fix: upload_image parses response body before checking HTTP status (#22475 )

* fix: check HTTP response status before parsing JSON body upload_image() calls r.json() before checking r.ok. If the server returns an error response (401, 500, etc) with a non-JSON body, this raises a confusing JSONDecodeError instead of the intended 'Unable to get signed urls' error message. Move the r.ok check before the r.json() call. * style: remove extra blank line for ruff
fix: update correct metric in batch_embed_thumbnail (#22501 )
2026-05-10 07:25:27 +03:00 · 2026-03-16 17:34:30 -06:00 · 2026-03-16 17:33:40 -06:00 · 2026-03-16 17:23:44 -06:00
3 changed files with 5 additions and 5 deletions
--- a/frigate/embeddings/init.py
+++ b/frigate/embeddings/init.py
@ -205,14 +205,14 @@ class EmbeddingsContext:
        )
    def get_face_ids(self, name: str) -> list[str]:
-        sql_query = f"""
+        sql_query = """
            SELECT
                id
            FROM vec_descriptions
-            WHERE id LIKE '%{name}%'
+            WHERE id LIKE ?
        """
-        return self.db.execute_sql(sql_query).fetchall()
+        return self.db.execute_sql(sql_query, (f"%{name}%",)).fetchall()
    def reprocess_face(self, face_file: str) -> dict[str, Any]:
        return self.requestor.send_data(
--- a/frigate/embeddings/embeddings.py
+++ b/frigate/embeddings/embeddings.py
@ -266,7 +266,7 @@ class Embeddings:
            )
        duration = datetime.datetime.now().timestamp() - start
-        self.text_inference_speed.update(duration / len(valid_ids))
+        self.image_inference_speed.update(duration / len(valid_ids))
        return embeddings
--- a/frigate/plus.py
+++ b/frigate/plus.py
@ -105,9 +105,9 @@ class PlusApi:
    def upload_image(self, image: ndarray, camera: str) -> str:
        r = self._get("image/signed_urls")
        presigned_urls = r.json()
        if not r.ok:
            raise Exception("Unable to get signed urls")
        presigned_urls = r.json()
        # resize and submit original
        files = {"file": get_jpg_bytes(image, 1920, 85)}
Author	SHA1	Message	Date
ryzendigo	dc27d4ad16	fix: upload_image parses response body before checking HTTP status (#22475 ) Some checks failed CI / AMD64 Build (push) Has been cancelled Details CI / ARM Build (push) Has been cancelled Details CI / Jetson Jetpack 6 (push) Has been cancelled Details CI / AMD64 Extra Build (push) Has been cancelled Details CI / ARM Extra Build (push) Has been cancelled Details CI / Synaptics Build (push) Has been cancelled Details CI / Assemble and push default build (push) Has been cancelled Details * fix: check HTTP response status before parsing JSON body upload_image() calls r.json() before checking r.ok. If the server returns an error response (401, 500, etc) with a non-JSON body, this raises a confusing JSONDecodeError instead of the intended 'Unable to get signed urls' error message. Move the r.ok check before the r.json() call. * style: remove extra blank line for ruff	2026-03-16 17:34:30 -06:00
ryzendigo	7708523865	fix: update correct metric in batch_embed_thumbnail (#22501 ) batch_embed_thumbnail processes image thumbnails but reports timing to text_inference_speed instead of image_inference_speed.	2026-03-16 17:33:40 -06:00
ryzendigo	aea91a91d5	fix: use parameterized query in get_face_ids to prevent SQL injection (#22500 ) The name parameter was interpolated directly into the SQL query via f-string, allowing SQL injection through crafted face name values. Use a parameterized query with ? placeholder instead.	2026-03-16 17:23:44 -06:00