Code is not properly escaped when serialized in JSON

hide-org / hide

🤖 Headless IDE for AI agents

https://hide.sh

MIT License

112 stars 5 forks source link

Code is not properly escaped when serialized in JSON #66

Closed artmoskvin closed 1 month ago

artmoskvin commented 1 month ago

When using Langchain agent with the update_lines tool, the code cannot be deserialized by Hide API. It usually fails with EOF or invalid character error.

artmoskvin commented 1 month ago

Example payload:

{"type": "linediff", "linediff": {"startLine": 117, "endLine": 117, "content": "\n@router.post(\n    \"/exponentiation\",\n    summary=\"Calculate the exponentiation of two numbers\",\n    response_model=MathsResult,\n)\ndef exponentiation(maths_input: MathsIn) -> MathsResult:\n    \"\"\"Calculates the exponentiation of two whole numbers.\"\"\"\n    return MathsResult(\n        **maths_input.dict(),\n        operation=\"exponentiation\",\n        result=maths_input.number1 ** maths_input.number2,\n    )\n"}}

Response: 404 Failed parsing request body: EOF

aleh-null commented 1 month ago

hm, tried to reproduce this but it seems to work as here

Maybe the dst struct is different
json string is not wrapped as string literal or something similar

artmoskvin commented 1 month ago

Just for historical records, it turned out to be a problem with a file path in URL. By default, if a URL is not clean, e.g. contains 2 slash symbols path/subpath//file.txt, the server tries to clean it and redirect. But for some reason Gorilla loses the payload during redirection, so parsing fails with EOF.

We disabled cleaning and added middleware to validate path, e.g. to reject paths starting with /.