guardrails-ai

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    169:             )
    170: 
>>> 171:         async def __exec(
    172:             self: AsyncGuard,
    173:             *args,

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    231:                 set_scope(str(object_id(call_log)))
    232:                 self.history.push(call_log)
>>> 233:                 result = await self._exec(
    234:                     llm_api=llm_api,
    235:                     llm_output=llm_output,

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    269:         )
    270: 
>>> 271:     async def _exec(
    272:         self,
    273:         *args,

Subprocess execution

Detected by automated pattern matching (rule SC-001) with medium confidence. May be a false positive.

    70:             env["NO_COLOR"] = "true"
    71: 
>>> 72:         result = subprocess.run(
    73:             command,
    74:             env=env,

Subprocess execution

Detected by automated pattern matching (rule SC-001) with medium confidence. May be a false positive.

    96:         return result.stdout
    97: 
>>> 98:     except subprocess.CalledProcessError as exc:
    99:         raise PipProcessError(action, package, exc.stderr, exc.stdout, exc.returncode)
    100:     except Exception as e:

Subprocess execution

Detected by automated pattern matching (rule SC-001) with medium confidence. May be a false positive.

    142:             env["NO_COLOR"] = "true"
    143: 
>>> 144:         result = subprocess.run(
    145:             command,
    146:             env=env,

Subprocess execution

Detected by automated pattern matching (rule SC-001) with medium confidence. May be a false positive.

    168:         return result.stdout
    169: 
>>> 170:     except subprocess.CalledProcessError as exc:
    171:         raise PipProcessError(
    172:             action, package, exc.stderr or "", exc.stdout or "", exc.returncode

Subprocess execution

Detected by automated pattern matching (rule SC-001) with medium confidence. May be a false positive.

    196:             env["NO_COLOR"] = "true"
    197: 
>>> 198:         result = subprocess.run(
    199:             command,
    200:             env=env,

Subprocess execution

Detected by automated pattern matching (rule SC-001) with medium confidence. May be a false positive.

    222:         return result.stdout
    223: 
>>> 224:     except subprocess.CalledProcessError as exc:
    225:         logger.error(
    226:             (

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    515:             )
    516: 
>>> 517:         def __exec(
    518:             self: Guard,
    519:             *args,

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    572:             self.history.push(call_log)
    573:             # Otherwise, call the LLM synchronously
>>> 574:             return self._exec(
    575:                 llm_api=llm_api,
    576:                 llm_output=llm_output,

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    607:         )
    608: 
>>> 609:     def _exec(
    610:         self,
    611:         *args,

Subprocess execution

Detected by automated pattern matching (rule SC-001) with medium confidence. May be a false positive.

    265:                 command = [sys.executable, relative_path]
    266:                 subprocess.check_output(command)
>>> 267:             except subprocess.CalledProcessError as exc:
    268:                 logger.error(
    269:                     (

Decoded base64 content: ��y��.���(v�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��y��rF�x�쵩ejب��,��쵩e

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: "{ږ'G��'�֥�DK

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��y��.���(v�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: "{ږ'G��'�֥�DK

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��y��rF�x�쵩ejب��,��쵩e

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��y��rF�x�쵩ejب��,��쵩e

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code evaluation via eval()

Detected by automated pattern matching (rule SC-004) with medium confidence. May be a false positive.

    36:                 # Option 2: We use something like the Validator Manifest that describes the arguments
    37:                 #   to parse the values from the string WITHOUT an eval.
>>> 38:                 t = literal_eval(t)
    39:             except (ValueError, SyntaxError, NameError) as e:
    40:                 raise ValueError(

Decoded base64 content: U�bu�h�'��'�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: U�bu�h�'��'�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    50: 
    51: 
>>> 52: def fetch(url: str, token: Optional[str], anonymousUserId: Optional[str]):
    53:     try:
    54:         # For Debugging

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    59:             "x-guardrails-version": GUARDRAILS_VERSION,
    60:         }
>>> 61:         req = requests.get(url, headers=headers)
    62:         body = req.json()
    63: 

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    86:     )
    87:     manifest_url = f"{VALIDATOR_HUB_SERVICE}/{manifest_path}"
>>> 88:     return fetch(manifest_url, token, anonymousUserId)
    89: 
    90: 

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    118:     template_path = f"guard-templates/{namespace}/{template_name}"
    119:     template_url = f"{VALIDATOR_HUB_SERVICE}/{template_path}"
>>> 120:     return fetch(template_url, token, settings.rc.id)
    121: 
    122: 

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    167:         token = get_jwt_token(settings.rc)
    168:         auth_url = f"{VALIDATOR_HUB_SERVICE}/auth"
>>> 169:         response = fetch(auth_url, token, settings.rc.id)
    170:         if not response:
    171:             raise AuthenticationError("Failed to authenticate!")

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    189:         }
    190:         request_body = {"packageName": package_name, "content": content}
>>> 191:         req = requests.post(submission_url, data=request_body, headers=headers)
    192: 
    193:         body = req.json()

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    17: 
    18:     with contextlib.suppress(Exception):
>>> 19:         res = requests.get(f"https://pypi.org/pypi/{GUARDRAILS_PACKAGE_NAME}/json")
    20:         version_info = res.json()
    21:         info = version_info.get("info", {})

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    374:             "Content-Type": "application/json",
    375:         }
>>> 376:         req = requests.post(validation_endpoint, data=request_body, headers=headers)
    377:         if not req.ok:
    378:             if req.status_code == 401: