From 83ecd572fc24ebd0588ceaf89a490b2e06e0cf06 Mon Sep 17 00:00:00 2001
From: tandiapa <317899+tandiapa@users.noreply.github.com>
Date: Wed, 22 Jan 2025 12:28:18 +0100
Subject: [PATCH] fix(interpreter security): functions from the builtins module
 must be explicitely added so as to prevent the dangerous ones from being
 indirectly available (compile, exec, eval, breakpoint, __import__, open, ...)
 (#299)

---
 src/smolagents/local_python_executor.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/smolagents/local_python_executor.py b/src/smolagents/local_python_executor.py
index 4212688..5359cf5 100644
--- a/src/smolagents/local_python_executor.py
+++ b/src/smolagents/local_python_executor.py
@@ -17,6 +17,7 @@
 import ast
 import builtins
 import difflib
+import inspect
 import math
 import re
 from collections.abc import Mapping
@@ -643,8 +644,14 @@ def evaluate_call(
             # cap the number of lines
             return None
         else:  # Assume it's a callable object
-            if (func in [eval, compile, exec]) and (func not in static_tools.values()):
-                raise InterpreterError(f"Invoking eval, compile or exec is not allowed ({func_name}).")
+            if (
+                (inspect.getmodule(func) == builtins)
+                and inspect.isbuiltin(func)
+                and (func not in static_tools.values())
+            ):
+                raise InterpreterError(
+                    f"Invoking a builtin function that has not been explicitly added as a tool is not allowed ({func_name})."
+                )
             return func(*args, **kwargs)