Open isold23 opened 3 weeks ago
To fix the error related to de-serialization while building the FAISS Search component, you might consider setting the allow_dangerous_deserialization
parameter to True
. However, this is generally not recommended due to security risks.
Here is an example of how you might modify the build
method to include allow_dangerous_deserialization
:
def build(
self,
input_value: Text,
embedding: Embeddings,
folder_path: str,
number_of_results: int = 4,
index_name: str = "langflow_index",
allow_dangerous_deserialization: bool = False # Add this parameter
) -> List[Record]:
if not folder_path:
raise ValueError("Folder path is required to save the FAISS index.")
path = self.resolve_path(folder_path)
vector_store = FAISS.load_local(
folder_path=Text(path),
embeddings=embedding,
index_name=index_name,
allow_dangerous_deserialization=allow_dangerous_deserialization # Pass it here
)
if not vector_store:
raise ValueError("Failed to load the FAISS index.")
return self.search_with_vector_store(
vector_store=vector_store, input_value=input_value, search_type="similarity", k=number_of_results
)
Regarding the safety of setting allow_dangerous_deserialization
to True
, it is generally not safe because it can expose your application to security vulnerabilities, such as arbitrary code execution. Use this option only if you fully understand the risks and have no other alternatives [1].
To continue talking to Dosu, mention @dosu.
vector_store = FAISS.load_local(folder_path=Text(path), embeddings=embedding, index_name=index_name, allow_dangerous_deserialization=True)
no fixes
Hello, Sorry for the delay. Did you try using the new version? Does the error still persist?
Describe the bug Error building Component FAISS Search: The de-serialization relies loading a pickle file. Pickle files can be modified to deliver a malicious payload that results in execution of arbitrary code on your machine.You will need to set
allow_dangerous_deserialization
toTrue
to enable deserialization. If you do this, make sure that you trust the source of the data. For example, if you are loading a file that you created, and know that no one else has modified the file, then this is safe to do. Do not set this toTrue
if you are loading a file from an untrusted source (e.g., some random site on the internet.). how to fix it?Browser and Version
To Reproduce Steps to reproduce the behavior:
Screenshots If applicable, add screenshots to help explain your problem.
Additional context Add any other context about the problem here.