🐛 fix(utilities.py): use ast.literal_eval instead of eval to improve security

🐛 fix(GenericNode): add semicolon to console.log statement The use of eval in the code can be a security risk as it can execute arbitrary code. Using ast.literal_eval instead of eval is a safer alternative as it only evaluates a subset of Python expressions. The semicolon was added to the console.log statement to improve code consistency.
2023-05-28 11:55:00 -03:00 · 2023-05-28 11:55:00 -03:00 · c4159f3af4
commit c4159f3af4
parent e2345dbe1d
2 changed files with 3 additions and 2 deletions
--- a/src/backend/langflow/template/frontend_node/utilities.py
+++ b/src/backend/langflow/template/frontend_node/utilities.py
@ -1,3 +1,4 @@
+import ast
 import json
 from typing import Optional

@ -12,7 +13,7 @@ class UtilitiesFrontendNode(FrontendNode):
        # field.field_type could be "Literal['news', 'search', 'places', 'images']
        # we need to convert it to a list
        if "Literal" in field.field_type:
-            field.options = eval(field.field_type.replace("Literal", ""))
+            field.options = ast.literal_eval(field.field_type.replace("Literal", ""))
            field.is_list = True
            field.field_type = "str"

--- a/src/frontend/src/CustomNodes/GenericNode/index.tsx
+++ b/src/frontend/src/CustomNodes/GenericNode/index.tsx
@ -85,7 +85,7 @@ export default function GenericNode({
    deleteNode(data.id);
    return;
  }
-  console.log(data)
+  console.log(data);

  return (
    <div