fix: harden server input validation and prevent information leakage.

2026-05-03 17:25:25 +05:30
parent 844973fb39
commit d2a75be7b6
4 changed files with 36 additions and 16 deletions
@@ -42,11 +42,11 @@ def main():
        try:
            req = json.loads(raw_line)
            query = req.get("query", "")
-            top_n = int(req.get("top_n", 5))
+            top_n = max(1, min(int(req.get("top_n", 5)), 20))
            results, latency = retriever.retrieve(query, top_n=top_n)
            response = {"results": results, "latency_seconds": round(latency, 4)}
-        except Exception as exc:
-            response = {"error": str(exc)}
+        except Exception:
+            response = {"error": "retrieval_failed"}

        sys.stdout.write(json.dumps(response) + "\n")
        sys.stdout.flush()