ChatterBot 1.2.10__tar.gz → 1.2.11__tar.gz

{chatterbot-1.2.10 → chatterbot-1.2.11}/ChatterBot.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ChatterBot
-Version: 1.2.10
+Version: 1.2.11
 Summary: ChatterBot is a machine learning, conversational dialog engine
 Author: Gunther Cox
 License-Expression: BSD-3-Clause

{chatterbot-1.2.10 → chatterbot-1.2.11}/ChatterBot.egg-info/SOURCES.txt

@@ -77,6 +77,7 @@ tests/test_benchmarks.py
 tests/test_chatbot.py
 tests/test_cli.py
 tests/test_comparisons.py
+tests/test_connection_pool.py
 tests/test_conversations.py
 tests/test_corpus.py
 tests/test_examples.py
@@ -84,6 +85,7 @@ tests/test_filters.py
 tests/test_initialization.py
 tests/test_languages.py
 tests/test_parsing.py
+tests/test_poc_vulnerability.py
 tests/test_preprocessors.py
 tests/test_response_selection.py
 tests/test_search.py

{chatterbot-1.2.10 → chatterbot-1.2.11}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ChatterBot
-Version: 1.2.10
+Version: 1.2.11
 Summary: ChatterBot is a machine learning, conversational dialog engine
 Author: Gunther Cox
 License-Expression: BSD-3-Clause

{chatterbot-1.2.10 → chatterbot-1.2.11}/chatterbot/__init__.py

@@ -4,7 +4,7 @@ ChatterBot is a machine learning, conversational dialog engine.
 from .chatterbot import ChatBot
 
 
-__version__ = '1.2.10'
+__version__ = '1.2.11'
 
 __all__ = (
     'ChatBot',

{chatterbot-1.2.10 → chatterbot-1.2.11}/chatterbot/storage/sql_storage.py

@@ -23,7 +23,7 @@ class SQLStorageAdapter(StorageAdapter):
         from sqlalchemy import create_engine, inspect, event
         from sqlalchemy import Index
         from sqlalchemy.engine import Engine
-        from sqlalchemy.orm import sessionmaker
+        from sqlalchemy.orm import sessionmaker, scoped_session
 
         self.database_uri = kwargs.get('database_uri', False)
 
@@ -35,7 +35,10 @@ class SQLStorageAdapter(StorageAdapter):
         if not self.database_uri:
             self.database_uri = 'sqlite:///db.sqlite3'
 
-        self.engine = create_engine(self.database_uri)
+        # Configure connection pool with safe defaults to prevent exhaustion
+        # Note: SQLite uses SingletonThreadPool which doesn't support these params
+        # PostgreSQL, MySQL, etc. use QueuePool which does support them
+        pool_config = {}
 
         if self.database_uri.startswith('sqlite://'):
 
@@ -66,6 +69,23 @@ class SQLStorageAdapter(StorageAdapter):
                 cursor.execute('PRAGMA synchronous=NORMAL')
                 cursor.close()
 
+        else:
+            # Only apply pool configuration for databases that support QueuePool
+            # pool_size: Maximum persistent connections (10)
+            # max_overflow: Additional connections during peak load (20)
+            # pool_timeout: Seconds to wait for connection before error (30)
+            # pool_recycle: Recycle connections after 1 hour to prevent stale connections
+            # pool_pre_ping: Test connections before using to detect disconnects
+            pool_config = {
+                'pool_size': kwargs.get('pool_size', 10),
+                'max_overflow': kwargs.get('max_overflow', 20),
+                'pool_timeout': kwargs.get('pool_timeout', 30),
+                'pool_recycle': kwargs.get('pool_recycle', 3600),
+                'pool_pre_ping': kwargs.get('pool_pre_ping', True),
+            }
+
+        self.engine = create_engine(self.database_uri, **pool_config)
+
         if not inspect(self.engine).has_table('statement'):
             self.create_database()
 
@@ -91,7 +111,10 @@ class SQLStorageAdapter(StorageAdapter):
 
             search_in_response_to_index.create(bind=self.engine)
 
-        self.Session = sessionmaker(bind=self.engine, expire_on_commit=True)
+        # Use a scoped session for thread-safe session management
+        # This provides thread-local session storage to prevent session sharing across threads
+        session_factory = sessionmaker(bind=self.engine, expire_on_commit=True)
+        self.Session = scoped_session(session_factory)
 
     def get_statement_model(self):
         """
@@ -119,9 +142,11 @@ class SQLStorageAdapter(StorageAdapter):
         Statement = self.get_model('statement')
 
         session = self.Session()
-        statement_count = session.query(Statement).count()
-        session.close()
-        return statement_count
+        try:
+            statement_count = session.query(Statement).count()
+            return statement_count
+        finally:
+            session.close()
 
     def remove(self, statement_text):
         """
@@ -131,13 +156,14 @@ class SQLStorageAdapter(StorageAdapter):
         """
         Statement = self.get_model('statement')
         session = self.Session()
+        try:
+            query = session.query(Statement).filter_by(text=statement_text)
+            record = query.first()
 
-        query = session.query(Statement).filter_by(text=statement_text)
-        record = query.first()
-
-        session.delete(record)
-        session.commit()
-        session.close()
+            session.delete(record)
+            session.commit()
+        finally:
+            session.close()
 
     def filter(self, **kwargs):
         """
@@ -152,8 +178,6 @@ class SQLStorageAdapter(StorageAdapter):
         Statement = self.get_model('statement')
         Tag = self.get_model('tag')
 
-        session = self.Session()
-
         page_size = kwargs.pop('page_size', 1000)
         order_by = kwargs.pop('order_by', None)
         tags = kwargs.pop('tags', [])
@@ -167,65 +191,69 @@ class SQLStorageAdapter(StorageAdapter):
         if isinstance(tags, str):
             tags = [tags]
 
-        if len(kwargs) == 0:
-            statements = session.query(Statement).filter()
-        else:
-            statements = session.query(Statement).filter_by(**kwargs)
-
-        if tags:
-            statements = statements.join(Statement.tags).filter(
-                Tag.name.in_(tags)
-            )
-
-        if exclude_text:
-            statements = statements.filter(
-                ~Statement.text.in_(exclude_text)
-            )
+        # Use context manager to ensure session cleanup even if generator is partially consumed
+        session = self.Session()
+        try:
+            if len(kwargs) == 0:
+                statements = session.query(Statement).filter()
+            else:
+                statements = session.query(Statement).filter_by(**kwargs)
+
+            if tags:
+                statements = statements.join(Statement.tags).filter(
+                    Tag.name.in_(tags)
+                )
 
-        if exclude_text_words:
-            or_word_query = [
-                Statement.text.ilike('%' + word + '%') for word in exclude_text_words
-            ]
-            statements = statements.filter(
-                ~or_(*or_word_query)
-            )
+            if exclude_text:
+                statements = statements.filter(
+                    ~Statement.text.in_(exclude_text)
+                )
 
-        if persona_not_startswith:
-            statements = statements.filter(
-                ~Statement.persona.startswith('bot:')
-            )
+            if exclude_text_words:
+                or_word_query = [
+                    Statement.text.ilike('%' + word + '%') for word in exclude_text_words
+                ]
+                statements = statements.filter(
+                    ~or_(*or_word_query)
+                )
 
-        if search_text_contains:
-            or_query = [
-                Statement.search_text.contains(word) for word in search_text_contains.split(' ')
-            ]
-            statements = statements.filter(
-                or_(*or_query)
-            )
+            if persona_not_startswith:
+                statements = statements.filter(
+                    ~Statement.persona.startswith('bot:')
+                )
 
-        if search_in_response_to_contains:
-            or_query = [
-                Statement.search_in_response_to.contains(word) for word in search_in_response_to_contains.split(' ')
-            ]
-            statements = statements.filter(
-                or_(*or_query)
-            )
+            if search_text_contains:
+                or_query = [
+                    Statement.search_text.contains(word) for word in search_text_contains.split(' ')
+                ]
+                statements = statements.filter(
+                    or_(*or_query)
+                )
 
-        if order_by:
+            if search_in_response_to_contains:
+                or_query = [
+                    Statement.search_in_response_to.contains(word) for word in search_in_response_to_contains.split(' ')
+                ]
+                statements = statements.filter(
+                    or_(*or_query)
+                )
 
-            if 'created_at' in order_by:
-                index = order_by.index('created_at')
-                order_by[index] = Statement.created_at.asc()
+            if order_by:
 
-            statements = statements.order_by(*order_by)
+                if 'created_at' in order_by:
+                    index = order_by.index('created_at')
+                    order_by[index] = Statement.created_at.asc()
 
-        total_statements = statements.count()
+                statements = statements.order_by(*order_by)
 
-        for start_index in range(0, total_statements, page_size):
-            for statement in statements.slice(start_index, start_index + page_size):
-                yield self.model_to_object(statement)
+            total_statements = statements.count()
 
-        session.close()
+            for start_index in range(0, total_statements, page_size):
+                for statement in statements.slice(start_index, start_index + page_size):
+                    yield self.model_to_object(statement)
+        finally:
+            # Always close session, even if generator is abandoned or exception occurs
+            session.close()
 
     def create(
         self,
@@ -336,8 +364,11 @@ class SQLStorageAdapter(StorageAdapter):
                 statement_model_object.tags.append(tag)
             create_statements.append(statement_model_object)
 
-        session.add_all(create_statements)
-        session.commit()
+        try:
+            session.add_all(create_statements)
+            session.commit()
+        finally:
+            session.close()
 
     def update(self, statement):
         """
@@ -348,49 +379,51 @@ class SQLStorageAdapter(StorageAdapter):
         Tag = self.get_model('tag')
 
         session = self.Session()
-        record = None
+        try:
+            record = None
 
-        if hasattr(statement, 'id') and statement.id is not None:
-            record = session.get(Statement, statement.id)
-        else:
-            record = session.query(Statement).filter(
-                Statement.text == statement.text,
-                Statement.conversation == statement.conversation,
-            ).first()
-
-            # Create a new statement entry if one does not already exist
-            if not record:
-                record = Statement(
-                    text=statement.text,
-                    conversation=statement.conversation,
-                    persona=statement.persona
-                )
+            if hasattr(statement, 'id') and statement.id is not None:
+                record = session.get(Statement, statement.id)
+            else:
+                record = session.query(Statement).filter(
+                    Statement.text == statement.text,
+                    Statement.conversation == statement.conversation,
+                ).first()
 
-        # Update the response value
-        record.in_response_to = statement.in_response_to
+                # Create a new statement entry if one does not already exist
+                if not record:
+                    record = Statement(
+                        text=statement.text,
+                        conversation=statement.conversation,
+                        persona=statement.persona
+                    )
 
-        record.created_at = statement.created_at
+            # Update the response value
+            record.in_response_to = statement.in_response_to
 
-        if not statement.search_text:
-            if self.raise_on_missing_search_text:
-                raise Exception('update issued without search_text value')
+            record.created_at = statement.created_at
 
-        if statement.in_response_to and not statement.search_in_response_to:
-            if self.raise_on_missing_search_text:
-                raise Exception('update issued without search_in_response_to value')
+            if not statement.search_text:
+                if self.raise_on_missing_search_text:
+                    raise Exception('update issued without search_text value')
 
-        for tag_name in statement.get_tags():
-            tag = session.query(Tag).filter_by(name=tag_name).first()
+            if statement.in_response_to and not statement.search_in_response_to:
+                if self.raise_on_missing_search_text:
+                    raise Exception('update issued without search_in_response_to value')
 
-            if not tag:
-                # Create the record
-                tag = Tag(name=tag_name)
+            for tag_name in statement.get_tags():
+                tag = session.query(Tag).filter_by(name=tag_name).first()
 
-            record.tags.append(tag)
+                if not tag:
+                    # Create the record
+                    tag = Tag(name=tag_name)
 
-        session.add(record)
-        session.commit()
-        session.close()
+                record.tags.append(tag)
+
+            session.add(record)
+            session.commit()
+        finally:
+            session.close()
 
     def get_random(self):
         """
@@ -399,17 +432,19 @@ class SQLStorageAdapter(StorageAdapter):
         Statement = self.get_model('statement')
 
         session = self.Session()
-        count = self.count()
-        if count < 1:
-            raise self.EmptyDatabaseException()
+        try:
+            count = self.count()
+            if count < 1:
+                raise self.EmptyDatabaseException()
 
-        random_index = random.randrange(0, count)
-        random_statement = session.query(Statement)[random_index]
+            random_index = random.randrange(0, count)
+            random_statement = session.query(Statement)[random_index]
 
-        statement = self.model_to_object(random_statement)
+            statement = self.model_to_object(random_statement)
 
-        session.close()
-        return statement
+            return statement
+        finally:
+            session.close()
 
     def drop(self):
         """
@@ -419,12 +454,13 @@ class SQLStorageAdapter(StorageAdapter):
         Tag = self.get_model('tag')
 
         session = self.Session()
+        try:
+            session.query(Statement).delete()
+            session.query(Tag).delete()
 
-        session.query(Statement).delete()
-        session.query(Tag).delete()
-
-        session.commit()
-        session.close()
+            session.commit()
+        finally:
+            session.close()
 
     def create_database(self):
         """
@@ -438,5 +474,10 @@ class SQLStorageAdapter(StorageAdapter):
         Close the database connection and dispose of the engine.
         This ensures proper cleanup of resources.
         """
+        # Remove thread-local sessions from scoped_session registry
+        if hasattr(self, 'Session'):
+            self.Session.remove()
+
+        # Dispose of the connection pool
         if hasattr(self, 'engine'):
             self.engine.dispose()

chatterbot-1.2.11/tests/test_connection_pool.py

@@ -0,0 +1,268 @@
+"""
+Tests for database connection pool management and concurrency.
+
+These tests verify that the fixes for the connection pool exhaustion
+vulnerability (CVE-TBD) are working correctly.
+"""
+import threading
+import time
+import unittest
+from chatterbot import ChatBot
+from chatterbot.trainers import ListTrainer
+
+
+class ConnectionPoolTestCase(unittest.TestCase):
+    """
+    Test cases for database connection pool management.
+    """
+
+    def setUp(self):
+        """
+        Set up test fixtures before each test.
+        """
+        # Use in-memory SQLite for fast testing
+        # Note: SQLite doesn't use QueuePool, so pool params are ignored
+        self.chatbot = ChatBot(
+            'TestBot',
+            database_uri='sqlite://',
+        )
+        
+        # Train with some basic responses
+        trainer = ListTrainer(self.chatbot)
+        trainer.train([
+            'Hi',
+            'Hello!',
+            'How are you?',
+            'I am doing well.',
+            'What is your name?',
+            'My name is TestBot.',
+        ])
+
+    def tearDown(self):
+        """
+        Clean up after each test.
+        """
+        self.chatbot.storage.drop()
+        self.chatbot.storage.close()
+
+    def test_concurrent_requests_no_exhaustion(self):
+        """
+        Test that concurrent requests don't exhaust the connection pool.
+        
+        This was the original vulnerability - concurrent get_response() calls
+        would leak sessions and exhaust the pool.
+        """
+        num_threads = 30  # More than pool_size + max_overflow
+        responses = []
+        errors = []
+        
+        def make_request():
+            try:
+                response = self.chatbot.get_response('Hi')
+                responses.append(str(response))
+            except Exception as e:
+                errors.append(e)
+        
+        threads = []
+        for _ in range(num_threads):
+            t = threading.Thread(target=make_request)
+            threads.append(t)
+            t.start()
+        
+        # Wait for all threads to complete
+        for t in threads:
+            t.join(timeout=10)
+        
+        # Verify no errors occurred
+        self.assertEqual(len(errors), 0, 
+                        f"Connection pool exhaustion occurred: {errors}")
+        
+        # Verify all threads got responses
+        self.assertEqual(len(responses), num_threads,
+                        "Not all threads received responses")
+
+    def test_rapid_sequential_requests(self):
+        """
+        Test that rapid sequential requests properly release connections.
+        """
+        num_requests = 50  # More than pool size
+        
+        for i in range(num_requests):
+            response = self.chatbot.get_response(f'Request {i}')
+            self.assertIsNotNone(response)
+
+    def test_partial_filter_consumption(self):
+        """
+        Test that partially consuming filter() results doesn't leak sessions.
+        
+        This was a key part of the vulnerability - the filter() generator
+        would not close the session if iteration stopped early.
+        """
+        # Create many statements
+        trainer = ListTrainer(self.chatbot)
+        for i in range(100):
+            trainer.train([f'Question {i}', f'Answer {i}'])
+        
+        # Partially consume filter results many times
+        for _ in range(50):
+            results = self.chatbot.storage.filter()
+            # Only consume first result
+            first = next(results, None)
+            self.assertIsNotNone(first)
+            # Don't consume the rest - this should still clean up the session
+        
+        # If sessions weren't cleaned up, this would fail
+        response = self.chatbot.get_response('Hi')
+        self.assertIsNotNone(response)
+
+    def test_concurrent_training(self):
+        """
+        Test that concurrent training operations don't leak connections.
+        """
+        errors = []
+        
+        def train_batch(batch_id):
+            try:
+                trainer = ListTrainer(self.chatbot)
+                trainer.train([
+                    f'Training question {batch_id}',
+                    f'Training answer {batch_id}',
+                ])
+            except Exception as e:
+                errors.append(e)
+        
+        threads = []
+        for i in range(20):
+            t = threading.Thread(target=train_batch, args=(i,))
+            threads.append(t)
+            t.start()
+        
+        for t in threads:
+            t.join(timeout=10)
+        
+        self.assertEqual(len(errors), 0,
+                        f"Errors during concurrent training: {errors}")
+
+    def test_session_cleanup_on_exception(self):
+        """
+        Test that sessions are cleaned up even when exceptions occur.
+        """
+        # Force an error during a database operation
+        try:
+            # Create a statement with invalid data
+            self.chatbot.storage.create(
+                text='',  # Empty text might cause issues
+                in_response_to=None
+            )
+        except Exception:
+            pass  # Expected to fail
+        
+        # Verify the pool is still usable
+        response = self.chatbot.get_response('Hi')
+        self.assertIsNotNone(response)
+
+    def test_scoped_session_thread_safety(self):
+        """
+        Test that scoped_session provides proper thread isolation.
+        """
+        results = {}
+        
+        def check_session_isolation(thread_id):
+            # Each thread should get its own session
+            session1 = self.chatbot.storage.Session()
+            time.sleep(0.01)  # Small delay to encourage thread interleaving
+            session2 = self.chatbot.storage.Session()
+            
+            # In the same thread, scoped_session should return the same session
+            results[thread_id] = (id(session1) == id(session2))
+            
+            session1.close()
+            # After close, scoped_session should return the same instance
+            # (it doesn't create a new one, just reuses the thread-local one)
+        
+        threads = []
+        for i in range(5):
+            t = threading.Thread(target=check_session_isolation, args=(i,))
+            threads.append(t)
+            t.start()
+        
+        for t in threads:
+            t.join()
+        
+        # All threads should have gotten consistent session behavior
+        for thread_id, same_session in results.items():
+            self.assertTrue(same_session,
+                          f"Thread {thread_id} got different sessions")
+
+
+class ConnectionPoolConfigTestCase(unittest.TestCase):
+    """
+    Test cases for connection pool configuration options.
+    Note: These tests are skipped for SQLite since it uses SingletonThreadPool.
+    """
+
+    def test_pool_config_not_applied_to_sqlite(self):
+        """
+        Test that pool config is not applied to SQLite (uses SingletonThreadPool).
+        """
+        chatbot = ChatBot(
+            'SQLiteBot',
+            database_uri='sqlite://',
+            pool_size=3,  # Should be ignored
+            max_overflow=2,  # Should be ignored
+        )
+        
+        # SQLite uses SingletonThreadPool, not QueuePool
+        from sqlalchemy.pool import SingletonThreadPool
+        self.assertIsInstance(chatbot.storage.engine.pool, SingletonThreadPool)
+        
+        chatbot.storage.close()
+
+    @unittest.skip("Requires PostgreSQL/MySQL database for testing")
+    def test_custom_pool_size_postgres(self):
+        """
+        Test that custom pool_size is respected for PostgreSQL.
+        """
+        # This test would require a PostgreSQL connection
+        # chatbot = ChatBot(
+        #     'ConfigBot',
+        #     database_uri='postgresql://user:pass@localhost/test',
+        #     pool_size=3,
+        #     max_overflow=2,
+        # )
+        # self.assertEqual(chatbot.storage.engine.pool.size(), 3)
+        # chatbot.storage.close()
+        pass
+
+    @unittest.skip("Requires PostgreSQL/MySQL database for testing")
+    def test_default_pool_config_postgres(self):
+        """
+        Test that default pool configuration is applied for PostgreSQL.
+        """
+        # This test would require a PostgreSQL connection
+        # chatbot = ChatBot(
+        #     'DefaultBot',
+        #     database_uri='postgresql://user:pass@localhost/test',
+        # )
+        # pool = chatbot.storage.engine.pool
+        # self.assertEqual(pool.size(), 10)  # Default pool_size
+        # chatbot.storage.close()
+        pass
+
+    @unittest.skip("Requires PostgreSQL/MySQL database for testing")
+    def test_pool_pre_ping_enabled_postgres(self):
+        """
+        Test that pool_pre_ping is enabled by default for PostgreSQL.
+        """
+        # This test would require a PostgreSQL connection
+        # chatbot = ChatBot(
+        #     'PingBot',
+        #     database_uri='postgresql://user:pass@localhost/test',
+        # )
+        # self.assertTrue(chatbot.storage.engine.pool._pre_ping)
+        # chatbot.storage.close()
+        pass
+
+
+if __name__ == '__main__':
+    unittest.main()

chatterbot-1.2.11/tests/test_poc_vulnerability.py

@@ -0,0 +1,152 @@
+"""
+Proof-of-Concept test for the connection pool exhaustion vulnerability (CVE-TBD).
+
+This test demonstrates that the original vulnerability has been fixed.
+The PoC from the security report would cause timeout errors before the fix.
+"""
+import threading
+import tempfile
+import os
+import unittest
+from chatterbot import ChatBot
+from chatterbot.trainers import ListTrainer
+
+
+class PoC_VulnerabilityTestCase(unittest.TestCase):
+    """
+    Test case demonstrating the fix for the connection pool exhaustion vulnerability.
+    
+    This uses a file-based SQLite database which doesn't have the same
+    thread-restrictions as in-memory databases.
+    """
+
+    def setUp(self):
+        """
+        Set up test fixtures.
+        """
+        # Create a temporary database file
+        self.db_fd, self.db_path = tempfile.mkstemp(suffix='.sqlite3')
+        
+        self.chatbot = ChatBot(
+            'TestBot',
+            database_uri=f'sqlite:///{self.db_path}',
+        )
+        
+        # Train with basic data
+        trainer = ListTrainer(self.chatbot)
+        trainer.train(['hello', 'hi there'])
+
+    def tearDown(self):
+        """
+        Clean up after test.
+        """
+        self.chatbot.storage.close()
+        os.close(self.db_fd)
+        os.unlink(self.db_path)
+
+    def test_original_poc_no_longer_causes_timeout(self):
+        """
+        Test that the original PoC from the security report no longer causes errors.
+        
+        Before the fix: This would cause SQLAlchemy TimeoutError due to pool exhaustion
+        After the fix: All requests complete successfully
+        """
+        def attack():
+            try:
+                response = self.chatbot.get_response("hello")
+                results.append(('success', str(response)))
+            except Exception as e:
+                results.append(('error', str(e)))
+        
+        results = []
+        threads = []
+        
+        # Original PoC used 30 threads
+        for _ in range(30):
+            t = threading.Thread(target=attack)
+            t.start()
+            threads.append(t)
+        
+        for t in threads:
+            t.join(timeout=15)  # Should complete well before timeout
+        
+        # Count successes and errors
+        successes = [r for r in results if r[0] == 'success']
+        errors = [r for r in results if r[0] == 'error']
+        
+        # Before fix: Would have many TimeoutError exceptions
+        # After fix: All should succeed
+        self.assertEqual(len(errors), 0,
+                        f"Got {len(errors)} errors (expected 0). Errors: {[e[1] for e in errors][:5]}")
+        self.assertEqual(len(successes), 30,
+                        f"Got {len(successes)} successes (expected 30)")
+
+    def test_high_concurrency_sustained(self):
+        """
+        Test sustained high concurrency doesn't cause issues.
+        """
+        request_count = 0
+        lock = threading.Lock()
+        
+        def make_many_requests():
+            nonlocal request_count
+            for _ in range(10):
+                try:
+                    self.chatbot.get_response("hello")
+                    with lock:
+                        request_count += 1
+                except Exception:
+                    pass
+        
+        threads = []
+        for _ in range(10):  # 10 threads × 10 requests = 100 total
+            t = threading.Thread(target=make_many_requests)
+            t.start()
+            threads.append(t)
+        
+        for t in threads:
+            t.join(timeout=30)
+        
+        # Should have completed all 100 requests
+        self.assertGreater(request_count, 90,  # Allow for some timing issues
+                          f"Only completed {request_count}/100 requests")
+
+
+class SequentialPerformanceTestCase(unittest.TestCase):
+    """
+    Test that the fixes don't negatively impact single-threaded performance.
+    """
+
+    def setUp(self):
+        """
+        Set up test fixtures.
+        """
+        self.db_fd, self.db_path = tempfile.mkstemp(suffix='.sqlite3')
+        
+        self.chatbot = ChatBot(
+            'PerfBot',
+            database_uri=f'sqlite:///{self.db_path}',
+        )
+        
+        trainer = ListTrainer(self.chatbot)
+        trainer.train(['hello', 'hi', 'how are you', 'good'])
+
+    def tearDown(self):
+        """
+        Clean up.
+        """
+        self.chatbot.storage.close()
+        os.close(self.db_fd)
+        os.unlink(self.db_path)
+
+    def test_sequential_requests_still_work(self):
+        """
+        Test that normal sequential usage still works correctly.
+        """
+        for i in range(50):
+            response = self.chatbot.get_response(f"message {i}")
+            self.assertIsNotNone(response)
+
+
+if __name__ == '__main__':
+    unittest.main()