Skip to content

Commit

Permalink
Add a system property to configure YamlParser codepoint limits (#12301)
Browse files Browse the repository at this point in the history
Signed-off-by: Andriy Redko <[email protected]>
(cherry picked from commit bff8eb7)
  • Loading branch information
reta committed Feb 13, 2024
1 parent dfa41ea commit d52d89c
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 3 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- [Bug] Check phase name before SearchRequestOperationsListener onPhaseStart ([#12094](https://github.com/opensearch-project/OpenSearch/pull/12094))
- Add advance(int) for numeric values in order to allow point based optimization to kick in ([#12089](https://github.com/opensearch-project/OpenSearch/pull/12089))
- Fix Span operation names generated from RestActions ([#12005](https://github.com/opensearch-project/OpenSearch/pull/12005))
- Add a system property to configure YamlParser codepoint limits ([#12298](https://github.com/opensearch-project/OpenSearch/pull/12298))

### Security

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
*/
@InternalApi
public interface XContentContraints {
final String DEFAULT_CODEPOINT_LIMIT_PROPERTY = "opensearch.xcontent.codepoint.max";
final String DEFAULT_MAX_STRING_LEN_PROPERTY = "opensearch.xcontent.string.length.max";
final String DEFAULT_MAX_NAME_LEN_PROPERTY = "opensearch.xcontent.name.length.max";
final String DEFAULT_MAX_DEPTH_PROPERTY = "opensearch.xcontent.depth.max";
Expand All @@ -34,4 +35,6 @@ public interface XContentContraints {
final int DEFAULT_MAX_DEPTH = Integer.parseInt(
System.getProperty(DEFAULT_MAX_DEPTH_PROPERTY, Integer.toString(Integer.MAX_VALUE) /* no limit */ )
);

final int DEFAULT_CODEPOINT_LIMIT = Integer.parseInt(System.getProperty(DEFAULT_CODEPOINT_LIMIT_PROPERTY, "52428800" /* ~50 Mb */));
}
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
import com.fasterxml.jackson.core.StreamWriteConstraints;
import com.fasterxml.jackson.core.StreamWriteFeature;
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
import com.fasterxml.jackson.dataformat.yaml.YAMLFactoryBuilder;

import org.opensearch.common.xcontent.XContentContraints;
import org.opensearch.common.xcontent.XContentType;
Expand All @@ -56,6 +57,8 @@
import java.io.Reader;
import java.util.Set;

import org.yaml.snakeyaml.LoaderOptions;

/**
* A YAML based content implementation using Jackson.
*/
Expand All @@ -70,7 +73,9 @@ public static XContentBuilder contentBuilder() throws IOException {
public static final YamlXContent yamlXContent;

static {
yamlFactory = new YAMLFactory();
final LoaderOptions loaderOptions = new LoaderOptions();
loaderOptions.setCodePointLimit(DEFAULT_CODEPOINT_LIMIT);
yamlFactory = new YAMLFactoryBuilder(new YAMLFactory()).loaderOptions(loaderOptions).build();
yamlFactory.configure(JsonParser.Feature.STRICT_DUPLICATE_DETECTION, true);
yamlFactory.setStreamWriteConstraints(StreamWriteConstraints.builder().maxNestingDepth(DEFAULT_MAX_DEPTH).build());
yamlFactory.setStreamReadConstraints(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ public class XContentParserTests extends OpenSearchTestCase {
() -> randomAlphaOfLengthBetween(1, SmileXContent.DEFAULT_MAX_STRING_LEN / 10), /* limit to ~200Mb */
/* YAML parser limitation */
XContentType.YAML,
() -> randomAlphaOfLengthBetween(1, 3140000)
() -> randomRealisticUnicodeOfCodepointLengthBetween(1, YamlXContent.DEFAULT_CODEPOINT_LIMIT)
);

private static final Map<XContentType, Supplier<String>> FIELD_NAME_GENERATORS = Map.of(
Expand All @@ -106,7 +106,7 @@ public class XContentParserTests extends OpenSearchTestCase {

public void testStringOffLimit() throws IOException {
final String field = randomAlphaOfLengthBetween(1, 5);
final String value = randomRealisticUnicodeOfCodepointLength(3145730);
final String value = randomRealisticUnicodeOfCodepointLength(YamlXContent.DEFAULT_CODEPOINT_LIMIT + 1);

try (XContentBuilder builder = XContentBuilder.builder(XContentType.YAML.xContent())) {
builder.startObject();
Expand Down

0 comments on commit d52d89c

Please sign in to comment.