Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge [email protected] to main #864

Closed
wants to merge 665 commits into from
Closed

Merge [email protected] to main #864

wants to merge 665 commits into from

Conversation

Pouyanpi
Copy link
Collaborator

No description provided.

drazvan and others added 30 commits October 4, 2024 14:28
@drazvan
Merge pull request #786 from NVIDIA/feat/issue-and-PR-template
f6197fa 
Feat/issue and pr template
@schuellc-nvidia
Merge pull request #776 from NVIDIA/fix/colang-2/remove-deprecated-wa…
4fa5d7c 
…rning

Remove deprecated warning
@schuellc-nvidia
Merge pull request #760 from NVIDIA/fix/repeatable-uuid-generation
ce1ed58 
Unify uuid generation functions
@schuellc-nvidia
Merge pull request #759 from NVIDIA/fix/colang-2/pretty-str-function
19e73ab 
Fix the pretty str function
@schuellc-nvidia
Merge pull request #758 from NVIDIA/fix/activating-active-flow-with-p…
5ce8c0f 
…arams

Fix/activating active flow with params
@schuellc-nvidia
Merge pull request #771 from NVIDIA/fix/colang-2/avatar-posture-manag…
eef798d 
…ement

Fix posture management and include option for idling posture.
@Pouyanpi
refactor: use SandboxedEnvironment for Jinja2 templates
2193705
@ravinder-tw
Chore: Added correct python command version
64c0b6d 
 Added correct python command version

Signed-off-by: Ravinder Mahajan <[email protected]>
@ravinder-tw
Doc: Updating CONTRIBUTING.md
280c221 
Signed-off-by: Ravinder Mahajan <[email protected]>
@ravinder-tw
Update CONTRIBUTING.md
61c9070 
Signed-off-by: Ravinder Mahajan <[email protected]>
@Pouyanpi
Merge pull request #784 from NVIDIA/feat/bump-langchain-version
3865845 
Feat: Upgrade LangChain to Version 0.3
@Pouyanpi
Merge pull request #785 from NVIDIA/fix/nemollm-test
38ac399 
Fix/nemollm test
@Pouyanpi
Merge pull request #791 from NVIDIA/fix/relevant-chunks-support-no-us…
e200542 
…er-message

fix: update relevant_chunks retrieval logic
@Pouyanpi
Merge branch 'develop' into feat/sandboxed-prompt-rendering
59be8e0 
fix: resolve conflict
@Pouyanpi
Merge pull request #793 from vedantnaik19/patch-1
73c7e47 
Update guardrails-library.md
@Pouyanpi
Merge pull request #799 from NVIDIA/feat/sandboxed-prompt-rendering
8110d1b 
refactor: use SandboxedEnvironment for Jinja2 templates
@ravinder-tw
Chore: Updated documentation
264003f 
Signed-off-by: Ravinder Mahajan <[email protected]>
@Pouyanpi
Merge pull request #801 from ravinder-tw/patch-1
3ec4b67 
Doc: Added correct python command version
@SSK-14
Doc: Fix incorrect folder name & pre-commit setup in CONTRIBUTING.md (#…
5a48f7c 
…800)

* update getting started doc
* fix pre commit setup command
@Pouyanpi
chore: drop support for Python 3.8 (#803)
52a74af
@AshishSardana
Update trustworthiness_score return type as per latest cleanlab-studi…
4a59b18 
…o package

Signed-off-by: Ashish Sardana <[email protected]>
@Pouyanpi
feat: Implement tracing module
5ee2d25
@Pouyanpi
feat(tracing): add JSON and OpenTelemetry adapters
c2bf0fd
@Pouyanpi
feat(config): add tracing configuration support
752ce9e 
feat(config): allow extra fields in AdapterConfig
@Pouyanpi
refactor(tracing): restructure adapters to avoid circular imports
31bf67b
@Pouyanpi
feat(tracing): add TracingConfig support to Tracer
471427a
@Pouyanpi
fix(adapter_factory): pop name from config before passing to class in…
25d4665 
…stance
@Pouyanpi
refactor: rename JsonAdapter to FileSystemAdapter
7b95bff
@Pouyanpi
feat(tracing): add tracing support to LLMRails
0bcf05a
@Pouyanpi
feat(tests): add tests for tracing adapters
4b0bf25
@Pouyanpi
ci: add GitHub Actions workflow for building and testing wheel
2a09bd0 
chore(workflows): remove comments
@Pouyanpi
ci: add workflow to test Docker image (not working)
b7a30a8
@Pouyanpi
refactor: rename test classes to supress pytest warning
284102d
@Pouyanpi
fix: use temp directory for .railsignore in tests
fb7eb9b 
This commit updates the `test_railsignore.py` to use the system's
temporary directory for the `.railsignore` file. This change addresses
issues with tests on Windows OS by ensuring the `.railsignore` file is
created in a writable location
@Pouyanpi
chore: update issue templates with triage labels
ba1229d
@Pouyanpi
chore: add documentation issue template
b625797
@Pouyanpi
docs: update CONTRIBUTING.md for Poetry migration
2957146
@Pouyanpi
feat(workflows): add lock closed threads workflow
f70b5ec
@Pouyanpi
feat(workflows): add test-published-dist workflow
7183b31 
This workflow tests the published distribution of the package from PyPI
daily. It sets up Python environments for versions 3.9, 3.10, and 3.11,
installs the package, starts the server, and checks its status. This
ensures the published package works as expected.
@Pouyanpi
refactor: consolidate dependencies in pyproject.toml
c8cc382
@Pouyanpi
feat(ci): update cron schedule to 11:00 PM UTC daily
b452b77
@Pouyanpi
chore(tox): add instructions for using pyenv with tox
0ff66b2
@Pouyanpi
fix(ci): remove image from registry if tests fail
28444ea
@Pouyanpi Pouyanpi requested a review from cparisien November 19, 2024 17:03
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 28, 2024
View reviewed changes
nemoguardrails/library/privateai/actions.py
server_endpoint = pai_config.server_endpoint
enabled_entities = getattr(pai_config, source).entities

if "api.private-ai.com" in server_endpoint and not pai_api_key:

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

The string
api.private-ai.com
Loading
may be at an arbitrary position in the sanitized URL.

Copilot Autofix AI about 2 months ago

To fix the problem, we need to parse the server_endpoint URL and check its hostname to ensure it matches the expected value. This can be done using the urlparse function from the urllib.parse module. Specifically, we will:

  1. Import the urlparse function.
  2. Parse the server_endpoint URL to extract its hostname.
  3. Check if the hostname matches the expected value (api.private-ai.com).
Suggested changeset 1
nemoguardrails/library/privateai/actions.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/nemoguardrails/library/privateai/actions.py b/nemoguardrails/library/privateai/actions.py
--- a/nemoguardrails/library/privateai/actions.py
+++ b/nemoguardrails/library/privateai/actions.py
@@ -19,3 +19,3 @@
 import os
-
+from urllib.parse import urlparse
 from nemoguardrails import RailsConfig
@@ -46,3 +46,4 @@
 
-    if "api.private-ai.com" in server_endpoint and not pai_api_key:
+    parsed_url = urlparse(server_endpoint)
+    if parsed_url.hostname == "api.private-ai.com" and not pai_api_key:
         raise ValueError(
EOF
@@ -19,3 +19,3 @@
import os

from urllib.parse import urlparse
from nemoguardrails import RailsConfig
@@ -46,3 +46,4 @@

if "api.private-ai.com" in server_endpoint and not pai_api_key:
parsed_url = urlparse(server_endpoint)
if parsed_url.hostname == "api.private-ai.com" and not pai_api_key:
raise ValueError(
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@letmerecall would you please have a look at these issuesc? Thanks!

nemoguardrails/library/privateai/request.py
Returns:
True if PII is detected, False otherwise.
"""
if "api.private-ai.com" in server_endpoint and not api_key:

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

The string
api.private-ai.com
Loading
may be at an arbitrary position in the sanitized URL.

Copilot Autofix AI about 2 months ago

To fix the problem, we need to replace the substring check with a more secure method using urlparse to parse the URL and then check the hostname. This ensures that the check is performed on the actual hostname rather than any part of the URL string.

  • Parse the server_endpoint URL using urlparse.
  • Extract the hostname from the parsed URL.
  • Check if the hostname matches the expected value (api.private-ai.com).
Suggested changeset 1
nemoguardrails/library/privateai/request.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/nemoguardrails/library/privateai/request.py b/nemoguardrails/library/privateai/request.py
--- a/nemoguardrails/library/privateai/request.py
+++ b/nemoguardrails/library/privateai/request.py
@@ -44,3 +44,5 @@
     """
-    if "api.private-ai.com" in server_endpoint and not api_key:
+    from urllib.parse import urlparse
+    parsed_url = urlparse(server_endpoint)
+    if parsed_url.hostname == "api.private-ai.com" and not api_key:
         raise ValueError("'api_key' is required for Private AI cloud API.")
EOF
@@ -44,3 +44,5 @@
"""
if "api.private-ai.com" in server_endpoint and not api_key:
from urllib.parse import urlparse
parsed_url = urlparse(server_endpoint)
if parsed_url.hostname == "api.private-ai.com" and not api_key:
raise ValueError("'api_key' is required for Private AI cloud API.")
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
nemoguardrails/utils.py

while True:
railsignore_file = current_path / ".railsignore"
if railsignore_file.exists() and railsignore_file.is_file():

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.

Copilot Autofix AI about 2 months ago

To fix the problem, we need to ensure that the constructed file path is contained within a safe root directory. We will normalize the path using os.path.normpath and then check that the normalized path starts with the root directory. This will prevent directory traversal attacks.

  1. Normalize the current_path in the get_railsignore_path function.
  2. Check that the normalized path starts with the root directory.
Suggested changeset 1
nemoguardrails/utils.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/nemoguardrails/utils.py b/nemoguardrails/utils.py
--- a/nemoguardrails/utils.py
+++ b/nemoguardrails/utils.py
@@ -328,5 +328,9 @@
     """
-    current_path = Path(path) if path else Path.cwd()
+    root_path = Path.cwd()
+    current_path = Path(path) if path else root_path
+    current_path = current_path.resolve()
 
     while True:
+        if not str(current_path).startswith(str(root_path)):
+            raise Exception("Access to the specified path is not allowed.")
         railsignore_file = current_path / ".railsignore"
EOF
@@ -328,5 +328,9 @@
"""
current_path = Path(path) if path else Path.cwd()
root_path = Path.cwd()
current_path = Path(path) if path else root_path
current_path = current_path.resolve()

while True:
if not str(current_path).startswith(str(root_path)):
raise Exception("Access to the specified path is not allowed.")
railsignore_file = current_path / ".railsignore"
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
nemoguardrails/utils.py Dismissed Show dismissed Hide dismissed
nemoguardrails/utils.py
return ignored_patterns

# File doesn't exist or is empty
if not railsignore_path.exists() or not os.path.getsize(railsignore_path):

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.

Copilot Autofix AI about 2 months ago

To fix the problem, we need to ensure that the railsignore_path is validated before it is used in file operations. This can be done by normalizing the path and ensuring it is within a predefined safe directory. We will use os.path.normpath to normalize the path and then check if it starts with the safe root directory.

  1. Define a safe root directory.
  2. Normalize the railsignore_path.
  3. Check if the normalized path starts with the safe root directory.
  4. Raise an exception if the path is not within the safe directory.
Suggested changeset 1
nemoguardrails/utils.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/nemoguardrails/utils.py b/nemoguardrails/utils.py
--- a/nemoguardrails/utils.py
+++ b/nemoguardrails/utils.py
@@ -352,2 +352,12 @@
 
+    # Define the safe root directory
+    safe_root = Path("/safe/root/directory").resolve()
+
+    # Normalize the railsignore_path
+    normalized_path = railsignore_path.resolve()
+
+    # Check if the normalized path is within the safe root directory
+    if not str(normalized_path).startswith(str(safe_root)):
+        raise ValueError("Access to the specified path is not allowed.")
+
     # File doesn't exist or is empty
EOF
@@ -352,2 +352,12 @@

# Define the safe root directory
safe_root = Path("/safe/root/directory").resolve()

# Normalize the railsignore_path
normalized_path = railsignore_path.resolve()

# Check if the normalized path is within the safe root directory
if not str(normalized_path).startswith(str(safe_root)):
raise ValueError("Access to the specified path is not allowed.")

# File doesn't exist or is empty
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
nemoguardrails/utils.py
return ignored_patterns

# File doesn't exist or is empty
if not railsignore_path.exists() or not os.path.getsize(railsignore_path):

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.

Copilot Autofix AI about 1 month ago

To fix the problem, we need to ensure that the railsignore_path is properly validated before being used. This involves normalizing the path and ensuring it is within a safe root directory. We can achieve this by modifying the get_railsignore_path function to include these checks.

  1. Normalize the railsignore_path using os.path.normpath.
  2. Ensure the normalized path starts with a predefined safe root directory.
Suggested changeset 1
nemoguardrails/utils.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/nemoguardrails/utils.py b/nemoguardrails/utils.py
--- a/nemoguardrails/utils.py
+++ b/nemoguardrails/utils.py
@@ -328,3 +328,8 @@
     """
-    current_path = Path(path) if path else Path.cwd()
+    base_path = Path.cwd()
+    current_path = Path(path) if path else base_path
+    current_path = current_path.resolve()
+
+    if not str(current_path).startswith(str(base_path)):
+        raise ValueError("Access to the specified path is not allowed.")
 
EOF
@@ -328,3 +328,8 @@
"""
current_path = Path(path) if path else Path.cwd()
base_path = Path.cwd()
current_path = Path(path) if path else base_path
current_path = current_path.resolve()

if not str(current_path).startswith(str(base_path)):
raise ValueError("Access to the specified path is not allowed.")

Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
nemoguardrails/utils.py
return ignored_patterns

try:
with open(railsignore_path, "r") as f:

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.

Copilot Autofix AI about 2 months ago

To fix the problem, we need to ensure that the railsignore_path is validated before being used in file operations. This involves normalizing the path and ensuring it is within a safe root directory. We will implement this validation in the get_railsignore_patterns function.

  1. Normalize the railsignore_path using os.path.normpath.
  2. Ensure the normalized path starts with a predefined safe root directory.
Suggested changeset 1
nemoguardrails/utils.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/nemoguardrails/utils.py b/nemoguardrails/utils.py
--- a/nemoguardrails/utils.py
+++ b/nemoguardrails/utils.py
@@ -352,2 +352,12 @@
 
+    # Normalize the path
+    railsignore_path = Path(os.path.normpath(railsignore_path))
+
+    # Define a safe root directory
+    safe_root = Path("/safe/root/directory")
+
+    # Ensure the normalized path starts with the safe root directory
+    if not str(railsignore_path).startswith(str(safe_root)):
+        raise ValueError("Access to the specified path is not allowed.")
+
     # File doesn't exist or is empty
EOF
@@ -352,2 +352,12 @@

# Normalize the path
railsignore_path = Path(os.path.normpath(railsignore_path))

# Define a safe root directory
safe_root = Path("/safe/root/directory")

# Ensure the normalized path starts with the safe root directory
if not str(railsignore_path).startswith(str(safe_root)):
raise ValueError("Access to the specified path is not allowed.")

# File doesn't exist or is empty
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
schuellc-nvidia and others added 11 commits November 28, 2024 16:38
@schuellc-nvidia
Fix GTP spelling
5dbdaec
@Pouyanpi
Merge pull request #873 from krishna-sreeraj-tw/develop
dd0fde0 
Fix typos in the example prompts to remove some of the IDE warnings
@schuellc-nvidia
Merge pull request #876 from NVIDIA/feature/colang-highlighting-exten…
54328b4 
…sion

Update colang extension install instructions
@Pouyanpi
fix(ci): remove Ubuntu from full-tests
ed2c475
@sklinglernv
Fix attention test on Windows.
0be86a4
@schuellc-nvidia
Update underscore folder names to new hyphen format
b01301f
@schuellc-nvidia
Merge pull request #874 from NVIDIA/fix/multi-modal-demo
78fbe82 
Fix and improve multi modal demo
@schuellc-nvidia
Merge pull request #881 from NVIDIA/fix/colang-2-doc-folder-renaming
e2344bd 
Update underscore folder names to new hyphen format
@Pouyanpi
Merge pull request #879 from NVIDIA/fix/minor-spelling-issues
8321685 
Fix GTP spelling
@Pouyanpi
Merge pull request #826 from NVIDIA/feature/poetry
6816c8a 
Feature: migrate to poetry
@Pouyanpi
Merge pull request #877 from NVIDIA/feature/support-more-llm-models
5bb4455 
Add support for llama-3.2 models
@Pouyanpi Pouyanpi closed this Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cparisien cparisien cparisien approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.