diff options
| author | A.J. Shulman <Shulman.aj@gmail.com> | 2024-11-06 22:23:03 -0500 | 
|---|---|---|
| committer | A.J. Shulman <Shulman.aj@gmail.com> | 2024-11-06 22:23:03 -0500 | 
| commit | 5d4e19ad5961e42b90f7bfc920ea80da6edc5089 (patch) | |
| tree | 5d6d7e86130a25e034114100de90d25a68c3494d /solr-8.3.1/server/scripts/cloud-scripts | |
| parent | 09d7d63d1f248a0bf1d36e4da804cbde5e12e209 (diff) | |
Enhance assistant security with structured validation and input sanitization
- Prompt enhancements:
  - Enforce strict response structure validation by requiring <stage>, <thought>, <action>, and <answer> tags in responses.
  - Add self-validation instruction in <final_instruction> for assistant to check response structure before outputting.
  - Instruct assistant to ignore XML-like syntax from user input, treating any <stage>, <action>, etc., as plain text.
- Code changes:
  - Implement `validateAssistantResponse` function to enforce required response structure (e.g., ensuring <stage> element).
  - Add input sanitization using `lodash.escape` to treat user inputs as plain text, preventing XML or HTML injection.
  - Configure XML parser to ignore external entities and avoid interpreting embedded XML-like syntax.
  - Introduce fallback error handling in parsing and validation to prevent assistant crashes on malformed or unexpected input.
  - Log response errors with detailed messages to aid debugging and improve system resilience.
  - Enhance input validation for tools by adding parameter checks, handling malformed data gracefully, and logging safety errors.
Diffstat (limited to 'solr-8.3.1/server/scripts/cloud-scripts')
0 files changed, 0 insertions, 0 deletions
