The defender's lens. Now that you have the CVE reproducing, you read the upstream patch line by line and identify the missing input validation. The patch read is the part students most often skip; the instructor guide explicitly warns against it.
Reading
- The upstream LangChain pull request that patched CVE-2025-65106 (link in cohort archive).
- Yaworski, Real-World Bug Hunting, the chapter on reading vendor fixes.
- OWASP cheatsheet on template-injection defence.
Lecture
Roughly three hours across two sessions. Key arc:
- The patch as the canonical defender document. Why every CVE write-up cites it.
- Reading a GitHub pull-request diff. The structural pattern.
- Identifying the missing validation. Where the vulnerable code accepts input as code.
- What the patch did NOT change, and why that matters for cross-language generalisation.
- The defender's checklist that falls out of the patch read.
Lab pack
Lab Pack 5 reads the upstream patch diff and produces the defender-lens summary. See Lab Pack 5.
Tools you will use
- GitHub web UI or your local git for the patch diff.
- Your reproduction harness from Module 4, to confirm the patch closes the surface in practice.
OWASP LLM and ASI anchor
The patch read maps the missing-validation gap to OWASP ASVS (Application Security Verification Standard) input-validation requirements. The capstone report's defender-lens section starts here.
Reflection prompts
- Name the exact line of the patch that closes the SSTI surface.
- Does the patch handle all the payloads in the canonical Jinja2 SSTI library? Identify one it does not.
- What did the maintainers explicitly choose NOT to change, and why is that defensible?
What is next
Module 6 builds the reproduction tool. The detector that scans a target install for the vulnerable LangChain version and emits a structured report.