comment out exec() method because of securith issues

mljar · Feb 14, 2025 · bdcfb13 · bdcfb13
1 parent 7a95b06
commit bdcfb13
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/plotai/code/executor.py b/plotai/code/executor.py
@@ -12,7 +12,12 @@ def run(self, code, globals_env=None, locals_env=None):
                 if not line.startswith("```"):
                     tmp_code += line + "\n"
 
-            exec(tmp_code, globals_env, locals_env)
+            # please be aware of security issue with exec functions
+            # LLM can execute arbitrary code
+            # if you are aware of security issues, please uncomment below line
+
+            # exec(tmp_code, globals_env, locals_env)
+
         except Exception as e:
             return str(e)
         return None