Skip to content

Bytewhisper code ql testing #31544

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Bytewhisper code ql testing #31544

wants to merge 7 commits into from

Conversation

DrJekels
Copy link

@DrJekels DrJekels commented Jun 9, 2025

Thank you for contributing to LangChain!

  • CodeQL with Chat Sanitization/Validation Tool with Prompt Escape/Injection Documentation: "core:sanitize.py; how-to:Prevent-Prompt-Injection/Escape; infra:CodeQL"

  • Bytewhisper to add security testing to Langchain core:

    • Tested CodeQL in Actions and pushing the action to master for use in CI/CD testing for langchain-core. Built a tool for sanitizing/validating user supplied inputs for safe characters; with a tool to allow for user safe delimiters. Add documentation in the how-to section on preventing prompt injection/escape as a guide to help with building secure apps.
    • CodeQL action will need to be modified to work with desired branches.

DrJekels added 7 commits May 22, 2025 11:39
@DrJekels
sanitize tool and test created, with how to guide on preventing promp…
275691f 
…t injection and escape.
@DrJekels
Create codeql.yml
0da8e33 
This will be used for SAST testing in the repo pipeline.
@DrJekels
Merge remote-tracking branch 'origin/master' into Bytewhisper-CodeQL-…
a8a1886 
…Testing
@DrJekels
Merge pull request #1 from langchain-ai/master
801d2db 
Update to Bytewhisper-CodeQL-Testing to run CodeQL Test on branch changes.
@DrJekels
Merge pull request #2 from langchain-ai/master
68f5705 
Merging with updates from master into CodeQL testing branch.
@DrJekels
Merge pull request #3 from langchain-ai/master
71be451 
Merge from master for further security testing.
@DrJekels
Merge pull request #4 from langchain-ai/master
36f59cd 
Updates for CodeQL testing.
@DrJekels DrJekels requested review from baskaryan and ccurme as code owners June 9, 2025 21:10
@vercel Vercel
Copy link

vercel bot commented Jun 9, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
langchain ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 9, 2025 9:19pm

@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. 🤖:security Related to security issues, CVEs labels Jun 9, 2025
@codspeed-hq CodSpeed HQ
Copy link

codspeed-hq bot commented Jun 9, 2025

CodSpeed Walltime Performance Report

Merging #31544 will not alter performance

Comparing DrJekels:Bytewhisper-CodeQL-Testing (36f59cd) with master (9ce9742)

⚠️ Unknown Walltime execution environment detected

Using the Walltime instrument on standard Hosted Runners will lead to inconsistent data.

For the most accurate results, we recommend using CodSpeed Macro Runners: bare-metal machines fine-tuned for performance measurement consistency.

Summary

✅ 13 untouched benchmarks

@codspeed-hq CodSpeed HQ
Copy link

codspeed-hq bot commented Jun 9, 2025
edited
Loading

CodSpeed Instrumentation Performance Report

Merging #31544 will not alter performance

Comparing DrJekels:Bytewhisper-CodeQL-Testing (36f59cd) with master (9ce9742)

Summary

✅ 13 untouched benchmarks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@baskaryan baskaryan Awaiting requested review from baskaryan baskaryan is a code owner

@ccurme ccurme Awaiting requested review from ccurme ccurme is a code owner

Assignees
No one assigned
Labels
🤖:security Related to security issues, CVEs size:L This PR changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@DrJekels