fix: sanitize FTS5 queries and close mirror DB connections
Two bugs fixed:
1. search_messages() crashes with OperationalError when user queries
contain FTS5 special characters (+, ", (, {, dangling AND/OR, etc).
Added _sanitize_fts5_query() to strip dangerous operators and a
fallback try-except for edge cases.
2. _append_to_sqlite() in mirror.py creates a new SessionDB per call
but never closes it, leaking SQLite connections. Added finally block
to ensure db.close() is always called.
This commit is contained in:
0xbyt4
parent
b98301677a
commit
33cfe1515d
4 changed files with 112 additions and 1 deletions
|
|
@ -111,6 +111,7 @@ def _append_to_jsonl(session_id: str, message: dict) -> None:
|
|||
|
||||
def _append_to_sqlite(session_id: str, message: dict) -> None:
|
||||
"""Append a message to the SQLite session database."""
|
||||
db = None
|
||||
try:
|
||||
from hermes_state import SessionDB
|
||||
db = SessionDB()
|
||||
|
|
@ -121,3 +122,6 @@ def _append_to_sqlite(session_id: str, message: dict) -> None:
|
|||
)
|
||||
except Exception as e:
|
||||
logger.debug("Mirror SQLite write failed: %s", e)
|
||||
finally:
|
||||
if db is not None:
|
||||
db.close()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue