test_fstring_rejects_invalid_identifier_variable_names() — langchain Function Reference

Architecture documentation for the test_fstring_rejects_invalid_identifier_variable_names() function in test_chat.py from the langchain codebase.

Function python LangChainCore LanguageModelBase

Entity Profile

LangChainCore→ LanguageModelBase→ test_fstring_rejects_invalid_identifier_variable_names() — langchain Function Reference

Dependency Diagram

graph TD
  1a12a531_d4f3_2323_a957_1acf7ba545ad["test_fstring_rejects_invalid_identifier_variable_names()"]
  00c8bbe0_a31c_1ac8_487a_bfd5a9d6b117["test_chat.py"]
  1a12a531_d4f3_2323_a957_1acf7ba545ad -->|defined in| 00c8bbe0_a31c_1ac8_487a_bfd5a9d6b117
  style 1a12a531_d4f3_2323_a957_1acf7ba545ad fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

libs/core/tests/unit_tests/prompts/test_chat.py lines 1892–1951

def test_fstring_rejects_invalid_identifier_variable_names() -> None:
    """Test that f-string templates block attribute access, indexing.

    This validation prevents template injection attacks by blocking:
    - Attribute access like {msg.__class__}
    - Indexing like {msg[0]}
    - All-digit variable names like {0} or {100} (interpreted as positional args)

    While allowing any other field names that Python's Formatter accepts.
    """
    # Test that attribute access and indexing are blocked (security issue)
    invalid_templates = [
        "{msg.__class__}",  # Attribute access with dunder
        "{msg.__class__.__name__}",  # Multiple dunders
        "{msg.content}",  # Attribute access
        "{msg[0]}",  # Item access
        "{0}",  # All-digit variable name (positional argument)
        "{100}",  # All-digit variable name (positional argument)
        "{42}",  # All-digit variable name (positional argument)
    ]

    for template_str in invalid_templates:
        with pytest.raises(ValueError, match="Invalid variable name") as exc_info:
            ChatPromptTemplate.from_messages(
                [("human", template_str)],
                template_format="f-string",
            )

        error_msg = str(exc_info.value)
        assert "Invalid variable name" in error_msg
        # Check for any of the expected error message parts
        assert (
            "attribute access" in error_msg
            or "indexing" in error_msg
            or "positional arguments" in error_msg
        )

    # Valid templates - Python's Formatter accepts non-identifier field names
    valid_templates = [
        (
            "Hello {name} and {user_id}",
            {"name": "Alice", "user_id": "123"},
            "Hello Alice and 123",
        ),
        ("User: {user-name}", {"user-name": "Bob"}, "User: Bob"),  # Hyphen allowed
        (
            "Value: {2fast}",
            {"2fast": "Charlie"},
            "Value: Charlie",
        ),  # Starts with digit allowed
        ("Data: {my var}", {"my var": "Dave"}, "Data: Dave"),  # Space allowed
    ]

    for template_str, kwargs, expected in valid_templates:
        template = ChatPromptTemplate.from_messages(
            [("human", template_str)],
            template_format="f-string",
        )
        result = template.invoke(kwargs)
        assert result.messages[0].content == expected  # type: ignore[attr-defined]

Domain

LangChainCore

Subdomains

LanguageModelBase

Defined In

libs/core/tests/unit_tests/prompts/test_chat.py

Source

View on GitHub

Frequently Asked Questions

What does test_fstring_rejects_invalid_identifier_variable_names() do?

test_fstring_rejects_invalid_identifier_variable_names() is a function in the langchain codebase, defined in libs/core/tests/unit_tests/prompts/test_chat.py.

Where is test_fstring_rejects_invalid_identifier_variable_names() defined?

test_fstring_rejects_invalid_identifier_variable_names() is defined in libs/core/tests/unit_tests/prompts/test_chat.py at line 1892.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free