hz/ebiz-dify-ai
1
0
Fork 0
mirror of http://112.124.100.131/huang.ze/ebiz-dify-ai.git synced 2025-12-16 06:16:53 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix vector db sql injection (#16096)

Browse Source
This commit is contained in:
Jyong
2025-03-18 15:07:29 +08:00
committed by GitHub
parent 750ec55646
commit 33ba7e659b
4 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api/core/rag/datasource/vdb/opengauss/opengauss.py
View File

@@ -155,7 +155,8 @@ class OpenGauss(BaseVector):
:return: List of Documents that are nearest to the query vector.
"""
top_k = kwargs.get("top_k", 4)
if not isinstance(top_k, int) or top_k <= 0:
raise ValueError("top_k must be a positive integer")
with self._get_cursor() as cur:
cur.execute(
f"SELECT meta, text, embedding <=> %s AS distance FROM {self.table_name}"
@@ -174,7 +175,8 @@ class OpenGauss(BaseVector):
def search_by_full_text(self, query: str, **kwargs: Any) -> list[Document]:
top_k = kwargs.get("top_k", 5)
if not isinstance(top_k, int) or top_k <= 0:
raise ValueError("top_k must be a positive integer")
with self._get_cursor() as cur:
cur.execute(
f"""SELECT meta, text, ts_rank(to_tsvector(coalesce(text, '')), plainto_tsquery(%s)) AS score