Fixes #392: add max-doc-length validation for cbor, smile (#476)

Author: cowtowncoder

cbor/src/main/java/com/fasterxml/jackson/dataformat/cbor/CBORParser.java

@@ -182,6 +182,11 @@ public int getFirstTag() {
      */
     protected final IOContext _ioContext;
 
+    /**
+     * @since 2.17
+     */
+    protected final StreamReadConstraints _streamReadConstraints;
+    
     /**
      * Flag that indicates whether parser is closed or not. Gets
      * set when parser is either closed by explicit call
@@ -532,11 +537,13 @@ public CBORParser(IOContext ctxt, int parserFeatures, int cborFeatures,
 
         _tokenInputRow = -1;
         _tokenInputCol = -1;
+
+        _streamReadConstraints = ctxt.streamReadConstraints();
     }
 
     @Override
     public StreamReadConstraints streamReadConstraints() {
-        return _ioContext.streamReadConstraints();
+        return _streamReadConstraints;
     }
 
     @Override
@@ -1127,7 +1134,7 @@ protected JsonToken _handleTaggedBinary(TagList tags) throws IOException
         if (_binaryValue.length == 0) {
             _numberBigInt = BigInteger.ZERO;
         } else {
-            streamReadConstraints().validateIntegerLength(_binaryValue.length);
+            _streamReadConstraints.validateIntegerLength(_binaryValue.length);
             BigInteger nr = new BigInteger(_binaryValue);
             if (neg) {
                 nr = nr.negate();
@@ -2163,7 +2170,7 @@ protected void convertNumberToBigInteger() throws IOException
     {
         if ((_numTypesValid & NR_BIGDECIMAL) != 0) {
             // here it'll just get truncated, no exceptions thrown
-            streamReadConstraints().validateBigIntegerScale(_numberBigDecimal.scale());
+            _streamReadConstraints.validateBigIntegerScale(_numberBigDecimal.scale());
             _numberBigInt = _numberBigDecimal.toBigInteger();
         } else if ((_numTypesValid & NR_LONG) != 0) {
             _numberBigInt = BigInteger.valueOf(_numberLong);
@@ -2232,7 +2239,7 @@ protected void convertNumberToBigDecimal() throws IOException
             if (text == null) {
                 _throwInternal();
             }
-            streamReadConstraints().validateFPLength(text.length());
+            _streamReadConstraints.validateFPLength(text.length());
             _numberBigDecimal = NumberInput.parseBigDecimal(
                     text, isEnabled(StreamReadFeature.USE_FAST_BIG_NUMBER_PARSER));
         } else if ((_numTypesValid & NR_BIGINT) != 0) {
@@ -3655,7 +3662,7 @@ protected boolean loadMore() throws IOException
     {
         if (_inputStream != null) {
             _currInputProcessed += _inputEnd;
-
+            _streamReadConstraints.validateDocumentLength(_currInputProcessed);
             int count = _inputStream.read(_inputBuffer, 0, _inputBuffer.length);
             if (count > 0) {
                 _inputPtr = 0;
@@ -3697,6 +3704,7 @@ protected final void _loadToHaveAtLeast(int minAvailable) throws IOException
         }
         // Needs to be done here, as per [dataformats-binary#178]
         _currInputProcessed += _inputPtr;
+        _streamReadConstraints.validateDocumentLength(_currInputProcessed);
         _inputPtr = 0;
         while (_inputEnd < minAvailable) {
             int count = _inputStream.read(_inputBuffer, _inputEnd, _inputBuffer.length - _inputEnd);
@@ -3731,6 +3739,7 @@ protected final boolean _tryToLoadToHaveAtLeast(int minAvailable) throws IOExcep
         }
         // Needs to be done here, as per [dataformats-binary#178]
         _currInputProcessed += _inputPtr;
+        _streamReadConstraints.validateDocumentLength(_currInputProcessed);
         _inputPtr = 0;
         while (_inputEnd < minAvailable) {
             int count = _inputStream.read(_inputBuffer, _inputEnd, _inputBuffer.length - _inputEnd);
@@ -3906,11 +3915,11 @@ private final BigInteger _bigNegative(long l) {
 
     private void createChildArrayContext(final int len) throws IOException {
         _streamReadContext = _streamReadContext.createChildArrayContext(len);
-        streamReadConstraints().validateNestingDepth(_streamReadContext.getNestingDepth());
+        _streamReadConstraints.validateNestingDepth(_streamReadContext.getNestingDepth());
     }
 
     private void createChildObjectContext(final int len) throws IOException {
         _streamReadContext = _streamReadContext.createChildObjectContext(len);
-        streamReadConstraints().validateNestingDepth(_streamReadContext.getNestingDepth());
+        _streamReadConstraints.validateNestingDepth(_streamReadContext.getNestingDepth());
     }
 }

cbor/src/test/java/com/fasterxml/jackson/dataformat/cbor/gen/constraints/DeeplyNestedCBORReadWriteTest.java

@@ -7,6 +7,7 @@
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ArrayNode;
 import com.fasterxml.jackson.databind.node.ObjectNode;
 
 import com.fasterxml.jackson.dataformat.cbor.CBORFactory;
@@ -26,17 +27,18 @@ public class DeeplyNestedCBORReadWriteTest extends CBORTestBase
             .build()
             );
 
-    public void testDeepNestingRead() throws Exception
-    {
-        final byte[] DOC = MAPPER_CONSTRAINED.writeValueAsBytes(createDeepNestedDoc(11));
-        try (JsonParser p = MAPPER_CONSTRAINED.createParser(DOC)) {
-            _testDeepNestingRead(p);
-        }
+    public void testDeepNestingArrayRead() throws Exception {
+        _testDeepNestingRead(createDeepNestedArrayDoc(13));
+    }
+
+    public void testDeepNestingObjectRead() throws Exception {
+        _testDeepNestingRead(createDeepNestedObjectDoc(13));
     }
 
-    private void _testDeepNestingRead(JsonParser p) throws Exception
+    private void _testDeepNestingRead(JsonNode docRoot) throws Exception
     {
-        try {
+        byte[] doc = MAPPER_VANILLA.writeValueAsBytes(docRoot);
+        try (JsonParser p = MAPPER_CONSTRAINED.createParser(doc)) {
             while (p.nextToken() != null) { }
             fail("expected StreamConstraintsException");
         } catch (StreamConstraintsException e) {
@@ -45,9 +47,16 @@ private void _testDeepNestingRead(JsonParser p) throws Exception
         }
     }
 
-    public void testDeepNestingWrite() throws Exception
+    public void testDeepNestingArrayWrite() throws Exception {
+        _testDeepNestingWrite(createDeepNestedArrayDoc(13));
+    }
+
+    public void testDeepNestingObjectWrite() throws Exception {
+        _testDeepNestingWrite(createDeepNestedObjectDoc(13));
+    }
+
+    private void _testDeepNestingWrite(JsonNode docRoot) throws Exception
     {
-        final JsonNode docRoot = createDeepNestedDoc(13);
         try {
             MAPPER_CONSTRAINED.writeValueAsBytes(docRoot);
             fail("Should not pass");
@@ -57,7 +66,19 @@ public void testDeepNestingWrite() throws Exception
         }
     }
 
-    private JsonNode createDeepNestedDoc(final int depth) throws Exception
+    private JsonNode createDeepNestedArrayDoc(final int depth) throws Exception
+    {
+        final ArrayNode root = MAPPER_VANILLA.createArrayNode();
+        ArrayNode curr = root;
+        for (int i = 0; i < depth; ++i) {
+            curr.add(42);
+            curr = curr.addArray();
+        }
+        curr.add("text");
+        return root;
+    }
+
+    private JsonNode createDeepNestedObjectDoc(final int depth) throws Exception
     {
         final ObjectNode root = MAPPER_VANILLA.createObjectNode();
         ObjectNode curr = root;

cbor/src/test/java/com/fasterxml/jackson/dataformat/cbor/gen/constraints/LongDocumentCBORReadTest.java

@@ -0,0 +1,63 @@
+package com.fasterxml.jackson.dataformat.cbor.gen.constraints;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.util.UUID;
+
+import com.fasterxml.jackson.core.JsonGenerator;
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.StreamReadConstraints;
+import com.fasterxml.jackson.core.exc.StreamConstraintsException;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.dataformat.cbor.CBORFactory;
+import com.fasterxml.jackson.dataformat.cbor.CBORTestBase;
+
+public class LongDocumentCBORReadTest extends CBORTestBase
+{
+    private final ObjectMapper MAPPER_VANILLA = cborMapper();
+
+    private final ObjectMapper MAPPER_CONSTRAINED = cborMapper(
+            CBORFactory.builder()
+            // limit to 100kB doc reads
+                .streamReadConstraints(StreamReadConstraints.builder()
+                    .maxDocumentLength(50_000)
+            .build()
+            ).build());
+
+    public void testLongDocumentConstraint() throws Exception
+    {
+        // Need a bit longer than minimum since checking is approximate, not exact
+        byte[] doc = createBigDoc(60_000);
+        // Must read from `InputStream` as validation is during "loadMore()":
+        try (JsonParser p = MAPPER_CONSTRAINED.createParser(new ByteArrayInputStream(doc))) {
+            while (p.nextToken() != null) { }
+            fail("expected StreamConstraintsException");
+        } catch (StreamConstraintsException e) {
+            final String msg = e.getMessage();
+
+            assertTrue(msg.contains("Document length ("));
+            assertTrue(msg.contains("exceeds the maximum allowed (50000"));
+        }
+    }
+    
+    private byte[] createBigDoc(final int size) throws Exception
+    {
+        ByteArrayOutputStream bytes = new ByteArrayOutputStream(size + 1000);
+        try (JsonGenerator g = MAPPER_VANILLA.createGenerator(bytes)) {
+            g.writeStartArray();
+
+            do {
+                g.writeStartObject();
+                g.writeStringField("id", UUID.randomUUID().toString());
+                g.writeNumberField("size", bytes.size());
+                g.writeNumberField("stuff", Long.MAX_VALUE);
+                g.writeEndObject();
+                
+                g.flush();
+            } while (bytes.size() < size);
+            g.writeEndArray();
+        }
+        return bytes.toByteArray();
+    }
+}

release-notes/VERSION-2.x

@@ -18,6 +18,8 @@ Active maintainers:
 
 #316 (cbor) Uncaught exception in
   `com.fasterxml.jackson.dataformat.cbor.CBORParser._finishShortText`
+#392: (cbor, smile) Support `StreamReadConstraints.maxDocumentLength`
+  validation for CBOR, Smile
 #417: (ion) `IonReader` classes contain assert statement which could throw
   unexpected `AssertionError`
  (fix contributed by Arthur C)

smile/src/main/java/com/fasterxml/jackson/dataformat/smile/SmileParser.java

@@ -276,6 +276,7 @@ protected final boolean _loadMore() throws IOException
         if (_inputStream != null) {
             int count = _inputStream.read(_inputBuffer, 0, _inputBuffer.length);
             _currInputProcessed += _inputEnd;
+            _streamReadConstraints.validateDocumentLength(_currInputProcessed);
             _inputPtr = 0;
             if (count > 0) {
                 _inputEnd = count;
@@ -334,6 +335,7 @@ protected final int _tryToLoadToHaveAtLeast(int minAvailable) throws IOException
         // Need to move remaining data in front?
         int amount = _inputEnd - _inputPtr;
         _currInputProcessed += _inputPtr;
+        _streamReadConstraints.validateDocumentLength(_currInputProcessed);
         if (amount > 0 && _inputPtr > 0) {
             //_currInputRowStart -= _inputPtr;
             System.arraycopy(_inputBuffer, _inputPtr, _inputBuffer, 0, amount);
@@ -2246,7 +2248,7 @@ private final void _finishBigInteger() throws IOException
         if (raw.length == 0) {
             _numberBigInt = BigInteger.ZERO;
         } else {
-            streamReadConstraints().validateIntegerLength(raw.length);
+            _streamReadConstraints.validateIntegerLength(raw.length);
             _numberBigInt = new BigInteger(raw);
         }
         _numTypesValid = NR_BIGINT;
@@ -2294,7 +2296,7 @@ private final void _finishBigDecimal() throws IOException
         if (raw.length == 0) {
             _numberBigDecimal = BigDecimal.ZERO;
         } else {
-            streamReadConstraints().validateFPLength(raw.length);
+            _streamReadConstraints.validateFPLength(raw.length);
             BigInteger unscaledValue = new BigInteger(raw);
             _numberBigDecimal = new BigDecimal(unscaledValue, scale);
         }
@@ -3129,12 +3131,12 @@ private final JsonToken _eofAsNextToken() throws IOException {
 
     private void createChildArrayContext(final int lineNr, final int colNr) throws IOException {
         _streamReadContext = _streamReadContext.createChildArrayContext(lineNr, colNr);
-        streamReadConstraints().validateNestingDepth(_streamReadContext.getNestingDepth());
+        _streamReadConstraints.validateNestingDepth(_streamReadContext.getNestingDepth());
     }
 
     private void createChildObjectContext(final int lineNr, final int colNr) throws IOException {
         _streamReadContext = _streamReadContext.createChildObjectContext(lineNr, colNr);
-        streamReadConstraints().validateNestingDepth(_streamReadContext.getNestingDepth());
+        _streamReadConstraints.validateNestingDepth(_streamReadContext.getNestingDepth());
     }
 }
 

smile/src/main/java/com/fasterxml/jackson/dataformat/smile/SmileParserBase.java

@@ -71,6 +71,11 @@ public abstract class SmileParserBase extends ParserMinimalBase
      */
     protected final IOContext _ioContext;
 
+    /**
+     * @since 2.17
+     */
+    protected final StreamReadConstraints _streamReadConstraints;
+
     /**
      * Flag that indicates whether parser is closed or not. Gets
      * set when parser is either closed by explicit call
@@ -252,6 +257,7 @@ protected SmileParserBase(IOContext ctxt, int parserFeatures, int formatFeatures
         super(parserFeatures);
         _formatFeatures = formatFeatures;
         _ioContext = ctxt;
+        _streamReadConstraints = ctxt.streamReadConstraints();
         _symbols = sym;
         _symbolsCanonical = sym.isCanonicalizing();
         DupDetector dups = Feature.STRICT_DUPLICATE_DETECTION.enabledIn(parserFeatures)
@@ -262,7 +268,7 @@ protected SmileParserBase(IOContext ctxt, int parserFeatures, int formatFeatures
 
     @Override
     public StreamReadConstraints streamReadConstraints() {
-        return _ioContext.streamReadConstraints();
+        return _streamReadConstraints;
     }
 
     /*
@@ -678,7 +684,7 @@ protected final void convertNumberToBigInteger() throws IOException
     {
         if ((_numTypesValid & NR_BIGDECIMAL) != 0) {
             // here it'll just get truncated, no exceptions thrown
-            streamReadConstraints().validateBigIntegerScale(_numberBigDecimal.scale());
+            _streamReadConstraints.validateBigIntegerScale(_numberBigDecimal.scale());
             _numberBigInt = _numberBigDecimal.toBigInteger();
         } else if ((_numTypesValid & NR_LONG) != 0) {
             _numberBigInt = BigInteger.valueOf(_numberLong);

smile/src/main/java/com/fasterxml/jackson/dataformat/smile/async/NonBlockingByteArrayParser.java

@@ -90,6 +90,7 @@ public void feedInput(byte[] buf, int start, int end) throws IOException
         }
         // Time to update pointers first
         _currInputProcessed += _origBufferLen;
+        _streamReadConstraints.validateDocumentLength(_currInputProcessed);
 
         // And then update buffer settings
         _inputBuffer = buf;
@@ -1291,7 +1292,7 @@ private final JsonToken _finishBigIntBody() throws IOException
     {
         if (_decode7BitEncoded()) { // got it all!
             final byte[] array = _byteArrayBuilder.toByteArray();
-            streamReadConstraints().validateIntegerLength(array.length);
+            _streamReadConstraints.validateIntegerLength(array.length);
             _numberBigInt = new BigInteger(array);
             _numberType = NumberType.BIG_INTEGER;
             _numTypesValid = NR_BIGINT;
@@ -1440,7 +1441,7 @@ private final JsonToken _finishBigDecimalBody() throws IOException
             // note: scale value is signed, needs zigzag, so:
             final int scale = SmileUtil.zigzagDecode((int) _pending64);
             final byte[] array = _byteArrayBuilder.toByteArray();
-            streamReadConstraints().validateFPLength(array.length);
+            _streamReadConstraints.validateFPLength(array.length);
             BigInteger bigInt = new BigInteger(array);
             _numberBigDecimal = new BigDecimal(bigInt, scale);
             _numberType = NumberType.BIG_DECIMAL;