feat(security): add security config to disable it

[ArslanSaleem]

Important

Adds a security configuration option to control security checks in code execution, updating logic and tests accordingly.

• Security Configuration:
  • Adds security option to Config in df_config.py with values standard, none, advanced.
  • Updates chat() in base.py to check security level before raising MaliciousQueryError.
  • Modifies get_environment() in optional.py to conditionally use restricted libraries based on secure parameter.
• Code Execution:
  • Updates get_code_to_run() in code_cleaning.py to check security level before raising MaliciousQueryError.
  • Updates execute_code() in code_execution.py to use secure parameter in get_environment().
• Tests:
  • Adds tests in test_optional_dependency.py to verify environment setup with different security levels.
  • Updates tests in test_code_cleaning.py to handle new security configuration.

^{This description was created by for 2363087. It will automatically update as commits are pushed.}

[ellipsis-dev]

👍 Looks good to me! Reviewed everything up to cc73f91 in 38 seconds

More details

• Looked at 292 lines of code in 7 files
• Skipped 0 files when reviewing.
• Skipped posting 4 drafted comments based on config settings.

1. pandasai/agent/base.py:262

• Draft comment:
  Consider storing the security level check in a variable to avoid repeated evaluations. This pattern is repeated in other files as well.
• Reason this comment was not posted:
  Confidence changes required: 20%
  The code checks for security levels 'standard' and 'advanced' multiple times. It would be more efficient to store this check in a variable and reuse it.

2. pandasai/pipelines/chat/code_cleaning.py:124

• Draft comment:
  Consider storing the security level check in a variable to avoid repeated evaluations. This pattern is repeated in other files as well.
• Reason this comment was not posted:
  Confidence changes required: 20%
  The code checks for security levels 'standard' and 'advanced' multiple times. It would be more efficient to store this check in a variable and reuse it.

3. pandasai/pipelines/chat/code_execution.py:158

• Draft comment:
  Consider storing the security level check in a variable to avoid repeated evaluations. This pattern is repeated in other files as well.
• Reason this comment was not posted:
  Confidence changes required: 20%
  The code checks for security levels 'standard' and 'advanced' multiple times. It would be more efficient to store this check in a variable and reuse it.

4. pandasai/agent/base.py:267

• Draft comment:
  The error message is too verbose. Consider simplifying it for better readability.

                    "The query contains potentially unsafe references to system modules or methods."

• Reason this comment was not posted:
  Comment was on unchanged code.

Workflow ID: wflow_tNhKMNiyIBqT0qMu

---

You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.

[ellipsis-dev]

❌ Changes requested. Incremental review on fdb7985 in 38 seconds

More details

• Looked at 13 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 1 drafted comments based on config settings.

1. pandasai/safe_libs/base_restricted_module.py:10

• Draft comment:
  Consider rephrasing the error message for clarity:

f"Security risk detected: Usage of '{arg}' is prohibited."

• Reason this comment was not posted:
  Confidence changes required: 50%
  The error message on line 11 could be improved for clarity and professionalism.

Workflow ID: wflow_QyIrtA2K5lz5I4VV

---

Want Ellipsis to fix these issues? Tag @ellipsis-dev in a comment. You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.

[ellipsis-dev]

❌ Changes requested. Incremental review on 8606ea3 in 1 minute and 2 seconds

More details

• Looked at 44 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 0 drafted comments based on config settings.

Workflow ID: wflow_X58lWLTaP2stASqI

---

Want Ellipsis to fix these issues? Tag @ellipsis-dev in a comment. You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.

[ellipsis-dev]

👍 Looks good to me! Incremental review on d5eaa65 in 29 seconds

More details

• Looked at 20 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 2 drafted comments based on config settings.

1. tests/unit_tests/agent/test_agent.py:715

• Draft comment:
  Consider adding comments to clarify the purpose of the test cases for both malicious and safe queries.
• Reason this comment was not posted:
  Confidence changes required: 50%
  The test test_query_detection_disable_security is missing comments for both positive and negative cases, which can make it less clear for future developers.

2. tests/unit_tests/agent/test_agent.py:734

• Draft comment:
  The error message is not grammatically correct. Consider rephrasing it for clarity:

            The query contains references to the 'io' or 'os' modules or the 'b64decode' method, which can be used to execute or access system resources in unsafe ways.

• Reason this comment was not posted:
  Comment was not on a valid diff hunk.

Workflow ID: wflow_2c6tjGKWkUwFO5PN

---

You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.

[ellipsis-dev]

👍 Looks good to me! Incremental review on 00f35ab in 34 seconds

More details

• Looked at 18 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 0 drafted comments based on config settings.

Workflow ID: wflow_L1l52MzOELJsNfw3

---

You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.

[ellipsis-dev]

👍 Looks good to me! Incremental review on 21b9ba3 in 24 seconds

More details

• Looked at 23 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 0 drafted comments based on config settings.

Workflow ID: wflow_R1DVgXIkwENKU69v

---

You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.

[codecov]

Codecov Report

Attention: Patch coverage is 60.60606% with 13 lines in your changes missing coverage. Please review.

Project coverage is 78.54%. Comparing base (cfeb071) to head (2363087).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
pandasai/helpers/optional.py	51.85%	13 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1498      +/-   ##
==========================================
- Coverage   78.62%   78.54%   -0.08%     
==========================================
  Files         157      157              
  Lines        6311     6325      +14     
==========================================
+ Hits         4962     4968       +6     
- Misses       1349     1357       +8     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[ellipsis-dev]

👍 Looks good to me! Incremental review on 2363087 in 15 seconds

More details

• Looked at 12 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 2 drafted comments based on config settings.

1. docs/library.mdx:225

• Draft comment:
  Consider rephrasing the description of the security parameter for clarity:

- `security`: The "security" parameter offers three levels: "none," "standard," and "advanced." "Standard" and "advanced" are useful for detecting malicious intent and preventing harmful code execution. By default, "security" is set to "standard." Note that stricter security checks might flag benign queries as harmful. You can disable security by setting it to "none."

• Reason this comment was not posted:
  Confidence changes required: 33%
  The description of the security parameter is clear and concise, but it could benefit from a slight rephrasing for better readability.

2. docs/library.mdx:225

• Draft comment:
  Ensure consistent use of quotation marks around 'security'.
• Reason this comment was not posted:
  Confidence changes required: 50%
  The use of quotation marks around the word 'security' is inconsistent. It should be consistent throughout the document.

Workflow ID: wflow_wL9qGKN5QT0GIlp3

---

You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.