Security fixes and 2025 Perplexity API updates#1
Open
prodigy wants to merge 2 commits intogomcpgo:mainfrom
Open
Security fixes and 2025 Perplexity API updates#1prodigy wants to merge 2 commits intogomcpgo:mainfrom
prodigy wants to merge 2 commits intogomcpgo:mainfrom
Conversation
This commit implements comprehensive security improvements and updates the codebase to support the latest Perplexity API features from 2025. ## Security Fixes 1. **Deprecated ioutil replacement** (pkg/cache/cache.go) - Replaced deprecated ioutil.ReadFile with os.ReadFile - Replaced deprecated ioutil.WriteFile with os.WriteFile - Replaced deprecated ioutil.ReadDir with os.ReadDir - Fixes: Go 1.16+ deprecation warnings 2. **Path traversal protection** (pkg/cache/cache.go) - Added filepath.Clean() sanitization for user-supplied IDs - Added path separator validation - Prevents potential directory traversal attacks 3. **Input validation** (pkg/search/search.go) - Added validateSearchParams() function - Query length validation (max 10000 characters) - Domain filter limits (max 100 domains) - Temperature range validation (0-2) - Max tokens validation (1-100000) 4. **Error message sanitization** (pkg/search/client.go) - Removed raw API response body from error messages - Prevents potential information leakage ## API Updates (2025) 1. **New Models** (pkg/types/types.go, pkg/config/config.go) - Added sonar-reasoning: Chain-of-Thought reasoning - Added sonar-reasoning-pro: Advanced reasoning - Added sonar-deep-research: Research-intensive tasks - Updated model validation for all 5 models 2. **New API Parameters** (pkg/types/types.go) - search_domain: Native "sec" support for SEC filings (July 2025) - search_mode: Native "academic" for academic sources (June 2025) - latest_updated: Filter by webpage modification dates (June 2025) - reasoning_effort: Control reasoning depth (May 2025) - publication_date: Enhanced search result metadata 3. **Enhanced Response Handling** (pkg/search/search.go) - Prioritize search_results over deprecated citations field - Include publication_date in detailed sources - Fallback to citations for backwards compatibility - Improved source formatting with metadata 4. **Academic Search Enhancement** (pkg/search/search.go) - Use native search_mode: "academic" parameter - More efficient than domain filtering workaround - Leverages June 2025 API feature 5. **Financial Search Enhancement** (pkg/search/search.go) - Use native search_domain: "sec" parameter - Direct SEC filings access (July 2025 feature) - Optimized for financial research ## Documentation - Updated README with new models and pricing - Added "What's New in 2025" section - Documented all security improvements - Listed new API features with release dates ## Testing - All existing tests pass - Build successful with no warnings - Backwards compatible with existing implementations
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
This PR implements comprehensive security improvements and updates the codebase to support the latest Perplexity API features from 2025. All changes are backwards compatible with existing implementations.
🔒 Security Fixes
1. Deprecated Code Removal
ioutilpackage with modern Go stdlibioutil.ReadFile→os.ReadFileioutil.WriteFile→os.WriteFileioutil.ReadDir→os.ReadDirpkg/cache/cache.go2. Path Traversal Protection
filepath.Clean()sanitization for user-supplied cache IDspkg/cache/cache.go:183-1903. Input Validation
pkg/search/search.go:30-594. Error Message Sanitization
pkg/search/client.go:72-73🚀 2025 API Updates
New Models Added
sonar-reasoning- Chain-of-Thought reasoning for logical taskssonar-reasoning-pro- Advanced reasoning capabilitiessonar-deep-research- Research-intensive tasks with async supportFiles:
pkg/types/types.go,pkg/config/config.goNew API Parameters
search_domain: "sec"search_mode: "academic"latest_updatedreasoning_effortFiles:
pkg/types/types.go:48-62Enhanced Response Handling
search_results(new) overcitations(deprecated)publication_datein search result metadatapkg/search/search.go:296-322Improved Search Functions
Academic Search (
pkg/search/search.go:63)search_mode: "academic"parameterFinancial Search (
pkg/search/search.go:95-97)search_domain: "sec"parameter📊 Changes Summary
Files Modified: 6
pkg/cache/cache.go- Security fixes (ioutil, path sanitization)pkg/config/config.go- New model validationpkg/search/client.go- Error sanitizationpkg/search/search.go- Input validation, API updatespkg/types/types.go- New models and parametersREADME.md- Documentation updatesTests: ✅ All passing
Build: ✅ Successful with no warnings
Backwards Compatible: ✅ Yes
📚 Documentation
✅ Testing