Prevent parsing overly deep Node values

mtdowling · mtdowling · commit ec9ec0a761fa · 2020-05-26T09:50:27.000-07:00
This commit updates the IDL parser to detect overly nested Node values
and throw a syntax exception when the stack gets too deep. This prevents
stack overflows and guards against a pathalogical case.
diff --git a/smithy-model/src/main/java/software/amazon/smithy/model/loader/IdlModelParser.java b/smithy-model/src/main/java/software/amazon/smithy/model/loader/IdlModelParser.java
@@ -72,6 +72,9 @@
 
 final class IdlModelParser {
 
+    /** Only allow nesting up to 250 arrays/objects in node values. */
+    private static final int MAX_NESTING_LEVEL = 250;
+
     private static final String PUT_KEY = "put";
     private static final String CREATE_KEY = "create";
     private static final String READ_KEY = "read";
@@ -111,6 +114,7 @@ final class IdlModelParser {
     private String namespace;
     private String definedVersion;
     private TraitEntry pendingDocumentationComment;
+    private int nestingLevel;
 
     /** Map of shape aliases to their targets. */
     private final Map<String, ShapeId> useShapes = new HashMap<>();
@@ -910,4 +914,14 @@ void skip() {
     int position() {
         return position;
     }
+
+    void increaseNestingLevel() {
+        if (++nestingLevel >= MAX_NESTING_LEVEL) {
+            throw syntax("Node value nesting too deep");
+        }
+    }
+
+    void decreaseNestingLevel() {
+        nestingLevel--;
+    }
 }
diff --git a/smithy-model/src/main/java/software/amazon/smithy/model/loader/IdlNodeParser.java b/smithy-model/src/main/java/software/amazon/smithy/model/loader/IdlNodeParser.java
@@ -104,6 +104,7 @@ static Node parseTextBlock(IdlModelParser parser) {
     }
 
     static ObjectNode parseObjectNode(IdlModelParser parser) {
+        parser.increaseNestingLevel();
         SourceLocation location = parser.currentLocation();
         Map<StringNode, Node> entries = new LinkedHashMap<>();
         parser.expect('{');
@@ -132,6 +133,7 @@ static ObjectNode parseObjectNode(IdlModelParser parser) {
         }
 
         parser.expect('}');
+        parser.decreaseNestingLevel();
         return new ObjectNode(entries, location);
     }
 
@@ -144,6 +146,7 @@ static String parseNodeObjectKey(IdlModelParser parser) {
     }
 
     private static ArrayNode parseArrayNode(IdlModelParser parser) {
+        parser.increaseNestingLevel();
         SourceLocation location = parser.currentLocation();
         List<Node> items = new ArrayList<>();
         parser.expect('[');
@@ -166,6 +169,7 @@ private static ArrayNode parseArrayNode(IdlModelParser parser) {
         }
 
         parser.expect(']');
+        parser.decreaseNestingLevel();
         return new ArrayNode(items, location);
     }
 }
diff --git a/smithy-model/src/test/java/software/amazon/smithy/model/loader/IdlModelLoaderTest.java b/smithy-model/src/test/java/software/amazon/smithy/model/loader/IdlModelLoaderTest.java
@@ -16,17 +16,20 @@
 package software.amazon.smithy.model.loader;
 
 import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.not;
 
 import java.util.Optional;
+import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 import software.amazon.smithy.model.Model;
 import software.amazon.smithy.model.SourceLocation;
 import software.amazon.smithy.model.shapes.MemberShape;
 import software.amazon.smithy.model.shapes.ResourceShape;
 import software.amazon.smithy.model.shapes.Shape;
 import software.amazon.smithy.model.shapes.ShapeId;
+import software.amazon.smithy.model.validation.ValidatedResultException;
 
 public class IdlModelLoaderTest {
     @Test
@@ -94,4 +97,23 @@ public void defersApplyTargetAndTrait() {
         assertThat(shape.findTrait(ShapeId.from("smithy.example#bar")), not(Optional.empty()));
         assertThat(shape.findTrait(ShapeId.from("smithy.example.b#baz")), not(Optional.empty()));
     }
+
+    @Test
+    public void limitsRecursion() {
+        StringBuilder nodeBuilder = new StringBuilder("metadata foo = ");
+        for (int i = 0; i < 251; i++) {
+            nodeBuilder.append('[');
+        }
+        nodeBuilder.append("true");
+        for (int i = 0; i < 251; i++) {
+            nodeBuilder.append(']');
+        }
+        nodeBuilder.append("\n");
+
+        ValidatedResultException e = Assertions.assertThrows(ValidatedResultException.class, () -> {
+            Model.assembler().addUnparsedModel("/foo.smithy", nodeBuilder.toString()).assemble().unwrap();
+        });
+
+        assertThat(e.getMessage(), containsString("Node value nesting too deep"));
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -104,6 +104,7 @@ static Node parseTextBlock(IdlModelParser parser) {`
`104`	`104`	`}`
`105`	`105`
`106`	`106`	`static ObjectNode parseObjectNode(IdlModelParser parser) {`
	`107`	`+ parser.increaseNestingLevel();`
`107`	`108`	`SourceLocation location = parser.currentLocation();`
`108`	`109`	`Map<StringNode, Node> entries = new LinkedHashMap<>();`
`109`	`110`	`parser.expect('{');`
`@@ -132,6 +133,7 @@ static ObjectNode parseObjectNode(IdlModelParser parser) {`
`132`	`133`	`}`
`133`	`134`
`134`	`135`	`parser.expect('}');`
	`136`	`+ parser.decreaseNestingLevel();`
`135`	`137`	`return new ObjectNode(entries, location);`
`136`	`138`	`}`
`137`	`139`
`@@ -144,6 +146,7 @@ static String parseNodeObjectKey(IdlModelParser parser) {`
`144`	`146`	`}`
`145`	`147`
`146`	`148`	`private static ArrayNode parseArrayNode(IdlModelParser parser) {`
	`149`	`+ parser.increaseNestingLevel();`
`147`	`150`	`SourceLocation location = parser.currentLocation();`
`148`	`151`	`List<Node> items = new ArrayList<>();`
`149`	`152`	`parser.expect('[');`
`@@ -166,6 +169,7 @@ private static ArrayNode parseArrayNode(IdlModelParser parser) {`
`166`	`169`	`}`
`167`	`170`
`168`	`171`	`parser.expect(']');`
	`172`	`+ parser.decreaseNestingLevel();`
`169`	`173`	`return new ArrayNode(items, location);`
`170`	`174`	`}`
`171`	`175`	`}`