From 684660e616b8ee918eee698945bf67371a5a9bc4 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 28 Nov 2025 22:07:23 +0000
Subject: [PATCH 1/4] Initial plan


From 10fb108932f8f76f168e557ff78523ea02ee920b Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 28 Nov 2025 22:09:49 +0000
Subject: [PATCH 2/4] Add input validation for conversation history length
 limits

Co-authored-by: xujiongze <31494901+xujiongze@users.noreply.github.com>
---
 python/app.py | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/python/app.py b/python/app.py
index a13fa33..f692123 100644
--- a/python/app.py
+++ b/python/app.py
@@ -10,6 +10,10 @@
 app = Flask(__name__)
 swagger = Swagger(app)
 
+# --- Input validation limits ---
+MAX_MESSAGES = int(os.getenv("MAX_MESSAGES", "50"))  # Maximum number of messages in history
+MAX_CONTENT_LENGTH = int(os.getenv("MAX_CONTENT_LENGTH", "100000"))  # Maximum total content length in characters
+
 
 def check_and_setup_data():
     """
@@ -183,6 +187,24 @@ def chat():
         if not messages:
             return jsonify({"error": "messages field required"}), 400
         
+        # Validate message count limit
+        if len(messages) > MAX_MESSAGES:
+            return jsonify({
+                "error": f"Too many messages. Maximum allowed is {MAX_MESSAGES}."
+            }), 400
+        
+        # Validate total content length
+        total_content_length = 0
+        for msg in messages:
+            question = msg.get("question", "") or ""
+            answer = msg.get("answer", "") or ""
+            total_content_length += len(question) + len(answer)
+        
+        if total_content_length > MAX_CONTENT_LENGTH:
+            return jsonify({
+                "error": f"Content too long. Maximum allowed is {MAX_CONTENT_LENGTH} characters."
+            }), 400
+        
         # Get the last message (current question)
         last_message = messages[-1]
         current_question = last_message.get("question", "").strip()

From 5c678af886bdf6e007d4c21371c12a8a17049631 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 28 Nov 2025 22:11:24 +0000
Subject: [PATCH 3/4] Add error handling for env vars and fix null value
 handling

Co-authored-by: xujiongze <31494901+xujiongze@users.noreply.github.com>
---
 python/app.py | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/python/app.py b/python/app.py
index f692123..9353476 100644
--- a/python/app.py
+++ b/python/app.py
@@ -11,8 +11,15 @@
 swagger = Swagger(app)
 
 # --- Input validation limits ---
-MAX_MESSAGES = int(os.getenv("MAX_MESSAGES", "50"))  # Maximum number of messages in history
-MAX_CONTENT_LENGTH = int(os.getenv("MAX_CONTENT_LENGTH", "100000"))  # Maximum total content length in characters
+def _safe_int_env(name: str, default: int) -> int:
+    """Safely parse an integer environment variable with fallback."""
+    try:
+        return int(os.getenv(name, str(default)))
+    except ValueError:
+        return default
+
+MAX_MESSAGES = _safe_int_env("MAX_MESSAGES", 50)  # Maximum number of messages in history
+MAX_CONTENT_LENGTH = _safe_int_env("MAX_CONTENT_LENGTH", 100000)  # Maximum total content length in characters
 
 
 def check_and_setup_data():
@@ -196,8 +203,8 @@ def chat():
         # Validate total content length
         total_content_length = 0
         for msg in messages:
-            question = msg.get("question", "") or ""
-            answer = msg.get("answer", "") or ""
+            question = msg.get("question") or ""
+            answer = msg.get("answer") or ""
             total_content_length += len(question) + len(answer)
         
         if total_content_length > MAX_CONTENT_LENGTH:

From 4f67e68e4219c29df8a1397ea357cdd44f77ce09 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 28 Nov 2025 22:12:26 +0000
Subject: [PATCH 4/4] Add early termination in content length validation for
 performance

Co-authored-by: xujiongze <31494901+xujiongze@users.noreply.github.com>
---
 python/app.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/python/app.py b/python/app.py
index 9353476..23f193f 100644
--- a/python/app.py
+++ b/python/app.py
@@ -206,6 +206,8 @@ def chat():
             question = msg.get("question") or ""
             answer = msg.get("answer") or ""
             total_content_length += len(question) + len(answer)
+            if total_content_length > MAX_CONTENT_LENGTH:
+                break
         
         if total_content_length > MAX_CONTENT_LENGTH:
             return jsonify({