fix: resolve KnowledgeGraphNode hash collision due to template rendering bugs

[3em0]

VUL-01 — KnowledgeGraphNode Hash Collision (Severity: High)

Category: Content collision / Hash invalidation
Affected: backend/app/rag/retrievers/knowledge_graph/schema.py — KnowledgeGraphNode.hash, get_content(), _get_entities_str(), _get_relationships_str()

Root Cause

Two independent bugs combine to make KnowledgeGraphNode.hash and get_content() completely ignore actual entity and relationship data:

Bug 1 — Template syntax mismatch (L199-208):
Templates used Jinja2 double-brace syntax ({{ name }}) but were rendered with Python str.format(), which treats {{ as a literal { escape. All format keyword arguments were silently ignored — every entity and relationship rendered to the same constant string regardless of content.

Bug 2 — Wrong template reference (L286):
_get_relationships_str() used self.entity_template instead of self.relationship_template. Relationship fields (rag_description, weight, last_modified_at, meta) were passed as kwargs to the entity template which has no matching placeholders — all silently discarded.

Attack Chain

Attacker controls two knowledge bases KB-A and KB-B:

KB-A: query="X", entities=[Alice, Bob]   → hash = SHA256("...\n{ name }\n\n{ name }\n...")
KB-B: query="X", entities=[Evil1, Evil2] → hash = SHA256("...\n{ name }\n\n{ name }\n...")
                                                   ↑ identical!

→ Two completely different knowledge graph nodes produce the same hash
→ In fusion retrieval, Evil1/Evil2 nodes may replace Alice/Bob nodes, or vice versa
→ Retrieved knowledge graph content does not match what the hash identifies

Impact

• hash is effectively: f(query_text, len(entities), len(relationships)) — actual content never enters the computation
• Vector store node deduplication based on hash will incorrectly merge semantically different KG nodes
• get_content() returns constant placeholder text instead of real entity/relationship data, affecting any downstream consumer (rerankers, tracing, logging)
• RAG system may return context from the wrong knowledge base

CVSS estimate: 7.5 (High) — No authentication required, impacts data integrity and availability.

Fix

#	Location	Change
1	DEFAULT_ENTITY_TMPL (L199-202)	{{ name }} → {name}, {{ description }} → {description}
2	DEFAULT_RELATIONSHIP_TMPL (L203-208)	{{ rag_description }} → {rag_description}, etc.
3	_get_relationships_str() (L286)	self.entity_template.format( → self.relationship_template.format(

Verification

Tested with two KnowledgeGraphNode instances sharing the same query and entity/relationship counts but completely different content:

• Before fix: Both produce hash 5bfcc6e84d7dc0f987e19626d09c3fbf... (collision)
• After fix: c5838f01... vs fd7e8c14... (no collision, content correctly differentiated)

🤖 Generated with Claude Code

[vercel]

Someone is attempting to deploy a commit to the pingcap Team on Vercel.

A member of the Team first needs to authorize it.

[3em0]

@c4pt0r @ngaut @siddontang @sykp241095