Unhandled AttributeError on String messages (DoS / Crash)

[riddhima25bet10005-a11y]

File: humane_proxy/middleware/interceptor.py Description: The _extract_last_user_message function assumes that payload.get("messages") will always be a list. If a user maliciously or accidentally sends a string (e.g., {"messages": "not a list"}), the reversed(messages) call will iterate over the individual characters of the string. When it attempts to call msg.get("role") on a string character, it raises an AttributeError because strings do not have a .get() method. Impact: This results in an unhandled exception and a 500 Internal Server Error, dropping the request. An attacker can repeatedly send this payload to cause a Denial of Service on the proxy endpoint.

[riddhima25bet10005-a11y]

Hi @Vishisht16
Kindly assign this issue to me.
I am under GSSoC 2026.

[Asritha11111]

Hi @Vishisht16 ,

I would like to work on this issue.

I can add proper validation for the messages payload in _extract_last_user_message, ensuring non-list inputs and invalid message structures are handled safely without raising unhandled exceptions. This will improve robustness and prevent crashes caused by malformed requests.

Please assign this issue to me. Thank you!

[Vishisht16]

Hey @riddhima25bet10005-a11y

I'll assign both this issue and #45 to you so please create a single PR for the issues since they're essentially similar. Use a type check on messages and extract text parts from multimodal content before passing it to the pipeline. Please also include tests for both malformed string payload and multimodal content array.

As for #46, the default bind address is 127.0.0.1 and not 0.0.0.0, so a user has to explicitly choose a public bind. It's an intentional design and only a warning is logged for the latter because a developer might use it for testing purposes. I'll be closing issue #46.