fix(server): validate JSON data, sanitize inputs, and harden query parsing.
This commit is contained in:
@@ -42,6 +42,14 @@ def main():
|
|||||||
try:
|
try:
|
||||||
req = json.loads(raw_line)
|
req = json.loads(raw_line)
|
||||||
query = req.get("query", "")
|
query = req.get("query", "")
|
||||||
|
if not isinstance(query, str):
|
||||||
|
query = str(query)
|
||||||
|
query = query.strip()
|
||||||
|
if not query:
|
||||||
|
response = {"error": "query must be a non-empty string"}
|
||||||
|
sys.stdout.write(json.dumps(response) + "\n")
|
||||||
|
sys.stdout.flush()
|
||||||
|
continue
|
||||||
top_n = max(1, min(int(req.get("top_n", 5)), 20))
|
top_n = max(1, min(int(req.get("top_n", 5)), 20))
|
||||||
results, latency = retriever.retrieve(query, top_n=top_n)
|
results, latency = retriever.retrieve(query, top_n=top_n)
|
||||||
response = {"results": results, "latency_seconds": round(latency, 4)}
|
response = {"results": results, "latency_seconds": round(latency, 4)}
|
||||||
|
|||||||
Reference in New Issue
Block a user