Use any search/filter functionality that accepts user input for LIKE/ILIKE queries, input special characters that are SQL LIKE wildcards: `%`, `_`, or `\`

[NeatGuyCoding]

Self Checks

• I have read the Contributing Guide and Language Policy.
• I have searched for existing issues search for existing issues, including closed ones.
• I confirm that I am using English to submit this report, otherwise it will be closed.
• Please do not modify this template :) and fill in all the required fields.

1. Is this request related to a challenge you're experiencing? Tell me about your story.

SQL Injection Vulnerability via LIKE Wildcards

1. Use any search/filter functionality that accepts user input for LIKE/ILIKE queries
2. Input special characters that are SQL LIKE wildcards: %, _, or \
3. The input is used directly in SQL LIKE queries without proper escaping
4. This allows users to inject wildcard patterns that can match unintended data or cause performance issues

2. Additional context or comments

Affected endpoints and methods:

• GET /api/console/datasets/{dataset_id}/segments - keyword search
• GET /api/console/apps/{app_id}/completion-conversations - keyword search
• GET /api/console/apps/{app_id}/chat-conversations - keyword search
• AppService.get_apps() - name search
• DatasetService.get_datasets() - search parameter
• DatasetService.get_segments() - keyword search
• DatasetService.get_child_chunks() - keyword search
• AnnotationService.get_annotation_list_by_app_id() - keyword search
• TagService.get_tags() - keyword search
• WorkflowAppService.get_paginate_workflow_app_logs() - keyword search
• ExternalKnowledgeService.get_external_knowledge_apis() - search parameter
• ConversationService.get_conversational_variable() - variable_name search
• DatasetRetrieval metadata filtering - value escaping
• Vector DB search methods in clickzetta_vector.py and iris_vector.py

3. Can you help us with this feature?

• I am interested in contributing to this feature.

[dosubot]

Most search/filter endpoints in Dify that use LIKE/ILIKE queries are still vulnerable to wildcard injection, as user input is interpolated directly into query patterns without escaping %, _, or \ (for example: app name, dataset name, segment content, annotation, tag, workflow log, external knowledge, and vector DB search) source. The main exception is ConversationService.get_conversational_variable, which now escapes these wildcards and uses an explicit escape character in the query, following best practices source.

Recent PRs have fixed SQL injection issues in the OceanBase vector backend by validating input and using parameterized queries source, and the conversation variable filter now validates and escapes input source. However, there is no general utility for escaping LIKE wildcards used project-wide.

To address this, I recommend implementing a reusable escape function for LIKE wildcards and refactoring all affected endpoints to use it. Audit the codebase for any remaining direct interpolations, add tests for wildcard injection, and update documentation to include these best practices. If you’re contributing, start by modeling your changes after the escaping logic in get_conversational_variable and the input validation in recent PRs.

To reply, just mention @dosu.

---

^{How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other}