OpenSource
/
dify
Obserwuj 4
Gwiazdka 0
Forkuj 0
Kod Problemy 0 Pull Requests 0 Wydania 152 Wiki Aktywność
Przeglądaj źródła

fix vector db sql injection (#16096)

tags/1.1.0
Jyong 7 miesięcy temu
rodzic
750ec55646
commit
33ba7e659b
No account linked to committer's email address
4 zmienionych plików z 14 dodań i 3 usunięć
Zunifikowany widok Pokaż statystyki zmian
  1. 4
    0
      api/core/rag/datasource/vdb/analyticdb/analyticdb_vector_sql.py
  2. 2
    0
      api/core/rag/datasource/vdb/myscale/myscale_vector.py
  3. 4
    2
      api/core/rag/datasource/vdb/opengauss/opengauss.py
  4. 4
    1
      api/core/rag/datasource/vdb/pgvector/pgvector.py

+ 4
- 0
api/core/rag/datasource/vdb/analyticdb/analyticdb_vector_sql.py Wyświetl plik



def search_by_vector(self, query_vector: list[float], **kwargs: Any) -> list[Document]: def search_by_vector(self, query_vector: list[float], **kwargs: Any) -> list[Document]:
top_k = kwargs.get("top_k", 4) top_k = kwargs.get("top_k", 4)
if not isinstance(top_k, int) or top_k <= 0:
raise ValueError("top_k must be a positive integer")
score_threshold = float(kwargs.get("score_threshold") or 0.0) score_threshold = float(kwargs.get("score_threshold") or 0.0)
with self._get_cursor() as cur: with self._get_cursor() as cur:
query_vector_str = json.dumps(query_vector) query_vector_str = json.dumps(query_vector)


def search_by_full_text(self, query: str, **kwargs: Any) -> list[Document]: def search_by_full_text(self, query: str, **kwargs: Any) -> list[Document]:
top_k = kwargs.get("top_k", 4) top_k = kwargs.get("top_k", 4)
if not isinstance(top_k, int) or top_k <= 0:
raise ValueError("top_k must be a positive integer")
with self._get_cursor() as cur: with self._get_cursor() as cur:
cur.execute( cur.execute(
f"""SELECT id, vector, page_content, metadata_, f"""SELECT id, vector, page_content, metadata_,

+ 2
- 0
api/core/rag/datasource/vdb/myscale/myscale_vector.py Wyświetl plik



def _search(self, dist: str, order: SortOrder, **kwargs: Any) -> list[Document]: def _search(self, dist: str, order: SortOrder, **kwargs: Any) -> list[Document]:
top_k = kwargs.get("top_k", 4) top_k = kwargs.get("top_k", 4)
if not isinstance(top_k, int) or top_k <= 0:
raise ValueError("top_k must be a positive integer")
score_threshold = float(kwargs.get("score_threshold") or 0.0) score_threshold = float(kwargs.get("score_threshold") or 0.0)
where_str = ( where_str = (
f"WHERE dist < {1 - score_threshold}" f"WHERE dist < {1 - score_threshold}"

+ 4
- 2
api/core/rag/datasource/vdb/opengauss/opengauss.py Wyświetl plik

:return: List of Documents that are nearest to the query vector. :return: List of Documents that are nearest to the query vector.
""" """
top_k = kwargs.get("top_k", 4) top_k = kwargs.get("top_k", 4)

if not isinstance(top_k, int) or top_k <= 0:
raise ValueError("top_k must be a positive integer")
with self._get_cursor() as cur: with self._get_cursor() as cur:
cur.execute( cur.execute(
f"SELECT meta, text, embedding <=> %s AS distance FROM {self.table_name}" f"SELECT meta, text, embedding <=> %s AS distance FROM {self.table_name}"


def search_by_full_text(self, query: str, **kwargs: Any) -> list[Document]: def search_by_full_text(self, query: str, **kwargs: Any) -> list[Document]:
top_k = kwargs.get("top_k", 5) top_k = kwargs.get("top_k", 5)

if not isinstance(top_k, int) or top_k <= 0:
raise ValueError("top_k must be a positive integer")
with self._get_cursor() as cur: with self._get_cursor() as cur:
cur.execute( cur.execute(
f"""SELECT meta, text, ts_rank(to_tsvector(coalesce(text, '')), plainto_tsquery(%s)) AS score f"""SELECT meta, text, ts_rank(to_tsvector(coalesce(text, '')), plainto_tsquery(%s)) AS score

+ 4
- 1
api/core/rag/datasource/vdb/pgvector/pgvector.py Wyświetl plik

:return: List of Documents that are nearest to the query vector. :return: List of Documents that are nearest to the query vector.
""" """
top_k = kwargs.get("top_k", 4) top_k = kwargs.get("top_k", 4)
if not isinstance(top_k, int) or top_k <= 0:
raise ValueError("top_k must be a positive integer")


with self._get_cursor() as cur: with self._get_cursor() as cur:
cur.execute( cur.execute(


def search_by_full_text(self, query: str, **kwargs: Any) -> list[Document]: def search_by_full_text(self, query: str, **kwargs: Any) -> list[Document]:
top_k = kwargs.get("top_k", 5) top_k = kwargs.get("top_k", 5)

if not isinstance(top_k, int) or top_k <= 0:
raise ValueError("top_k must be a positive integer")
with self._get_cursor() as cur: with self._get_cursor() as cur:
if self.pg_bigm: if self.pg_bigm:
cur.execute("SET pg_bigm.similarity_limit TO 0.000001") cur.execute("SET pg_bigm.similarity_limit TO 0.000001")

Napisz Podgląd
Ładowanie…
Anuluj
Zapisz