Restricting SymPy parser scope in math_utils to prevent arbitrary code execution #1586
Description
Analyzing the math grading logic in slime/rollout/rm_hub/math_utils.py identified a potential path for arbitrary code execution through the sympy.parsing.sympy_parser.parse_expr call.
SymPy's underlying implementation of parse_expr utilizes Python's eval(). Current guards in should_allow_eval rely on basic blacklisting, which can be bypassed using Python built-ins or alternative encodings to execute non-mathematical code.
Risks are particularly relevant in RL training scenarios where model-generated answers (the given_answer) could be manipulated via prompt injection or adversarial datasets to target the training infrastructure.
Refactoring the parsing logic to pass empty global_dict and local_dict to parse_expr, or disabling evaluation during parsing, would mitigate this without breaking the math comparison functionality.
Closing this execution gap ensures the robustness of the reward model pipeline, especially since this pattern is shared with several upstream projects.