Deprecate PythonRepl tools and Pandas/Xorbits/Spark DataFrame/Python/CSV agents (CVE-2023-39659)

libs/langchain/langchain/__init__.py

@@ -370,7 +370,6 @@ def __getattr__(name: str) -> Any:
 
 __all__ = [
     "LLMChain",
-    "LLMBashChain",
     "LLMCheckerChain",
     "LLMMathChain",
     "ArxivAPIWrapper",

libs/langchain/langchain/_api/path.py

@@ -0,0 +1,36 @@
+import os
+from pathlib import Path
+from typing import Optional, Union
+
+HERE = Path(__file__).parent
+
+# Get directory of langchain package
+PACKAGE_DIR = HERE.parent
+SEPARATOR = os.sep
+
+
+def get_relative_path(
+    file: Union[Path, str], *, relative_to: Path = PACKAGE_DIR
+) -> str:
+    """Get the path of the file as a relative path to the package directory."""
+    if isinstance(file, str):
+        file = Path(file)
+    return str(file.relative_to(relative_to))
+
+
+def as_import_path(
+    file: Union[Path, str],
+    *,
+    suffix: Optional[str] = None,
+    relative_to: Path = PACKAGE_DIR
+) -> str:
+    """Path of the file as a LangChain import exclude langchain top namespace."""
+    if isinstance(file, str):
+        file = Path(file)
+    path = get_relative_path(file, relative_to=relative_to)
+    if file.is_file():
+        path = path[: -len(file.suffix)]
+    import_path = path.replace(SEPARATOR, ".")
+    if suffix:
+        import_path += "." + suffix
+    return import_path

libs/langchain/langchain/agents/__init__.py

@@ -28,6 +28,10 @@
     AgentAction, AgentFinish
 
 """  # noqa: E501
+from pathlib import Path
+from typing import Any
+
+from langchain._api.path import as_import_path
 from langchain.agents.agent import (
     Agent,
     AgentExecutor,
@@ -38,18 +42,14 @@
 )
 from langchain.agents.agent_iterator import AgentExecutorIterator
 from langchain.agents.agent_toolkits import (
-    create_csv_agent,
     create_json_agent,
     create_openapi_agent,
-    create_pandas_dataframe_agent,
     create_pbi_agent,
     create_pbi_chat_agent,
-    create_spark_dataframe_agent,
     create_spark_sql_agent,
     create_sql_agent,
     create_vectorstore_agent,
     create_vectorstore_router_agent,
-    create_xorbits_agent,
 )
 from langchain.agents.agent_types import AgentType
 from langchain.agents.conversational.base import ConversationalAgent
@@ -70,6 +70,29 @@
 from langchain.agents.tools import Tool, tool
 from langchain.agents.xml.base import XMLAgent
 
+DEPRECATED_CODE = [
+    "create_csv_agent",
+    "create_pandas_dataframe_agent",
+    "create_spark_dataframe_agent",
+    "create_xorbits_agent",
+]
+
+
+def __getattr__(name: str) -> Any:
+    """Get attr name."""
+    if name in DEPRECATED_CODE:
+        relative_path = as_import_path(Path(__file__).parent, suffix=name)
+        old_path = "langchain." + relative_path
+        new_path = "langchain_experimental." + relative_path
+        raise ImportError(
+            f"{name} has been moved to langchain experimental. "
+            "See https://github.com/langchain-ai/langchain/discussions/11680"
+            "for more information.\n"
+            f"Please update your import statement from: `{old_path}` to `{new_path}`."
+        )
+    raise ImportError(f"{name} does not exist")
+
+
 __all__ = [
     "Agent",
     "AgentExecutor",
@@ -90,13 +113,10 @@
     "StructuredChatAgent",
     "Tool",
     "ZeroShotAgent",
-    "create_csv_agent",
     "create_json_agent",
     "create_openapi_agent",
-    "create_pandas_dataframe_agent",
     "create_pbi_agent",
     "create_pbi_chat_agent",
-    "create_spark_dataframe_agent",
     "create_spark_sql_agent",
     "create_sql_agent",
     "create_vectorstore_agent",
@@ -107,6 +127,5 @@
     "load_huggingface_tool",
     "load_tools",
     "tool",
-    "create_xorbits_agent",
     "XMLAgent",
 ]

libs/langchain/langchain/agents/agent_toolkits/__init__.py

@@ -13,6 +13,10 @@
 
 See [Security](https://python.langchain.com/docs/security) for more information.
 """
+from pathlib import Path
+from typing import Any
+
+from langchain._api.path import as_import_path
 from langchain.agents.agent_toolkits.ainetwork.toolkit import AINetworkToolkit
 from langchain.agents.agent_toolkits.amadeus.toolkit import AmadeusToolkit
 from langchain.agents.agent_toolkits.azure_cognitive_services import (
@@ -21,7 +25,6 @@
 from langchain.agents.agent_toolkits.conversational_retrieval.openai_functions import (
     create_conversational_retrieval_agent,
 )
-from langchain.agents.agent_toolkits.csv.base import create_csv_agent
 from langchain.agents.agent_toolkits.file_management.toolkit import (
     FileManagementToolkit,
 )
@@ -34,13 +37,10 @@
 from langchain.agents.agent_toolkits.office365.toolkit import O365Toolkit
 from langchain.agents.agent_toolkits.openapi.base import create_openapi_agent
 from langchain.agents.agent_toolkits.openapi.toolkit import OpenAPIToolkit
-from langchain.agents.agent_toolkits.pandas.base import create_pandas_dataframe_agent
 from langchain.agents.agent_toolkits.playwright.toolkit import PlayWrightBrowserToolkit
 from langchain.agents.agent_toolkits.powerbi.base import create_pbi_agent
 from langchain.agents.agent_toolkits.powerbi.chat_base import create_pbi_chat_agent
 from langchain.agents.agent_toolkits.powerbi.toolkit import PowerBIToolkit
-from langchain.agents.agent_toolkits.python.base import create_python_agent
-from langchain.agents.agent_toolkits.spark.base import create_spark_dataframe_agent
 from langchain.agents.agent_toolkits.spark_sql.base import create_spark_sql_agent
 from langchain.agents.agent_toolkits.spark_sql.toolkit import SparkSQLToolkit
 from langchain.agents.agent_toolkits.sql.base import create_sql_agent
@@ -54,10 +54,33 @@
     VectorStoreRouterToolkit,
     VectorStoreToolkit,
 )
-from langchain.agents.agent_toolkits.xorbits.base import create_xorbits_agent
 from langchain.agents.agent_toolkits.zapier.toolkit import ZapierToolkit
 from langchain.tools.retriever import create_retriever_tool
 
+DEPRECATED_AGENTS = [
+    "create_csv_agent",
+    "create_pandas_dataframe_agent",
+    "create_xorbits_agent",
+    "create_python_agent",
+    "create_spark_dataframe_agent",
+]
+
+
+def __getattr__(name: str) -> Any:
+    """Get attr name."""
+    if name in DEPRECATED_AGENTS:
+        relative_path = as_import_path(Path(__file__).parent, suffix=name)
+        old_path = "langchain." + relative_path
+        new_path = "langchain_experimental." + relative_path
+        raise ImportError(
+            f"{name} has been moved to langchain experimental. "
+            "See https://github.com/langchain-ai/langchain/discussions/11680"
+            "for more information.\n"
+            f"Please update your import statement from: `{old_path}` to `{new_path}`."
+        )
+    raise ImportError(f"{name} does not exist")
+
+
 __all__ = [
     "AINetworkToolkit",
     "AmadeusToolkit",
@@ -78,19 +101,14 @@
     "VectorStoreRouterToolkit",
     "VectorStoreToolkit",
     "ZapierToolkit",
-    "create_csv_agent",
     "create_json_agent",
     "create_openapi_agent",
-    "create_pandas_dataframe_agent",
     "create_pbi_agent",
     "create_pbi_chat_agent",
-    "create_python_agent",
-    "create_spark_dataframe_agent",
     "create_spark_sql_agent",
     "create_sql_agent",
     "create_vectorstore_agent",
     "create_vectorstore_router_agent",
-    "create_xorbits_agent",
     "create_conversational_retrieval_agent",
     "create_retriever_tool",
 ]

libs/langchain/langchain/agents/agent_toolkits/csv/__init__.py

@@ -1 +1,22 @@
-"""CSV toolkit."""
+from pathlib import Path
+from typing import Any
+
+from langchain._api.path import as_import_path
+
+
+def __getattr__(name: str) -> Any:
+    """Get attr name."""
+
+    here = as_import_path(Path(__file__).parent)
+
+    old_path = "langchain." + here + "." + name
+    new_path = "langchain_experimental." + here + "." + name
+    raise ImportError(
+        "This agent has been moved to langchain experiment. "
+        "This agent relies on python REPL tool under the hood, so to use it "
+        "safely please sandbox the python REPL. "
+        "Read https://github.com/langchain-ai/langchain/blob/master/SECURITY.md "
+        "and https://github.com/langchain-ai/langchain/discussions/11680"
+        "To keep using this code as is, install langchain experimental and "
+        f"update your import statement from:\n `{old_path}` to `{new_path}`."
+    )

libs/langchain/langchain/agents/agent_toolkits/pandas/__init__.py

@@ -1 +1,22 @@
-"""Pandas toolkit."""
+from pathlib import Path
+from typing import Any
+
+from langchain._api.path import as_import_path
+
+
+def __getattr__(name: str) -> Any:
+    """Get attr name."""
+
+    here = as_import_path(Path(__file__).parent)
+
+    old_path = "langchain." + here + "." + name
+    new_path = "langchain_experimental." + here + "." + name
+    raise ImportError(
+        "This agent has been moved to langchain experiment. "
+        "This agent relies on python REPL tool under the hood, so to use it "
+        "safely please sandbox the python REPL. "
+        "Read https://github.com/langchain-ai/langchain/blob/master/SECURITY.md "
+        "and https://github.com/langchain-ai/langchain/discussions/11680"
+        "To keep using this code as is, install langchain experimental and "
+        f"update your import statement from:\n `{old_path}` to `{new_path}`."
+    )