fix: code scanning alert - Uncontrolled data used in path expression

NVIDIA / NeMo-Guardrails

NeMo Guardrails is an open-source toolkit for easily adding programmable guardrails to LLM-based conversational systems.

Other

4.2k stars 399 forks source link

Open Pouyanpi opened 3 weeks ago

Pouyanpi commented 3 weeks ago

Currently the config_path used in _load_path method of nemoguardrails/rails/llm/config.py allows for sec vulnerabilites.

We need to decide on a base_path that all paths could only start with that.

Tracking issue for: