search

langflow-ai / langflow

⛓️ Langflow is a visual framework for building multi-agent and RAG applications. It's open-source, Python-powered, fully customizable, model and vector store agnostic.
http://www.langflow.org
MIT License
20.38k stars 3.01k forks source link

Faiss search error #2191

Open isold23 opened 3 weeks ago

isold23 commented 3 weeks ago

Describe the bug Error building Component FAISS Search: The de-serialization relies loading a pickle file. Pickle files can be modified to deliver a malicious payload that results in execution of arbitrary code on your machine.You will need to set allow_dangerous_deserialization to True to enable deserialization. If you do this, make sure that you trust the source of the data. For example, if you are loading a file that you created, and know that no one else has modified the file, then this is safe to do. Do not set this to True if you are loading a file from an untrusted source (e.g., some random site on the internet.). how to fix it?

Browser and Version

To Reproduce Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

Screenshots If applicable, add screenshots to help explain your problem.

Additional context Add any other context about the problem here.

dosubot[bot] commented 3 weeks ago

To fix the error related to de-serialization while building the FAISS Search component, you might consider setting the allow_dangerous_deserialization parameter to True. However, this is generally not recommended due to security risks.

Here is an example of how you might modify the build method to include allow_dangerous_deserialization:

def build(
    self,
    input_value: Text,
    embedding: Embeddings,
    folder_path: str,
    number_of_results: int = 4,
    index_name: str = "langflow_index",
    allow_dangerous_deserialization: bool = False  # Add this parameter
) -> List[Record]:
    if not folder_path:
        raise ValueError("Folder path is required to save the FAISS index.")
    path = self.resolve_path(folder_path)
    vector_store = FAISS.load_local(
        folder_path=Text(path),
        embeddings=embedding,
        index_name=index_name,
        allow_dangerous_deserialization=allow_dangerous_deserialization  # Pass it here
    )
    if not vector_store:
        raise ValueError("Failed to load the FAISS index.")

    return self.search_with_vector_store(
        vector_store=vector_store, input_value=input_value, search_type="similarity", k=number_of_results
    )

Regarding the safety of setting allow_dangerous_deserialization to True, it is generally not safe because it can expose your application to security vulnerabilities, such as arbitrary code execution. Use this option only if you fully understand the risks and have no other alternatives [1].

To continue talking to Dosu, mention @dosu.

isold23 commented 3 weeks ago

vector_store = FAISS.load_local(folder_path=Text(path), embeddings=embedding, index_name=index_name, allow_dangerous_deserialization=True) no fixes

anovazzi1 commented 6 days ago

Hello, Sorry for the delay. Did you try using the new version? Does the error still persist?