Skip to content

security: Add input validation and size limits for data ingestion#6

Merged
nik-kale merged 1 commit intomainfrom
security/input-validation-and-limits
Dec 26, 2025
Merged

security: Add input validation and size limits for data ingestion#6
nik-kale merged 1 commit intomainfrom
security/input-validation-and-limits

Conversation

@nik-kale
Copy link
Copy Markdown
Owner

@nik-kale nik-kale commented Dec 26, 2025

Summary

This PR adds comprehensive security controls for data ingestion, including path validation, size limits, and safe error handling. It also fixes the use of deprecated datetime.utcnow() throughout the codebase.

Changes

  • Created autorca_core/validation.py module with security controls:
    • Path traversal prevention with validate_path()
    • File size limits with check_file_size()
    • Line length limits with check_line_length()
    • Total event count limits with check_total_events()
    • Error message sanitization with sanitize_error_message()
  • Added IngestionLimits dataclass with configurable limits
  • Updated load_logs() to use validation and limits
  • Replaced all datetime.utcnow() with datetime.now(timezone.utc) (Python 3.12+ compatible)
  • Added preset configurations: strict() and relaxed() limits
  • Exported validation classes from package __init__.py

Type of Change

  • Security patch (fixes security vulnerabilities)
  • Bug fix (deprecated API usage)

Testing

Tested with various file sizes and paths. Verified that:

  • Path traversal attempts are blocked
  • Oversized files are rejected
  • Deprecated datetime warnings are eliminated
  • Error messages don't leak sensitive paths

Security Improvements

  • Path Traversal Protection: Validates all file paths stay within expected directories
  • Resource Exhaustion Prevention: Limits file sizes, line lengths, and total events
  • Information Disclosure: Sanitizes error messages to avoid leaking paths
  • Python 3.12+ Compatibility: Uses timezone-aware datetimes

Checklist

  • Code follows project style guidelines
  • Self-review completed
  • No new warnings introduced
  • Security improvements verified

Related Issues

Implements Feature #5 from feature roadmap

@chatgpt-codex-connector
Copy link
Copy Markdown

chatgpt-codex-connector bot commented Dec 26, 2025

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

@nik-kale nik-kale force-pushed the security/input-validation-and-limits branch from 0ac8e01 to e995376 Compare December 26, 2025 23:56
@nik-kale nik-kale merged commit 5fc30ff into main Dec 26, 2025
@nik-kale nik-kale mentioned this pull request Dec 27, 2025
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nik-kale @nikkal12