fix: Add metadata field-name validation using regex in PGVectorDocumentStore filters to prevent SQL injection vectors. (#2881)

* adding regex validation

* adding test

Author: davidsbatista

integrations/pgvector/src/haystack_integrations/document_stores/pgvector/filters.py

@@ -1,6 +1,8 @@
 # SPDX-FileCopyrightText: 2023-present deepset GmbH <info@deepset.ai>
 #
 # SPDX-License-Identifier: Apache-2.0
+
+import re
 from datetime import datetime
 from itertools import chain
 from typing import Any, Literal
@@ -19,6 +21,7 @@
 }
 
 NO_VALUE = "no_value"
+SAFE_META_FIELD_RE = re.compile(r"^[a-zA-Z0-9_-]+$")
 
 
 def _validate_filters(filters: dict[str, Any] | None = None) -> None:
@@ -128,6 +131,12 @@ def _treat_meta_field(field: str, value: Any) -> str:
 
     # use the ->> operator to access keys in the meta JSONB field
     field_name = field.split(".", 1)[-1]
+    if not SAFE_META_FIELD_RE.match(field_name):
+        msg = (
+            f"Invalid metadata field name '{field_name}'. "
+            "Only alphanumeric characters, dashes, and underscores are allowed."
+        )
+        raise FilterError(msg)
     field = f"meta->>'{field_name}'"
 
     # meta fields are stored as strings in the JSONB field,

integrations/pgvector/tests/test_filters.py

@@ -144,6 +144,11 @@ def test_treat_meta_field():
     assert _treat_meta_field(field="meta.name", value=None) == "meta->>'name'"
 
 
+def test_treat_meta_field_rejects_unsafe_metadata_key():
+    with pytest.raises(FilterError, match="Invalid metadata field name"):
+        _treat_meta_field(field="meta.name' OR 1=1 --", value="x")
+
+
 def test_comparison_condition_missing_operator():
     condition = {"field": "meta.type", "value": "article"}
     with pytest.raises(FilterError):