hz/ebiz-dify-ai
1
0
Fork 0
mirror of http://112.124.100.131/huang.ze/ebiz-dify-ai.git synced 2025-12-16 06:16:53 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix vector db sql injection (#16096)

Browse Source
This commit is contained in:
Jyong
2025-03-18 15:07:29 +08:00
committed by GitHub
parent 750ec55646
commit 33ba7e659b
4 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api/core/rag/datasource/vdb/analyticdb/analyticdb_vector_sql.py
View File

@@ -194,6 +194,8 @@ class AnalyticdbVectorBySql:
def search_by_vector(self, query_vector: list[float], **kwargs: Any) -> list[Document]:
top_k = kwargs.get("top_k", 4)
if not isinstance(top_k, int) or top_k <= 0:
raise ValueError("top_k must be a positive integer")
score_threshold = float(kwargs.get("score_threshold") or 0.0)
with self._get_cursor() as cur:
query_vector_str = json.dumps(query_vector)
@@ -220,6 +222,8 @@ class AnalyticdbVectorBySql:
def search_by_full_text(self, query: str, **kwargs: Any) -> list[Document]:
top_k = kwargs.get("top_k", 4)
if not isinstance(top_k, int) or top_k <= 0:
raise ValueError("top_k must be a positive integer")
with self._get_cursor() as cur:
cur.execute(
f"""SELECT id, vector, page_content, metadata_,