[7.17] Add maximum nested depth check to WKT parser (#111843) (#111876)

craigtaverner · web-flow · commit f0948d38fdc8 · 2024-08-15T16:06:12.000+02:00
* [7.17] Add maximum nested depth check to WKT parser (#111843) Manually backported #111843 to 7.17. Since the original PR used Java language features not supported in Java8, and 7.17 requires Java8 language level support, some small changes needed to be made. * Update docs/changelog/111876.yaml * Delete docs/changelog/111876.yaml
diff --git a/docs/changelog/111843.yaml b/docs/changelog/111843.yaml
@@ -0,0 +1,5 @@
+pr: 111843
+summary: Add maximum nested depth check to WKT parser
+area: Geo
+type: bug
+issues: []
diff --git a/libs/geo/src/main/java/org/elasticsearch/geometry/utils/WellKnownText.java b/libs/geo/src/main/java/org/elasticsearch/geometry/utils/WellKnownText.java
@@ -41,6 +41,7 @@ public class WellKnownText {
     public static final String RPAREN = ")";
     public static final String COMMA = ",";
     public static final String NAN = "NaN";
+    public static final int MAX_NESTED_DEPTH = 1000;
 
     private static final String NUMBER = "<NUMBER>";
     private static final String EOF = "END-OF-STREAM";
@@ -233,7 +234,7 @@ public static Geometry fromWKT(GeometryValidator validator, boolean coerce, Stri
             tokenizer.whitespaceChars('\r', '\r');
             tokenizer.whitespaceChars('\n', '\n');
             tokenizer.commentChar('#');
-            Geometry geometry = parseGeometry(tokenizer, coerce);
+            Geometry geometry = parseGeometry(tokenizer, coerce, 0);
             validator.validate(geometry);
             return geometry;
         } finally {
@@ -244,7 +245,7 @@ public static Geometry fromWKT(GeometryValidator validator, boolean coerce, Stri
     /**
      * parse geometry from the stream tokenizer
      */
-    private static Geometry parseGeometry(StreamTokenizer stream, boolean coerce) throws IOException, ParseException {
+    private static Geometry parseGeometry(StreamTokenizer stream, boolean coerce, int depth) throws IOException, ParseException {
         final String type = nextWord(stream).toLowerCase(Locale.ROOT);
         switch (type) {
             case "point":
@@ -262,22 +263,25 @@ private static Geometry parseGeometry(StreamTokenizer stream, boolean coerce) th
             case "bbox":
                 return parseBBox(stream);
             case "geometrycollection":
-                return parseGeometryCollection(stream, coerce);
+                return parseGeometryCollection(stream, coerce, depth + 1);
             case "circle": // Not part of the standard, but we need it for internal serialization
                 return parseCircle(stream);
         }
         throw new IllegalArgumentException("Unknown geometry type: " + type);
     }
 
-    private static GeometryCollection<Geometry> parseGeometryCollection(StreamTokenizer stream, boolean coerce) throws IOException,
-        ParseException {
+    private static GeometryCollection<Geometry> parseGeometryCollection(StreamTokenizer stream, boolean coerce, int depth)
+        throws IOException, ParseException {
         if (nextEmptyOrOpen(stream).equals(EMPTY)) {
             return GeometryCollection.EMPTY;
         }
+        if (depth > MAX_NESTED_DEPTH) {
+            throw new ParseException("maximum nested depth of " + MAX_NESTED_DEPTH + " exceeded", stream.lineno());
+        }
         List<Geometry> shapes = new ArrayList<>();
-        shapes.add(parseGeometry(stream, coerce));
+        shapes.add(parseGeometry(stream, coerce, depth));
         while (nextCloserOrComma(stream).equals(COMMA)) {
-            shapes.add(parseGeometry(stream, coerce));
+            shapes.add(parseGeometry(stream, coerce, depth));
         }
         return new GeometryCollection<>(shapes);
     }
diff --git a/libs/geo/src/test/java/org/elasticsearch/geometry/GeometryCollectionTests.java b/libs/geo/src/test/java/org/elasticsearch/geometry/GeometryCollectionTests.java
@@ -19,6 +19,8 @@
 import java.util.Arrays;
 import java.util.Collections;
 
+import static org.hamcrest.Matchers.containsString;
+
 public class GeometryCollectionTests extends BaseGeometryTestCase<GeometryCollection<Geometry>> {
     @Override
     protected GeometryCollection<Geometry> createTestInstance(boolean hasAlt) {
@@ -64,4 +66,37 @@ public void testInitValidation() {
 
         StandardValidator.instance(true).validate(new GeometryCollection<Geometry>(Collections.singletonList(new Point(20, 10, 30))));
     }
+
+    public void testDeeplyNestedCollection() throws IOException, ParseException {
+        String wkt = makeDeeplyNestedGeometryCollectionWKT(WellKnownText.MAX_NESTED_DEPTH);
+        Geometry parsed = WellKnownText.fromWKT(GeographyValidator.instance(true), true, wkt);
+        assertEquals(WellKnownText.MAX_NESTED_DEPTH, countNestedGeometryCollections((GeometryCollection<?>) parsed));
+    }
+
+    public void testTooDeeplyNestedCollection() {
+        String wkt = makeDeeplyNestedGeometryCollectionWKT(WellKnownText.MAX_NESTED_DEPTH + 1);
+        ParseException ex = expectThrows(ParseException.class, () -> WellKnownText.fromWKT(GeographyValidator.instance(true), true, wkt));
+        assertThat(ex.getMessage(), containsString("maximum nested depth of " + WellKnownText.MAX_NESTED_DEPTH));
+    }
+
+    private String makeDeeplyNestedGeometryCollectionWKT(int depth) {
+        StringBuilder wkt = new StringBuilder();
+        for (int i = 0; i < depth; i++) {
+            wkt.append("GEOMETRYCOLLECTION (");
+        }
+        wkt.append("POINT (20.0 10.0)");
+        for (int i = 0; i < depth; i++) {
+            wkt.append(")");
+        }
+        return wkt.toString();
+    }
+
+    private int countNestedGeometryCollections(GeometryCollection<?> geometry) {
+        int count = 1;
+        while (geometry.get(0) instanceof GeometryCollection<?>) {
+            count += 1;
+            geometry = (GeometryCollection<?>) geometry.get(0);
+        }
+        return count;
+    }
 }
