From 1643ebbe0a3f49bb043da3ab81f639fdfe069f18 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Sun, 19 Apr 2026 11:29:02 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20Add=20input?=
 =?UTF-8?q?=20length=20limits=20to=20prevent=20DoS?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: kingkillery <200727508+kingkillery@users.noreply.github.com>
---
 commonforms/config.py     | 1 +
 commonforms/exceptions.py | 2 +-
 commonforms/inference.py  | 3 ++-
 dataset/split_dataset.py  | 2 +-
 4 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/commonforms/config.py b/commonforms/config.py
index 59b406d..6df71f4 100644
--- a/commonforms/config.py
+++ b/commonforms/config.py
@@ -65,3 +65,4 @@
 
 # Minimum valid image size
 IMAGE_SIZE_MIN: int = 32
+IMAGE_SIZE_MAX: int = 4096
diff --git a/commonforms/exceptions.py b/commonforms/exceptions.py
index 77fabc0..8df1b27 100644
--- a/commonforms/exceptions.py
+++ b/commonforms/exceptions.py
@@ -66,5 +66,5 @@ class InvalidImageSizeError(InvalidInputError):
 
     def __init__(self, image_size: int):
         self.image_size = image_size
-        self.message = f"Image size must be a positive integer, got: {image_size}"
+        self.message = f"Image size must be between 32 and 4096, got: {image_size}"
         super().__init__(self.message)
diff --git a/commonforms/inference.py b/commonforms/inference.py
index 527925f..6a19bfb 100644
--- a/commonforms/inference.py
+++ b/commonforms/inference.py
@@ -22,6 +22,7 @@
     CONFIDENCE_MIN,
     CONFIDENCE_MAX,
     IMAGE_SIZE_MIN,
+    IMAGE_SIZE_MAX,
 )
 
 import formalpdf
@@ -257,7 +258,7 @@ def _validate_inputs(
         raise InvalidConfidenceError(confidence)
 
     # Validate image size
-    if image_size < IMAGE_SIZE_MIN:
+    if not (IMAGE_SIZE_MIN <= image_size <= IMAGE_SIZE_MAX):
         raise InvalidImageSizeError(image_size)
 
 
diff --git a/dataset/split_dataset.py b/dataset/split_dataset.py
index 5ceaed0..90bec92 100755
--- a/dataset/split_dataset.py
+++ b/dataset/split_dataset.py
@@ -74,7 +74,7 @@ def main():
     json_dir = coco_dir / 'json'
 
     if not images_dir.exists() or not json_dir.exists():
-        print(f"Error: Directory must contain 'images' and 'json' subdirectories")
+        print("Error: Directory must contain 'images' and 'json' subdirectories")
         return 1
 
     # Read CSV files