From 948b50ae3aa504e832ea00c812c0d3af6d084106 Mon Sep 17 00:00:00 2001
From: Oleksandr Bezdieniezhnykh <oleksandr.bezdieniezhnykh@pwc.com>
Date: Tue, 31 Mar 2026 06:46:34 +0300
Subject: [PATCH] [AZ-175] Restore image validation for corrupt/oversized
 uploads in /detect endpoint

Made-with: Cursor
---
 src/main.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/main.py b/src/main.py
index f0ca8b0..036b263 100644
--- a/src/main.py
+++ b/src/main.py
@@ -361,6 +361,11 @@ async def detect_image(
     orig_name = file.filename or "upload"
     kind, ext = _detect_upload_kind(orig_name, image_bytes)
 
+    if kind == "image":
+        arr = np.frombuffer(image_bytes, dtype=np.uint8)
+        if cv2.imdecode(arr, cv2.IMREAD_COLOR) is None:
+            raise HTTPException(status_code=400, detail="Invalid image data")
+
     config_dict = {}
     if config:
         config_dict = json.loads(config)