stack

mosaic/stack

Fork 0

Commit Graph

Author	SHA1	Message	Date
Jason Woltje	17cfeb974b	fix(SEC-API-19+20): Validate brain search length and limit params All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details - Add @MaxLength(500) to BrainQueryDto.query and BrainQueryDto.search fields - Create BrainSearchDto with validated q (max 500 chars) and limit (1-100) fields - Update BrainController.search to use BrainSearchDto instead of raw query params - Add defensive validation in BrainService.search and BrainService.query methods: - Reject search terms exceeding 500 characters with BadRequestException - Clamp limit to valid range [1, 100] for defense-in-depth - Add comprehensive tests for DTO validation and service-level guards - Update existing controller tests for new search method signature Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-06 13:29:03 -06:00

Author

SHA1

Message

Date

Jason Woltje

17cfeb974b

fix(SEC-API-19+20): Validate brain search length and limit params

ci/woodpecker/push/woodpecker Pipeline was successful

Details

- Add @MaxLength(500) to BrainQueryDto.query and BrainQueryDto.search fields
- Create BrainSearchDto with validated q (max 500 chars) and limit (1-100) fields
- Update BrainController.search to use BrainSearchDto instead of raw query params
- Add defensive validation in BrainService.search and BrainService.query methods:
  - Reject search terms exceeding 500 characters with BadRequestException
  - Clamp limit to valid range [1, 100] for defense-in-depth
- Add comprehensive tests for DTO validation and service-level guards
- Update existing controller tests for new search method signature

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-06 13:29:03 -06:00

1 Commits