feat: Add query length validation and input sanitization

Add configurable query expression length limits to prevent resource exhaustion
from overly complex queries, and implement comprehensive input validation to
reject control characters in client library parameters.

Changes:
- Add api.max_query_length config parameter (default: 128, 0 = unlimited)
- Implement query length calculation across search text, AND/NOT terms, filters, and ORDER BY
- Add QueryParser::SetMaxQueryLength() for runtime configuration
- Apply length validation in both SEARCH and COUNT commands
- Add control character detection in MygramClient for all string inputs
- Update config schema, examples, and documentation (EN/JA)
- Add serialization support for new config parameter in dump format
- Add comprehensive unit tests for validation logic
- Update documentation to explain query length limits and error handling

This improves security by preventing injection attacks through control
characters and guards against resource exhaustion from unbounded query
complexity.

Author: libraz

docker/entrypoint.sh

@@ -118,8 +118,8 @@ memory:
     width: "${MEMORY_NORMALIZE_WIDTH}"
     lower: ${MEMORY_NORMALIZE_LOWER}
 
-# Snapshot Persistence
-snapshot:
+# Dump Persistence
+dump:
   dir: "${SNAPSHOT_DIR}"
   interval_sec: ${SNAPSHOT_INTERVAL_SEC}
   retain: ${SNAPSHOT_RETAIN}

docs/en/configuration.md

@@ -83,6 +83,8 @@ api:
     enable: true
     bind: "127.0.0.1"
     port: 8080
+  default_limit: 100
+  max_query_length: 128
 
 network:
   allow_cidrs: []
@@ -168,7 +170,9 @@ The same configuration in JSON format:
       "enable": true,
       "bind": "127.0.0.1",
       "port": 8080
-    }
+    },
+    "default_limit": 100,
+    "max_query_length": 128
   },
   "network": {
     "allow_cidrs": []
@@ -398,6 +402,17 @@ api:
     enable: true                    # Default: true
     bind: "127.0.0.1"               # Default: 127.0.0.1 (localhost only)
     port: 8080                      # Default: 8080
+  default_limit: 100                # Default LIMIT when not specified (5-1000)
+  max_query_length: 128             # Max query expression length (0 = unlimited)
+
+### Query Defaults
+
+- **default_limit**: Used when a SEARCH query omits `LIMIT`. Keeps pagination predictable and prevents large responses.
+  - Range 5–1000, default 100.
+  - Applies to TCP/HTTP/CLI clients alike.
+- **max_query_length**: Rejects overly long boolean expressions to avoid resource exhaustion.
+  - Default 128 characters; set to `0` to disable the guard.
+  - The length includes search text, AND/NOT terms, and FILTER values.
 ```
 
 ## Network Section (Optional)

docs/en/query_syntax.md

@@ -407,6 +407,16 @@ SEARCH articles tech LIMIT 10 OFFSET 10
 SEARCH articles tech LIMIT 10 OFFSET 20
 ```
 
+### Maximum Query Length
+
+MygramDB rejects queries whose combined expression length (search text + AND/NOT terms + FILTER values) exceeds the configured limit.
+
+- **Default:** 128 characters
+- **Config:** `api.max_query_length` (`0` disables the guard)
+- **Error:** `ERROR Query expression length (...) exceeds maximum allowed length...`
+
+Keep boolean expressions compact or raise the limit in `config.yaml` if applications require longer filters.
+
 ### Complete Example with All Options
 
 ```

docs/ja/configuration.md

@@ -78,6 +78,12 @@ api:
   tcp:
     bind: "0.0.0.0"
     port: 11016
+  http:
+    enable: true
+    bind: "127.0.0.1"
+    port: 8080
+  default_limit: 100
+  max_query_length: 128
 
 network:
   allow_cidrs: []
@@ -158,6 +164,14 @@ JSON 形式での同じ設定：
     "tcp": {
       "bind": "0.0.0.0",
       "port": 11016
+    },
+    "http": {
+      "enable": true,
+      "bind": "127.0.0.1",
+      "port": 8080
+    },
+    "default_limit": 100,
+    "max_query_length": 128
     }
   },
   "network": {
@@ -383,6 +397,13 @@ api:
     enable: true                    # デフォルト: true
     bind: "127.0.0.1"               # デフォルト: 127.0.0.1（ローカルホストのみ）
     port: 8080                      # デフォルト: 8080
+  default_limit: 100                # LIMIT 省略時のデフォルト (5-1000)
+  max_query_length: 128             # クエリ式の最大長 (0 = 無制限)
+
+### クエリ関連のデフォルト
+
+- **default_limit**: SEARCH で `LIMIT` を指定しない場合に自動的に適用されます。レスポンス肥大化を防ぐため、5〜1000 の範囲で設定可能（既定 100）。
+- **max_query_length**: 検索語・AND/NOT 条件・FILTER 値を合計したクエリ式の長さ上限です。既定 128 文字、`0` を設定すると無制限。非常に長いクエリによるリソース消費を抑制します。
 ```
 
 ## Network セクション（オプション）

docs/ja/query_syntax.md

@@ -407,6 +407,16 @@ SEARCH articles tech LIMIT 10 OFFSET 10
 SEARCH articles tech LIMIT 10 OFFSET 20
 ```
 
+### クエリ長の上限
+
+MygramDB は、検索語・AND/NOT 条件・FILTER 値を合計したクエリ式が設定された長さを超えると `ERROR` を返します。
+
+- **デフォルト:** 128文字
+- **設定:** `api.max_query_length`（`0` で無効化）
+- **エラー例:** `ERROR Query expression length (...) exceeds ...`
+
+複雑な条件が必要な場合は、`config.yaml` で上限を調整するか、複数のクエリに分割してください。
+
 ### すべてのオプションを含む完全な例
 
 ```

examples/config.json

@@ -97,7 +97,14 @@
     "tcp": {
       "bind": "0.0.0.0",
       "port": 11016
-    }
+    },
+    "http": {
+      "enable": true,
+      "bind": "127.0.0.1",
+      "port": 8080
+    },
+    "default_limit": 100,
+    "max_query_length": 128
   },
   "network": {
     "allow_cidrs": []

examples/config.yaml

@@ -159,6 +159,12 @@ api:
   tcp:
     bind: "0.0.0.0"                 # TCP bind address (default: 0.0.0.0, all interfaces)
     port: 11016                     # TCP port (default: 11016)
+  http:
+    enable: true                    # Enable HTTP/JSON API (default: true)
+    bind: "127.0.0.1"               # HTTP bind address (default: 127.0.0.1)
+    port: 8080                      # HTTP port (default: 8080)
+  default_limit: 100                # Default LIMIT when not specified (range 5-1000)
+  max_query_length: 128             # Max query expression length (0 = unlimited)
 
 # Network Security (optional)
 network:

src/client/mygramclient.cpp

@@ -11,7 +11,9 @@
 #include <sys/time.h>
 #include <unistd.h>
 
+#include <cctype>
 #include <cstring>
+#include <iomanip>
 #include <sstream>
 #include <utility>
 
@@ -93,6 +95,22 @@ std::optional<DebugInfo> ParseDebugInfo(const std::vector<std::string>& tokens,
   return info;
 }
 
+/**
+ * @brief Validate that a string does not contain ASCII control characters
+ */
+std::optional<std::string> ValidateNoControlCharacters(const std::string& value, const char* field_name) {
+  for (unsigned char character : value) {
+    if (std::iscntrl(character) != 0) {
+      std::ostringstream oss;
+      oss << "Input for " << field_name << " contains control character 0x" << std::uppercase << std::hex
+          << std::setw(2) << std::setfill('0') << static_cast<int>(character) << ", which is not allowed";
+      return oss.str();
+    }
+  }
+
+  return std::nullopt;
+}
+
 /**
  * @brief Escape special characters in query strings
  */
@@ -235,6 +253,36 @@ class MygramClient::Impl {
                                              const std::vector<std::string>& not_terms,
                                              const std::vector<std::pair<std::string, std::string>>& filters,
                                              const std::string& sort_column, bool sort_desc) {
+    if (auto err = ValidateNoControlCharacters(table, "table name")) {
+      return Error(*err);
+    }
+    if (auto err = ValidateNoControlCharacters(query, "search query")) {
+      return Error(*err);
+    }
+    for (const auto& term : and_terms) {
+      if (auto err = ValidateNoControlCharacters(term, "AND term")) {
+        return Error(*err);
+      }
+    }
+    for (const auto& term : not_terms) {
+      if (auto err = ValidateNoControlCharacters(term, "NOT term")) {
+        return Error(*err);
+      }
+    }
+    for (const auto& [key, value] : filters) {
+      if (auto err = ValidateNoControlCharacters(key, "filter key")) {
+        return Error(*err);
+      }
+      if (auto err = ValidateNoControlCharacters(value, "filter value")) {
+        return Error(*err);
+      }
+    }
+    if (!sort_column.empty()) {
+      if (auto err = ValidateNoControlCharacters(sort_column, "sort column")) {
+        return Error(*err);
+      }
+    }
+
     // Build command
     std::ostringstream cmd;
     cmd << "SEARCH " << table << " " << EscapeQueryString(query);
@@ -330,6 +378,31 @@ class MygramClient::Impl {
                                            const std::vector<std::string>& and_terms,
                                            const std::vector<std::string>& not_terms,
                                            const std::vector<std::pair<std::string, std::string>>& filters) {
+    if (auto err = ValidateNoControlCharacters(table, "table name")) {
+      return Error(*err);
+    }
+    if (auto err = ValidateNoControlCharacters(query, "search query")) {
+      return Error(*err);
+    }
+    for (const auto& term : and_terms) {
+      if (auto err = ValidateNoControlCharacters(term, "AND term")) {
+        return Error(*err);
+      }
+    }
+    for (const auto& term : not_terms) {
+      if (auto err = ValidateNoControlCharacters(term, "NOT term")) {
+        return Error(*err);
+      }
+    }
+    for (const auto& [key, value] : filters) {
+      if (auto err = ValidateNoControlCharacters(key, "filter key")) {
+        return Error(*err);
+      }
+      if (auto err = ValidateNoControlCharacters(value, "filter value")) {
+        return Error(*err);
+      }
+    }
+
     // Build command
     std::ostringstream cmd;
     cmd << "COUNT " << table << " " << EscapeQueryString(query);
@@ -385,6 +458,13 @@ class MygramClient::Impl {
   }
 
   std::variant<Document, Error> Get(const std::string& table, const std::string& primary_key) {
+    if (auto err = ValidateNoControlCharacters(table, "table name")) {
+      return Error(*err);
+    }
+    if (auto err = ValidateNoControlCharacters(primary_key, "primary key")) {
+      return Error(*err);
+    }
+
     std::ostringstream cmd;
     cmd << "GET " << table << " " << primary_key;
 
@@ -505,6 +585,12 @@ class MygramClient::Impl {
   }
 
   std::variant<std::string, Error> Save(const std::string& filepath) {
+    if (!filepath.empty()) {
+      if (auto err = ValidateNoControlCharacters(filepath, "filepath")) {
+        return Error(*err);
+      }
+    }
+
     std::string cmd = filepath.empty() ? "SAVE" : "SAVE " + filepath;
 
     auto result = SendCommand(cmd);
@@ -526,6 +612,10 @@ class MygramClient::Impl {
   }
 
   std::variant<std::string, Error> Load(const std::string& filepath) {
+    if (auto err = ValidateNoControlCharacters(filepath, "filepath")) {
+      return Error(*err);
+    }
+
     auto result = SendCommand("LOAD " + filepath);
     if (auto* err = std::get_if<Error>(&result)) {
       return *err;

src/config/config-schema.json

@@ -496,6 +496,13 @@
           "default": 100,
           "minimum": 5,
           "maximum": 1000
+        },
+        "max_query_length": {
+          "type": "integer",
+          "description": "Maximum character length allowed for search query expressions (text + conditions)",
+          "default": 128,
+          "minimum": 1,
+          "maximum": 4096
         }
       }
     },

src/config/config.cpp

@@ -517,6 +517,9 @@ Config ParseConfigFromJson(const json& root) {
     if (api.contains("default_limit")) {
       config.api.default_limit = api["default_limit"].get<int>();
     }
+    if (api.contains("max_query_length")) {
+      config.api.max_query_length = api["max_query_length"].get<int>();
+    }
   }
 
   // Parse network config