From 43866c0f61cbf28286ed7529a11eb22cd188a632 Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Thu, 22 May 2025 10:21:07 +0000
Subject: [PATCH] Fix CI: Rename metadata column to doc_metadata and fix SQL
 injection vulnerability

Co-Authored-By: Joe Moura <joao@crewai.com>
---
 .../storage/pgvector_knowledge_storage.py     | 20 +++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/crewai/knowledge/storage/pgvector_knowledge_storage.py b/src/crewai/knowledge/storage/pgvector_knowledge_storage.py
index 07295d774..f8108a150 100644
--- a/src/crewai/knowledge/storage/pgvector_knowledge_storage.py
+++ b/src/crewai/knowledge/storage/pgvector_knowledge_storage.py
@@ -28,7 +28,7 @@ class Document(Base):  # type: ignore
     
     id = Column(String, primary_key=True)
     content = Column(Text)
-    metadata = Column(Text)  # JSON serialized metadata
+    doc_metadata = Column(Text)  # JSON serialized metadata
     embedding: Column = Column(Vector(1536))  # Adjust dimension based on embedding model
 
 class PGVectorKnowledgeStorage(BaseKnowledgeStorage):
@@ -109,12 +109,16 @@ class PGVectorKnowledgeStorage(BaseKnowledgeStorage):
         try:
             query_embedding = self.embedder([query[0]])[0]
             
-            sql_query = text(f"""
-            SELECT id, content, metadata, 1 - (embedding <=> :query_embedding) as similarity
-            FROM {self.table_name}
+            sql_query = text("""
+            SELECT id, content, doc_metadata, 1 - (embedding <=> :query_embedding) as similarity
+            FROM :table_name
             ORDER BY embedding <=> :query_embedding
             LIMIT :limit
-            """)
+            """).bindparams(
+                query_embedding=query_embedding,
+                limit=limit,
+                table_name=self.table_name
+            )
             
             results = session.execute(
                 sql_query, 
@@ -128,7 +132,7 @@ class PGVectorKnowledgeStorage(BaseKnowledgeStorage):
                     formatted_results.append({
                         "id": row[0],
                         "context": row[1],
-                        "metadata": row[2],
+                        "metadata": row[2],  # Keep the key as 'metadata' for API compatibility
                         "score": similarity,
                     })
             
@@ -173,13 +177,13 @@ class PGVectorKnowledgeStorage(BaseKnowledgeStorage):
                 
                 if existing:
                     setattr(existing, "content", doc)
-                    setattr(existing, "metadata", str(meta) if meta else None)
+                    setattr(existing, "doc_metadata", str(meta) if meta else None)
                     setattr(existing, "embedding", embedding)
                 else:
                     new_doc = Document(
                         id=doc_id,
                         content=doc,
-                        metadata=str(meta) if meta else None,
+                        doc_metadata=str(meta) if meta else None,
                         embedding=embedding,
                     )
                     session.add(new_doc)