From 20eff063854712aae0fd8fcdad180176996705b1 Mon Sep 17 00:00:00 2001 From: Sandesh Kumar Date: Mon, 17 Jun 2024 19:28:14 +0530 Subject: [PATCH] Add max depth in resolving a pattern to avoid OOM Signed-off-by: Sandesh Kumar --- libs/grok/src/main/java/org/opensearch/grok/Grok.java | 5 +++++ .../src/test/java/org/opensearch/grok/GrokTests.java | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/libs/grok/src/main/java/org/opensearch/grok/Grok.java b/libs/grok/src/main/java/org/opensearch/grok/Grok.java index 1b1d254f4bcfe..ab4f555310b7c 100644 --- a/libs/grok/src/main/java/org/opensearch/grok/Grok.java +++ b/libs/grok/src/main/java/org/opensearch/grok/Grok.java @@ -90,6 +90,7 @@ public final class Grok { UTF8Encoding.INSTANCE, Syntax.DEFAULT ); + private static final int MAX_PATTERN_DEPTH_SIZE = 1_000; private static final int MAX_TO_REGEX_ITERATIONS = 100_000; // sanity limit @@ -222,6 +223,10 @@ private void validatePatternBank(String initialPatternName) { pathMap.remove(patternName); queue.pop(); } + + if (queue.size() > MAX_PATTERN_DEPTH_SIZE) { + throw new IllegalArgumentException("Pattern references exceeded maximum depth of " + MAX_PATTERN_DEPTH_SIZE); + } } } diff --git a/libs/grok/src/test/java/org/opensearch/grok/GrokTests.java b/libs/grok/src/test/java/org/opensearch/grok/GrokTests.java index a37689e051c67..78a3ea9935915 100644 --- a/libs/grok/src/test/java/org/opensearch/grok/GrokTests.java +++ b/libs/grok/src/test/java/org/opensearch/grok/GrokTests.java @@ -377,6 +377,16 @@ public void testCircularReference() { "circular reference in pattern [NAME5][!!!%{NAME1}!!!] back to pattern [NAME1] " + "via patterns [NAME1=>NAME2=>NAME3=>NAME4]", e.getMessage() ); + + e = expectThrows(IllegalArgumentException.class, () -> { + Map bank = new TreeMap<>(); + for (int i = 1; i <= 1001; i++) { + bank.put("NAME" + i, "!!!%{NAME" + (i + 1) + "}!!!"); + } + String pattern = "%{NAME1}"; + new Grok(bank, pattern, false, logger::warn); + }); + assertEquals("Pattern references exceeded maximum depth of 1000", e.getMessage()); } public void testMalformedPattern() {