fix(security): validate and restrict /api/instructions operation and topic params (CWE-22, CWE-1321) (#986)

2026-02-16 05:29:08 +00:00
parent 209db9f11a
commit 02f7c3c9d0
2 changed files with 31 additions and 1 deletions
@@ -0,0 +1,15 @@
+// Allowed values for /api/instructions security
+export const ALLOWED_OPERATIONS = [
+  'search',
+  'context',
+  'summarize',
+  'import',
+  'export'
+];
+
+export const ALLOWED_TOPICS = [
+  'workflow',
+  'search_params',
+  'examples',
+  'all'
+];