Safety check implemented incorrectly

[rhiever]

System Info

OS version: Latest MacOS
Python version: 3.9
The current version of pandasai being used: 2.4.0

🐛 Describe the bug

The current safety check seems to be checking if any of these strings are in any of the generated code: "io", "os", "subprocess", "sys", "importlib"

So it's firing off on a matplotlib plt.title command with the word "Distribution" in it, for example.

Please fix!

[dosubot]

Hey @rhiever! I'm here to help you with bug fixes, answer your questions, and guide you on becoming a contributor. Let's squash those bugs together! 🤖

The issue you're encountering is due to the safety check in the BaseRestrictedModule class, which is designed to prevent the use of potentially unsafe modules by checking for specific strings like "io", "os", "subprocess", "sys", and "importlib" in the arguments of functions ^[1]. This check is likely too broad, causing it to incorrectly flag safe code, such as a matplotlib plt.title command containing the word "Distribution".

To address this, you might consider refining the safety check to be more context-aware. For example, you could implement a more sophisticated parsing mechanism that distinguishes between safe and unsafe uses of these keywords, or adjust the logic to only flag these keywords when they appear in specific contexts that are more likely to indicate a security risk.

To continue talking to Dosu, mention @dosu.

[ilyasch199]

i just got the same problem :
pandasai.safe_libs.base_restricted_module.SecurityError: Potential security risk: 'Distribution of Sepal Length in cm' is not allowed

[XJTU-JP]

I also met the same problem. How did you solve it? Hope to hear your suggestions @rhiever @ilyasch199