mirror of
https://github.com/Tencent/WeKnora.git
synced 2026-06-04 13:30:32 +08:00
refactor: Sanitize log inputs in FAQ, Knowledge, and KnowledgeBase handlers to enhance security
This commit is contained in:
wizardchen
@@ -32,7 +32,7 @@ func (h *FAQHandler) ListEntries(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
tagID := c.Query("tag_id")
|
||||
tagID := secutils.SanitizeForLog(c.Query("tag_id"))
|
||||
|
||||
result, err := h.knowledgeService.ListFAQEntries(ctx, secutils.SanitizeForLog(c.Param("id")), &page, tagID)
|
||||
if err != nil {
|
||||
@@ -177,6 +177,12 @@ func (h *FAQHandler) SearchFAQ(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
req.QueryText = secutils.SanitizeForLog(req.QueryText)
|
||||
if req.MatchCount <= 0 {
|
||||
req.MatchCount = 10
|
||||
}
|
||||
if req.MatchCount > 200 {
|
||||
req.MatchCount = 200
|
||||
}
|
||||
entries, err := h.knowledgeService.SearchFAQEntries(ctx, secutils.SanitizeForLog(c.Param("id")), &req)
|
||||
if err != nil {
|
||||
logger.ErrorWithFields(ctx, err, nil)
|
||||
|
||||
@@ -238,7 +238,8 @@ func (h *KnowledgeHandler) CreateManualKnowledge(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
logger.Infof(ctx, "Manual knowledge created successfully, knowledge ID: %s", secutils.SanitizeForLog(knowledge.ID))
|
||||
logger.Infof(ctx, "Manual knowledge created successfully, knowledge ID: %s",
|
||||
secutils.SanitizeForLog(knowledge.ID))
|
||||
c.JSON(http.StatusOK, gin.H{
|
||||
"success": true,
|
||||
"data": knowledge,
|
||||
|
||||
@@ -33,7 +33,7 @@ func (h *KnowledgeBaseHandler) HybridSearch(c *gin.Context) {
|
||||
logger.Info(ctx, "Start hybrid search")
|
||||
|
||||
// Validate knowledge base ID
|
||||
id := c.Param("id")
|
||||
id := secutils.SanitizeForLog(c.Param("id"))
|
||||
if id == "" {
|
||||
logger.Error(ctx, "Knowledge base ID is empty")
|
||||
c.Error(errors.NewBadRequestError("Knowledge base ID cannot be empty"))
|
||||
@@ -48,7 +48,8 @@ func (h *KnowledgeBaseHandler) HybridSearch(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
logger.Infof(ctx, "Executing hybrid search, knowledge base ID: %s, query: %s", id, req.QueryText)
|
||||
logger.Infof(ctx, "Executing hybrid search, knowledge base ID: %s, query: %s",
|
||||
secutils.SanitizeForLog(id), secutils.SanitizeForLog(req.QueryText))
|
||||
|
||||
// Execute hybrid search with default search parameters
|
||||
results, err := h.service.HybridSearch(ctx, id, req)
|
||||
@@ -58,7 +59,8 @@ func (h *KnowledgeBaseHandler) HybridSearch(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
logger.Infof(ctx, "Hybrid search completed, knowledge base ID: %s, result count: %d", id, len(results))
|
||||
logger.Infof(ctx, "Hybrid search completed, knowledge base ID: %s, result count: %d",
|
||||
secutils.SanitizeForLog(id), len(results))
|
||||
c.JSON(http.StatusOK, gin.H{
|
||||
"success": true,
|
||||
"data": results,
|
||||
@@ -79,7 +81,7 @@ func (h *KnowledgeBaseHandler) CreateKnowledgeBase(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
logger.Infof(ctx, "Creating knowledge base, name: %s", req.Name)
|
||||
logger.Infof(ctx, "Creating knowledge base, name: %s", secutils.SanitizeForLog(req.Name))
|
||||
// Create knowledge base using the service
|
||||
kb, err := h.service.CreateKnowledgeBase(ctx, &req)
|
||||
if err != nil {
|
||||
@@ -88,7 +90,8 @@ func (h *KnowledgeBaseHandler) CreateKnowledgeBase(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
logger.Infof(ctx, "Knowledge base created successfully, ID: %s, name: %s", kb.ID, kb.Name)
|
||||
logger.Infof(ctx, "Knowledge base created successfully, ID: %s, name: %s",
|
||||
secutils.SanitizeForLog(kb.ID), secutils.SanitizeForLog(kb.Name))
|
||||
c.JSON(http.StatusCreated, gin.H{
|
||||
"success": true,
|
||||
"data": kb,
|
||||
@@ -194,7 +197,8 @@ func (h *KnowledgeBaseHandler) UpdateKnowledgeBase(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
logger.Infof(ctx, "Updating knowledge base, ID: %s, name: %s", id, req.Name)
|
||||
logger.Infof(ctx, "Updating knowledge base, ID: %s, name: %s",
|
||||
secutils.SanitizeForLog(id), secutils.SanitizeForLog(req.Name))
|
||||
|
||||
// Update the knowledge base
|
||||
kb, err := h.service.UpdateKnowledgeBase(ctx, id, req.Name, req.Description, req.Config)
|
||||
@@ -204,7 +208,8 @@ func (h *KnowledgeBaseHandler) UpdateKnowledgeBase(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
logger.Infof(ctx, "Knowledge base updated successfully, ID: %s", id)
|
||||
logger.Infof(ctx, "Knowledge base updated successfully, ID: %s",
|
||||
secutils.SanitizeForLog(id))
|
||||
c.JSON(http.StatusOK, gin.H{
|
||||
"success": true,
|
||||
"data": kb,
|
||||
@@ -223,7 +228,8 @@ func (h *KnowledgeBaseHandler) DeleteKnowledgeBase(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
logger.Infof(ctx, "Deleting knowledge base, ID: %s, name: %s", id, kb.Name)
|
||||
logger.Infof(ctx, "Deleting knowledge base, ID: %s, name: %s",
|
||||
secutils.SanitizeForLog(id), secutils.SanitizeForLog(kb.Name))
|
||||
|
||||
// Delete the knowledge base
|
||||
if err := h.service.DeleteKnowledgeBase(ctx, id); err != nil {
|
||||
@@ -232,7 +238,8 @@ func (h *KnowledgeBaseHandler) DeleteKnowledgeBase(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
logger.Infof(ctx, "Knowledge base deleted successfully, ID: %s", id)
|
||||
logger.Infof(ctx, "Knowledge base deleted successfully, ID: %s",
|
||||
secutils.SanitizeForLog(id))
|
||||
c.JSON(http.StatusOK, gin.H{
|
||||
"success": true,
|
||||
"message": "Knowledge base deleted successfully",
|
||||
@@ -256,10 +263,12 @@ func (h *KnowledgeBaseHandler) CopyKnowledgeBase(c *gin.Context) {
|
||||
go func(ctx context.Context) {
|
||||
err := h.knowledgeService.CloneKnowledgeBase(ctx, req.SourceID, req.TargetID)
|
||||
if err != nil {
|
||||
logger.Errorf(ctx, "Failed to copy knowledge base, ID: %s to ID: %s", req.SourceID, req.TargetID)
|
||||
logger.Errorf(ctx, "Failed to copy knowledge base, ID: %s to ID: %s",
|
||||
secutils.SanitizeForLog(req.SourceID), secutils.SanitizeForLog(req.TargetID))
|
||||
return
|
||||
}
|
||||
logger.Infof(ctx, "Knowledge base copy from ID: %s to ID: %s successfully", req.SourceID, req.TargetID)
|
||||
logger.Infof(ctx, "Knowledge base copy from ID: %s to ID: %s successfully",
|
||||
secutils.SanitizeForLog(req.SourceID), secutils.SanitizeForLog(req.TargetID))
|
||||
}(logger.CloneContext(ctx))
|
||||
|
||||
c.JSON(http.StatusOK, gin.H{
|
||||
|
||||
@@ -297,7 +297,8 @@ func (h *Handler) AgentQA(c *gin.Context) {
|
||||
logger.Infof(ctx, "Delegating to KnowledgeQA with knowledge bases: %s", secutils.SanitizeForLog(fmt.Sprintf("%v", knowledgeBaseIDs)))
|
||||
|
||||
// Use shared function to handle KnowledgeQA request (no title generation for AgentQA fallback)
|
||||
h.handleKnowledgeQARequest(ctx, c, session, request.Query, knowledgeBaseIDs, assistantMessage, false, request.SummaryModelID, request.WebSearchEnabled)
|
||||
h.handleKnowledgeQARequest(ctx, c, session, secutils.SanitizeForLog(request.Query),
|
||||
secutils.SanitizeForLogArray(knowledgeBaseIDs), assistantMessage, false, secutils.SanitizeForLog(request.SummaryModelID), request.WebSearchEnabled)
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user