'master' into ro_query

7288a3b

dosubot bot added the community Related to langchain-community label Nov 13, 2024

gkorland added 2 commits November 14, 2024 00:30

Merge branch 'master' into ro_query

1f208f3

Merge branch 'master' into ro_query

8417847

efriis closed this Dec 5, 2024

Provide feedback