Skip to content

Allow builtin functions when "*" in authorized imports #1832

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Allow builtin functions when "*" in authorized imports #1832

wants to merge 1 commit into from

Conversation

@suryabdev
Copy link
Contributor

@suryabdev suryabdev commented Oct 24, 2025
edited
Loading

Fix for #1830

Use case:

  • User wants to make smolagents work with local files.
  • They've modified the prompt to indicate that there are authorized files the LLM can access.
  • They are passing additional_authorized_imports=["*"].
  • But when the generated python code tries to open the file the forbidden function error is faced.
    Side note: The LLM retries with pandas.open and that passes

I think it is fair for the user to assume that builtin functions will be available when they use *

Code to reproduce the issue

from smolagents import LocalPythonExecutor
executor = LocalPythonExecutor(additional_authorized_imports=['*'])
executor.send_tools({})
print(executor("""with open('sample.txt', 'rb') as f:
    data = f.read()
print(data)"""))

Error

smolagents.local_python_executor.InterpreterError: Code execution failed at line 'with open('myfile.xlsx', 'rb') as f:
    data = f.read()' due to: InterpreterError: Forbidden function evaluation: 'open' is not among the explicitly allowed tools or defined/imported in the preceding code

After change

CodeOutput(output=None, logs="b'hello world!'\n", is_final_answer=False)

@suryabdev suryabdev mentioned this pull request Oct 24, 2025
Open
5 tasks
suryabdev
suryabdev commented Oct 24, 2025
View reviewed changes
src/smolagents/local_python_executor.py
func = custom_tools[func_name]
elif func_name in ERRORS:
func = ERRORS[func_name]
elif "*" in authorized_imports and hasattr(builtins, func_name):
Copy link
Contributor Author

@suryabdev suryabdev Oct 24, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interestingly, open will work while other builtin functions like exec will get caught at

smolagents/src/smolagents/local_python_executor.py

Line 859 in a4850b9

if (inspect.getmodule(func) == builtins) and inspect.isbuiltin(func) and (func not in static_tools.values()):

With

smolagents.local_python_executor.InterpreterError: Code execution failed at line 'exec(code_string)' due to: InterpreterError: Invoking a builtin function that has not been explicitly added as a tool is not allowed (exec).

Because, open belongs to the io module

>>> import inspect
>>> inspect.getmodule(open)
<module '_io' (built-in)>
>>> inspect.getmodule(exec)
<module 'builtins' (built-in)>

I'm not a python security expert. Should we allow eval/exec if the user says it is ok (By passing in *)?

I'll add a unit test and change the Invoking a builtin function once we decide

@suryabdev
Copy link
Contributor Author

cc: @albertvillanova / @aymeric-roucher Please take a look when free

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@suryabdev