gardel/lightrag
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1325 from venkateshpabbati/main

Browse Source 
security fix
This commit is contained in:
zrguo
2025-05-12 16:25:11 +08:00
committed by GitHub
parent f6dac9c287 aadb5fa700
commit 61a21f8d5d
3 changed files with 52 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.github/dependabot.yml vendored Normal file
View File

@@ -0,0 +1,11 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
version: 2
updates:
- package-ecosystem: "pip" # See documentation for possible values
directory: "/" # Location of package manifests
schedule:
interval: "weekly"

21
SECURITY.md Normal file
View File

@@ -0,0 +1,21 @@
# Security Policy
## Supported Versions
Use this section to tell people about which versions of your project are
currently being supported with security updates.
| Version | Supported |
| ------- | ------------------ |
| 5.1.x | :white_check_mark: |
| 5.0.x | :x: |
| 4.0.x | :white_check_mark: |
| < 4.0 | :x: |
## Reporting a Vulnerability
Use this section to tell people how to report a vulnerability.
Tell them where to go, how often they can expect to get an update on a
reported vulnerability, what to expect if the vulnerability is accepted or
declined, etc.

27
lightrag/kg/tidb_impl.py
View File

@@ -23,6 +23,14 @@ if not pm.is_installed("sqlalchemy"):
from sqlalchemy import create_engine, text # type: ignore
def sanitize_sensitive_info(data: dict) -> dict:
sanitized_data = data.copy()
sensitive_fields = ['password', 'user', 'host', 'database', 'port', 'ssl_verify_cert', 'ssl_verify_identity']
for field in sensitive_fields:
if field in sanitized_data:
sanitized_data[field] = '***'
return sanitized_data
class TiDB:
def __init__(self, config, **kwargs):
self.host = config.get("host", None)
@@ -38,9 +46,9 @@ class TiDB:
try:
self.engine = create_engine(connection_string)
logger.info(f"Connected to TiDB database at {self.database}")
logger.info("Connected to TiDB database")
except Exception as e:
logger.error(f"Failed to connect to TiDB database at {self.database}")
logger.error("Failed to connect to TiDB database")
logger.error(f"TiDB database error: {e}")
raise
@@ -55,13 +63,13 @@ class TiDB:
try:
await self.query(f"SELECT 1 FROM {k}".format(k=k))
except Exception as e:
logger.error(f"Failed to check table {k} in TiDB database")
logger.error("Failed to check table in TiDB database")
logger.error(f"TiDB database error: {e}")
try:
await self.execute(v["ddl"])
logger.info(f"Created table {k} in TiDB database")
logger.info("Created table in TiDB database")
except Exception as e:
logger.error(f"Failed to create table {k} in TiDB database")
logger.error("Failed to create table in TiDB database")
logger.error(f"TiDB database error: {e}")
# After all tables are created, try to migrate timestamp fields
@@ -82,7 +90,10 @@ class TiDB:
try:
result = conn.execute(text(sql), params)
except Exception as e:
logger.error(f"Tidb database,\nsql:{sql},\nparams:{params},\nerror:{e}")
sanitized_params = sanitize_sensitive_info(params)
sanitized_params = sanitize_sensitive_info(params)
sanitized_error = sanitize_sensitive_info({'error': str(e)})
logger.error(f"Tidb database,\nsql:{sql},\nparams:{sanitized_params},\nerror:{sanitized_error}")
raise
if multirows:
rows = result.all()
@@ -107,7 +118,9 @@ class TiDB:
else:
conn.execute(text(sql), parameters=data)
except Exception as e:
logger.error(f"Tidb database,\nsql:{sql},\ndata:{data},\nerror:{e}")
sanitized_data = sanitize_sensitive_info(data) if data else None
sanitized_error = sanitize_sensitive_info({'error': str(e)})
logger.error(f"Tidb database,\nsql:{sql},\ndata:{sanitized_data},\nerror:{sanitized_error}")
raise