TestJinja2SecurityBlocking Class — langchain Architecture
Architecture documentation for the TestJinja2SecurityBlocking class in test_serializable.py from the langchain codebase.
Entity Profile
Dependency Diagram
graph TD 6eac7a3c_5af8_e95a_bd3e_ee52ea07b9b0["TestJinja2SecurityBlocking"] 9ad47010_a7a4_8c98_a464_6b696766c212["ChatPromptTemplate"] 6eac7a3c_5af8_e95a_bd3e_ee52ea07b9b0 -->|extends| 9ad47010_a7a4_8c98_a464_6b696766c212 b38b43f8_5be7_5b6c_b01e_36ed41e70435["PromptTemplate"] 6eac7a3c_5af8_e95a_bd3e_ee52ea07b9b0 -->|extends| b38b43f8_5be7_5b6c_b01e_36ed41e70435 d90477e3_b806_4058_daf0_8495f08436d6["test_serializable.py"] 6eac7a3c_5af8_e95a_bd3e_ee52ea07b9b0 -->|defined in| d90477e3_b806_4058_daf0_8495f08436d6 2db10c8c_09be_b235_8f07_6f3a3e4433f3["test_fstring_template_allowed()"] 6eac7a3c_5af8_e95a_bd3e_ee52ea07b9b0 -->|method| 2db10c8c_09be_b235_8f07_6f3a3e4433f3 e9d83a8e_da8a_5001_c87d_746dc0874205["test_jinja2_template_blocked()"] 6eac7a3c_5af8_e95a_bd3e_ee52ea07b9b0 -->|method| e9d83a8e_da8a_5001_c87d_746dc0874205 c85cc6b9_f900_8b50_d064_fb819fb300ec["test_jinja2_blocked_standalone_prompt_template()"] 6eac7a3c_5af8_e95a_bd3e_ee52ea07b9b0 -->|method| c85cc6b9_f900_8b50_d064_fb819fb300ec 22a45c8c_316d_af50_d20a_b826005c829d["test_jinja2_blocked_by_default()"] 6eac7a3c_5af8_e95a_bd3e_ee52ea07b9b0 -->|method| 22a45c8c_316d_af50_d20a_b826005c829d
Relationship Graph
Source Code
libs/core/tests/unit_tests/load/test_serializable.py lines 715–893
class TestJinja2SecurityBlocking:
"""Tests blocking Jinja2 templates by default."""
def test_fstring_template_allowed(self) -> None:
"""Test that f-string templates deserialize successfully."""
# Serialized ChatPromptTemplate with f-string format
serialized = {
"lc": 1,
"type": "constructor",
"id": ["langchain", "prompts", "chat", "ChatPromptTemplate"],
"kwargs": {
"input_variables": ["name"],
"messages": [
{
"lc": 1,
"type": "constructor",
"id": [
"langchain",
"prompts",
"chat",
"HumanMessagePromptTemplate",
],
"kwargs": {
"prompt": {
"lc": 1,
"type": "constructor",
"id": [
"langchain",
"prompts",
"prompt",
"PromptTemplate",
],
"kwargs": {
"input_variables": ["name"],
"template": "Hello {name}",
"template_format": "f-string",
},
}
},
}
],
},
}
# f-string should deserialize successfully
loaded = load(
serialized,
allowed_objects=[
ChatPromptTemplate,
HumanMessagePromptTemplate,
PromptTemplate,
],
)
assert isinstance(loaded, ChatPromptTemplate)
assert loaded.input_variables == ["name"]
def test_jinja2_template_blocked(self) -> None:
"""Test that Jinja2 templates are blocked by default."""
# Malicious serialized payload attempting to use jinja2
malicious_serialized = {
"lc": 1,
"type": "constructor",
"id": ["langchain", "prompts", "chat", "ChatPromptTemplate"],
"kwargs": {
"input_variables": ["name"],
"messages": [
{
"lc": 1,
"type": "constructor",
"id": [
"langchain",
"prompts",
"chat",
"HumanMessagePromptTemplate",
],
"kwargs": {
"prompt": {
"lc": 1,
"type": "constructor",
"id": [
"langchain",Extends
Source
Frequently Asked Questions
What is the TestJinja2SecurityBlocking class?
TestJinja2SecurityBlocking is a class in the langchain codebase, defined in libs/core/tests/unit_tests/load/test_serializable.py.
Where is TestJinja2SecurityBlocking defined?
TestJinja2SecurityBlocking is defined in libs/core/tests/unit_tests/load/test_serializable.py at line 715.
What does TestJinja2SecurityBlocking extend?
TestJinja2SecurityBlocking extends ChatPromptTemplate, PromptTemplate.
Analyze Your Own Codebase
Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.
Try Supermodel Free