Support External Postgres DB

llm-service/app/services/amp_metadata/__init__.py

@@ -37,6 +37,7 @@
 #
 import json
 import os
+import re
 import socket
 import subprocess
 from typing import Optional, cast, Protocol
@@ -444,6 +445,22 @@ def validate_jdbc(
         return ValidationResult(
             valid=True, message="H2 database type does not require validation."
         )
+
+    # Validate inputs to prevent injection attacks
+    if not db_url.startswith("jdbc:"):
+        return ValidationResult(valid=False, message="Invalid JDBC URL format.")
+
+    if not username.isalnum() or not (1 <= len(username) <= 16):
+        return ValidationResult(
+            valid=False,
+            message="Username must be alphanumeric and 1-16 characters long.",
+        )
+
+    if not re.match(r"[^\s@\"\\/]*", password):
+        return ValidationResult(
+            valid=False,
+            message='Password contains invalid characters. \\, /, @, " are not allowed.',
+        )
     # Use RAG_STUDIO_INSTALL_DIR to resolve the jar path
     rag_studio_dir = os.getenv("RAG_STUDIO_INSTALL_DIR", "/home/cdsw/rag-studio")
     jar_path = os.path.join(rag_studio_dir, "prebuilt_artifacts/rag-api.jar")

ui/src/pages/RagChatTab/ChatOutput/ChatMessages/MarkdownResponse.tsx

@@ -52,6 +52,11 @@ export const MarkdownResponse = ({ data }: { data: ChatMessageType }) => {
       className="styled-markdown"
       children={data.rag_message.assistant.trimStart()}
       components={{
+        img: (
+          props: ComponentProps<"img">,
+        ): ReactElement<SourceNode> | undefined => {
+          return <img {...props} alt={props.alt} style={{ width: "100%" }} />;
+        },
         a: (
           props: ComponentProps<"a">,
         ): ReactElement<SourceNode> | undefined => {
@@ -80,7 +85,13 @@ export const MarkdownResponse = ({ data }: { data: ChatMessageType }) => {
             }
           }
           return (
-            <a href={href} className={className} {...other} target="_blank" rel="noopener noreferrer">
+            <a
+              href={href}
+              className={className}
+              {...other}
+              target="_blank"
+              rel="noopener noreferrer"
+            >
               {children}
             </a>
           );