o i8@sddlmZddlmZddlmZddlmZddlm Z ddlm Z ddl m Z ddlmZd d Zd d Zd dZddZddZddZddZddZddZddZddZdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Z d+S),)is_iast_request_enabled) iast_errortaint_pyobject)get_tainted_ranges)unwrap)wrap)config)get_argument_valuecCsbtjsdS|dt|dt|dt|dt|dt|dt|dtdS)Nzlangchain.patchzlangchain.unpatchzlangchain.llm.generate.afterzlangchain.llm.agenerate.afterz"langchain.chatmodel.generate.afterz#langchain.chatmodel.agenerate.afterzlangchain.stream.chunk.callback) asm_config _iast_enabledon_langchain_patch_langchain_unpatch_langchain_llm_generate_after#_langchain_chatmodel_generate_after _langchain_stream_chunk_callback)corerS/home/ubuntu/.local/lib/python3.10/site-packages/ddtrace/appsec/_iast/_langchain.pylangchain_listen s      rc CstjsdStddttddtd}d}zddl}d}Wnty8zddl}d}Wn ty5YnwYnw|r|D]C}z4ddl}| |}|}| d D]}t ||}qPt |d ret||d t t |d rrt||d tWq=ttfy~Yq=wdSdS)z Patch langchain for IAST. MUST NOT be called directly, only as a callback from ddtrace.contrib.internal.langchain.patch import wrap Nlangchain_corez$prompts.prompt.PromptTemplate.formatz%prompts.prompt.PromptTemplate.aformat) z*agents.chat.output_parser.ChatOutputParserz5agents.conversational.output_parser.ConvoOutputParserz:agents.conversational_chat.output_parser.ConvoOutputParserz*agents.mrkl.output_parser.MRKLOutputParserz0agents.output_parsers.json.JSONAgentOutputParserzGagents.output_parsers.openai_functions.OpenAIFunctionsAgentOutputParserzNagents.output_parsers.react_json_single_input.ReActJsonSingleInputOutputParserzEagents.output_parsers.react_single_input.ReActSingleInputOutputParserz2agents.output_parsers.self_ask.SelfAskOutputParserz.agents.output_parsers.xml.XMLAgentOutputParserz,agents.react.output_parser.ReActOutputParserz=agents.self_ask_with_search.output_parser.SelfAskOutputParserz?agents.structured_chat.output_parser.StructuredChatOutputParserr langchainlangchain_community.formatz.formataformatz.aformat)r r r_wrapper_prompt_template_format _wrapper_prompt_template_aformatlangchain.agents ImportErrorlangchain_community.agents importlib import_modulesplitgetattrhasattr_wrapper_agentoutput_parse_wrapper_agentoutput_aparseAttributeError) agent_output_parser_classesagents_packagerrclass_r"module class_objpartrrrrsH        rcCsPtjrdSzddl}Wn tyYdSwt|jjjdt|jjjddS)Nrrr)r r rr rpromptspromptPromptTemplate)rrrrrSs  rc CstjsdSt|ttfsdSt|dsdSzS|j}t|ts!WdSd}|D]}t|ts-q%t|}|r:|dj }nq%|s@WdS|D]#}|D]}t |\}} |rR| sSqFt | |j |j |jd} t||| qFqBWdSty} z td| WYd} ~ dSd} ~ ww)z Taints the output of an LLM call if its inputs are tainted. Range propagation does not make sense in LLMs. So we get the first source in inputs, if any, and taint the full output with that source. N generationsrpyobject source_name source_value source_originzq6|D]}t|dsHq@t|j }|rV|dj nq@q6s^WdS|D]}|D]}t |\}} |r| rt | j jjd} t||| t|dr|j} t| dsqd| j } t| trt| dt| n't| trt| dfdd| Dnt| trt| dfdd | Dt| d r| j} t| trd | vr| d }t|trd |vr|d }t|trt||d <qdq`WdSty}z td |WYd}~dSd}~ww)Nrr3contentr4messagecg|]}t|qSr_iast_taint_if_str.0cr=rr z7_langchain_chatmodel_generate_after..ci|] \}}|t|qSrrOrRkvrTrr z7_langchain_chatmodel_generate_after..additional_kwargs function_call argumentszBpropagation::source::langchain _langchain_chatmodel_generate_after)r r r9r:r;lenr&r3rrLr=r>rr?r@rArBrMr<rPdictitemsr]rCr)messagesrDr3msgsmsgrErFrGrHrIrJrMrLr]r^r_rKrrTrrs                 rcCs2t||dddd}|s dSt|}|sdSt|S)NrinputT)optional)r *_get_tainted_source_from_chat_prompt_value_create_taint_chunk_callback)interface_typeargskwargs chat_messagesr=rrrrsrcsfdd}|S)Nc sBzt|WdSty }z td|WYd}~dSd}~ww)Nz:propagation::source::langchain _langchain_iast_taint_chunk)_langchain_iast_taint_chunkrCr)chunkrKrTrr_iast_chunk_taints z7_create_taint_chunk_callback.._iast_chunk_taintr)r=rprrTrris ricCsvtjsdSt|ds dS|j}t|ttfsdS|D]}t|ds"q|j}t|ts+qt |}|r8|dj SqdS)NrcrLr) r r r&rcr9r:r;rLr<rr=)chat_prompt_valuercrMrLrErrrrhs$   rhcCsHd}t|dr d}n t|drd}ndSt||}t|ts dS||fS)N_textrI)NN)r&r%r9r<)rGrHrIrrrr>s    r>cstjsdSs dS|}t|dsdS|j}t|tr$t|dt|n't|tr7t|dfdd|Dnt|t rKt|dfdd| Dt|dr{|j }t|t r}d|vr|d}t|t rd |vr|d }t|trt||d <dSdSdSdSdSdSdS) z] Taints a chunk (type BaseMessageChunk, typically an AIMessageChunk) given a source. NrLcrNrrOrQrTrrrUrVz/_langchain_iast_taint_chunk..crWrrOrXrTrrr[r\z/_langchain_iast_taint_chunk..r]r^r_) r r r&rLr9r<rBrPr;rarbr])r=rorMrLr]r^r_rrTrrns4      rncCs0t|ts|Sddlm}|||j|j|jdS)Nrrr4)r9r<3ddtrace.appsec._iast._taint_tracking._taint_objectsrr?r@rA)r=objrrrrrP(s  rPcCs||i|}t||S)zR Propagate taint in PromptTemplate.format, from any input, to the output. !_propagate_prompt_template_formatfuncinstancerkrlresultrrrr5s rcs ||i|IdH}t||S)zS Propagate taint in PromptTemplate.aformat, from any input, to the output. Nrurwrrrr=s rc Csz(ts|WS|D]}t|}|r%|dj}t||j|j|jWSq W|Sty@}z t d|WYd}~|Sd}~ww)NrzDpropagation::source::langchain iast_propagate_prompt_template_format) rvaluesrr=rr?r@rArCr)rlrzr@rangesr=rKrrrrvEs   rvcCs||i|}t|||SN_propagante_agentoutput_parserwrrrr'Ts r'cs"||i|IdH}t|||Sr}r~rwrrrr(Ys r(c Cs zlzddlm}ddlm}Wnty$ddlm}ddlm}Ynwt|d}|rd|dj}t||rFt|j |j |j |j |_ W|St||rgd|j vrj|j }t|d|j |j |j |d<W|SW|SW|SW|Sty}z td|WYd}~|Sd}~ww)Nr) AgentAction) AgentFinishoutputz2propagation::source::langchain taint_parser_output)langchain_core.agentsrrr rrr=r9r tool_inputr?r@rA return_valuesrCr) rkrlrzrrr|r=r{rKrrrr^s:       rN)!/ddtrace.appsec._iast._iast_request_context_baserddtrace.appsec._iast._logsrrsr8ddtrace.appsec._iast._taint_tracking._taint_objects_baser$ddtrace.contrib.internal.trace_utilsrrddtrace.internal.settings.asmr r ddtrace.internal.utilsr rrrrrrrirhr>rnrPrrrvr'r(rrrrrs2        < ,D