police against issues with writing cyclic data (#421)

Author: pjfanning

csv/src/main/java/com/fasterxml/jackson/dataformat/csv/CsvGenerator.java

@@ -478,6 +478,11 @@ public CsvGenerator disable(Feature f) {
         return this;
     }
 
+    @Override
+    public StreamWriteConstraints streamWriteConstraints() {
+        return _ioContext.streamWriteConstraints();
+    }
+
     /*
     /**********************************************************
     /* Public API: low-level I/O
@@ -551,6 +556,7 @@ && _skipValue && isEnabled(JsonGenerator.Feature.IGNORE_UNKNOWN)) {
             }
         }
         _tokenWriteContext = _tokenWriteContext.createChildArrayContext(null);
+        streamWriteConstraints().validateNestingDepth(_tokenWriteContext.getNestingDepth());
         // and that's about it, really
     }
 
@@ -597,6 +603,7 @@ public final void writeStartObject() throws IOException
             }
         }
         _tokenWriteContext = _tokenWriteContext.createChildObjectContext(null);
+        streamWriteConstraints().validateNestingDepth(_tokenWriteContext.getNestingDepth());
     }
 
     @Override

csv/src/main/java/com/fasterxml/jackson/dataformat/csv/impl/SimpleTokenWriteContext.java

@@ -60,6 +60,7 @@ protected SimpleTokenWriteContext(int type, SimpleTokenWriteContext parent, DupD
         super();
         _type = type;
         _parent = parent;
+        _nestingDepth = parent == null ? 0 : parent._nestingDepth + 1;
         _dups = dups;
         _index = -1;
         _currentValue = currentValue;

csv/src/test/java/com/fasterxml/jackson/dataformat/csv/ser/dos/CyclicDataSerTest.java

@@ -0,0 +1,32 @@
+package com.fasterxml.jackson.dataformat.csv.ser.dos;
+
+import com.fasterxml.jackson.core.StreamWriteConstraints;
+import com.fasterxml.jackson.databind.JsonMappingException;
+import com.fasterxml.jackson.dataformat.csv.CsvMapper;
+import com.fasterxml.jackson.dataformat.csv.ModuleTestBase;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Simple unit tests to verify that we fail gracefully if you attempt to serialize
+ * data that is cyclic (eg a list that contains itself).
+ */
+public class CyclicDataSerTest extends ModuleTestBase
+{
+    private final CsvMapper MAPPER = mapperForCsv();
+
+    public void testListWithSelfReference() throws Exception {
+        List<Object> list = new ArrayList<>();
+        list.add(list);
+        try {
+            MAPPER.writeValueAsString(list);
+            fail("expected JsonMappingException");
+        } catch (JsonMappingException jmex) {
+            String exceptionPrefix = String.format("Document nesting depth (%d) exceeds the maximum allowed",
+                    StreamWriteConstraints.DEFAULT_MAX_DEPTH + 1);
+            assertTrue("JsonMappingException message is as expected?",
+                    jmex.getMessage().startsWith(exceptionPrefix));
+        }
+    }
+}

properties/src/main/java/com/fasterxml/jackson/dataformat/javaprop/JavaPropsGenerator.java

@@ -80,6 +80,11 @@ public JavaPropsGenerator(IOContext ctxt, int stdFeatures, ObjectCodec codec)
         _jpropContext = JPropWriteContext.createRootContext();
     }
 
+    @Override
+    public StreamWriteConstraints streamWriteConstraints() {
+        return _ioContext.streamWriteConstraints();
+    }
+
     @Override // since 2.13
     public Object currentValue() {
         return _jpropContext.getCurrentValue();
@@ -267,6 +272,7 @@ public void writeFieldName(String name) throws IOException
     public void writeStartArray() throws IOException {
         _verifyValueWrite("start an array");
         _jpropContext = _jpropContext.createChildArrayContext(_basePath.length());
+        streamWriteConstraints().validateNestingDepth(_jpropContext.getNestingDepth());
     }
 
     @Override
@@ -281,6 +287,7 @@ public void writeEndArray() throws IOException {
     public void writeStartObject() throws IOException {
         _verifyValueWrite("start an object");
         _jpropContext = _jpropContext.createChildObjectContext(_basePath.length());
+        streamWriteConstraints().validateNestingDepth(_jpropContext.getNestingDepth());
     }
 
     @Override

properties/src/main/java/com/fasterxml/jackson/dataformat/javaprop/io/JPropWriteContext.java

@@ -59,6 +59,7 @@ protected JPropWriteContext(int type, JPropWriteContext parent,
         super();
         _type = type;
         _parent = parent;
+        _nestingDepth = parent == null ? 0 : parent._nestingDepth + 1;
         _basePathLength = basePathLength;
         _index = -1;
     }

properties/src/test/java/com/fasterxml/jackson/dataformat/javaprop/dos/CyclicDataSerTest.java

@@ -0,0 +1,32 @@
+package com.fasterxml.jackson.dataformat.javaprop.dos;
+
+import com.fasterxml.jackson.core.StreamWriteConstraints;
+import com.fasterxml.jackson.databind.JsonMappingException;
+import com.fasterxml.jackson.dataformat.javaprop.JavaPropsMapper;
+import com.fasterxml.jackson.dataformat.javaprop.ModuleTestBase;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Simple unit tests to verify that we fail gracefully if you attempt to serialize
+ * data that is cyclic (eg a list that contains itself).
+ */
+public class CyclicDataSerTest extends ModuleTestBase
+{
+    private final JavaPropsMapper MAPPER = newPropertiesMapper();
+
+    public void testListWithSelfReference() throws Exception {
+        List<Object> list = new ArrayList<>();
+        list.add(list);
+        try {
+            MAPPER.writeValueAsString(list);
+            fail("expected JsonMappingException");
+        } catch (JsonMappingException jmex) {
+            String exceptionPrefix = String.format("Document nesting depth (%d) exceeds the maximum allowed",
+                    StreamWriteConstraints.DEFAULT_MAX_DEPTH + 1);
+            assertTrue("JsonMappingException message is as expected?",
+                    jmex.getMessage().startsWith(exceptionPrefix));
+        }
+    }
+}

properties/src/test/java/com/fasterxml/jackson/dataformat/javaprop/dos/DeepNestParserTest.java

@@ -23,8 +23,10 @@ public void testDeeplyNestedData() throws IOException {
             }
             fail("expected StreamConstraintsException");
         } catch (StreamConstraintsException e) {
+            String exceptionPrefix = String.format("Document nesting depth (%d) exceeds the maximum allowed",
+                    StreamReadConstraints.DEFAULT_MAX_DEPTH + 1);
             assertTrue("unexpected exception message: " + e.getMessage(),
-                    e.getMessage().startsWith("Document nesting depth (1001) exceeds the maximum allowed"));
+                    e.getMessage().startsWith(exceptionPrefix));
         }
     }
 

toml/src/main/java/com/fasterxml/jackson/dataformat/toml/TomlGenerator.java

@@ -91,6 +91,11 @@ public TomlGenerator(IOContext ioCtxt, int stdFeatures, int tomlFeatures, Object
         _outputEnd = _outputBuffer.length;
     }
 
+    @Override
+    public StreamWriteConstraints streamWriteConstraints() {
+        return _ioContext.streamWriteConstraints();
+    }
+
     /*
     /**********************************************************************
     /* Versioned
@@ -343,6 +348,7 @@ public void writeStartArray(Object currValue) throws IOException {
         _verifyValueWrite("start an array", true);
         _streamWriteContext = _streamWriteContext.createChildArrayContext(currValue,
                 _basePath.length());
+        streamWriteConstraints().validateNestingDepth(_streamWriteContext.getNestingDepth());
         if (_streamWriteContext._inline) {
             _writeRaw('[');
         }
@@ -373,6 +379,7 @@ public void writeStartObject(Object forValue) throws IOException {
         // objects aren't always materialized right now
         _verifyValueWrite("start an object", false);
         _streamWriteContext = _streamWriteContext.createChildObjectContext(forValue, _basePath.length());
+        streamWriteConstraints().validateNestingDepth(_streamWriteContext.getNestingDepth());
         if (_streamWriteContext._inline) {
             writeRaw('{');
         }

toml/src/main/java/com/fasterxml/jackson/dataformat/toml/TomlWriteContext.java

@@ -56,6 +56,7 @@ final class TomlWriteContext extends JsonStreamContext {
         super();
         _type = type;
         _parent = parent;
+        _nestingDepth = parent == null ? 0 : parent._nestingDepth + 1;
         _basePathLength = basePathLength;
         _index = -1;
         _currentValue = currValue;

toml/src/test/java/com/fasterxml/jackson/dataformat/toml/FuzzTomlReadTest.java

@@ -4,6 +4,8 @@
 import java.io.InputStream;
 import java.util.Arrays;
 
+import com.fasterxml.jackson.core.StreamReadConstraints;
+import com.fasterxml.jackson.core.StreamWriteConstraints;
 import com.fasterxml.jackson.core.exc.StreamConstraintsException;
 import org.junit.Assert;
 import org.junit.Test;
@@ -62,7 +64,9 @@ public void testParseInlineTable50432() throws Exception
                 TOML_MAPPER.readTree(is);
                 Assert.fail("Should not pass");
             } catch (IOException e) {
-                verifyException(e, "Document nesting depth (1001) exceeds the maximum allowed");
+                String exceptionPrefix = String.format("Document nesting depth (%d) exceeds the maximum allowed",
+                        StreamReadConstraints.DEFAULT_MAX_DEPTH + 1);
+                verifyException(e, exceptionPrefix);
             }
         }
     }
@@ -120,7 +124,9 @@ public void testStackOverflow50083() throws Exception
             TOML_MAPPER.readTree(input.toString());
             Assert.fail("Should not pass");
         } catch (StreamConstraintsException e) {
-            verifyException(e, "Document nesting depth (1001) exceeds the maximum allowed");
+            String exceptionPrefix = String.format("Document nesting depth (%d) exceeds the maximum allowed",
+                    StreamWriteConstraints.DEFAULT_MAX_DEPTH + 1);
+            verifyException(e, exceptionPrefix);
         }
     }