Skip to content

Add input validation limits for conversation history in /chat endpoint #97

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Copilot wants to merge 4 commits into from
Closed

Add input validation limits for conversation history in /chat endpoint #97

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
684660e
Initial plan
Copilot Nov 28, 2025
10fb108
Add input validation for conversation history length limits
Copilot Nov 28, 2025
5c678af
Add error handling for env vars and fix null value handling
Copilot Nov 28, 2025
4f67e68
Add early termination in content length validation for performance
Copilot Nov 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 31 additions & 0 deletions python/app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,17 @@
app = Flask(__name__)
swagger = Swagger(app)

# --- Input validation limits ---
def _safe_int_env(name: str, default: int) -> int:
"""Safely parse an integer environment variable with fallback."""
try:
return int(os.getenv(name, str(default)))
except ValueError:
return default

MAX_MESSAGES = _safe_int_env("MAX_MESSAGES", 50) # Maximum number of messages in history
MAX_CONTENT_LENGTH = _safe_int_env("MAX_CONTENT_LENGTH", 100000) # Maximum total content length in characters


def check_and_setup_data():
"""
Expand Down Expand Up @@ -183,6 +194,26 @@ def chat():
if not messages:
return jsonify({"error": "messages field required"}), 400

# Validate message count limit
if len(messages) > MAX_MESSAGES:
return jsonify({
"error": f"Too many messages. Maximum allowed is {MAX_MESSAGES}."
}), 400

# Validate total content length
total_content_length = 0
for msg in messages:
question = msg.get("question") or ""
answer = msg.get("answer") or ""
total_content_length += len(question) + len(answer)
if total_content_length > MAX_CONTENT_LENGTH:
break

if total_content_length > MAX_CONTENT_LENGTH:
return jsonify({
"error": f"Content too long. Maximum allowed is {MAX_CONTENT_LENGTH} characters."
}), 400

# Get the last message (current question)
last_message = messages[-1]
current_question = last_message.get("question", "").strip()
Expand Down