diff options
author | Adam Midvidy <amidvidy@gmail.com> | 2015-05-18 11:28:33 -0400 |
---|---|---|
committer | Adam Midvidy <amidvidy@gmail.com> | 2015-05-18 19:22:13 -0400 |
commit | 43dedc33efa736e91d3389d9a972c93fef78e06a (patch) | |
tree | b21b952b3d17fc4ed8307be83059f91f75783f2a /src/mongo/base | |
parent | 73f9656f8750bfffc41333e92ea4f0bd805e2f2c (diff) | |
download | mongo-43dedc33efa736e91d3389d9a972c93fef78e06a.tar.gz |
SERVER-18167 add method for validating input/output to a DataRange
Diffstat (limited to 'src/mongo/base')
-rw-r--r-- | src/mongo/base/SConscript | 1 | ||||
-rw-r--r-- | src/mongo/base/data_type_validated.h | 150 | ||||
-rw-r--r-- | src/mongo/base/data_type_validated_test.cpp | 132 |
3 files changed, 283 insertions, 0 deletions
diff --git a/src/mongo/base/SConscript b/src/mongo/base/SConscript index 56b6aeb91eb..b749462f256 100644 --- a/src/mongo/base/SConscript +++ b/src/mongo/base/SConscript @@ -35,6 +35,7 @@ env.CppUnitTest('base_test', 'data_range_test.cpp', 'data_type_string_data_test.cpp', 'data_type_terminated_test.cpp', + 'data_type_validated_test.cpp', 'data_view_test.cpp', 'encoded_value_storage_test.cpp', 'initializer_dependency_graph_test.cpp', diff --git a/src/mongo/base/data_type_validated.h b/src/mongo/base/data_type_validated.h new file mode 100644 index 00000000000..e13bb03ea60 --- /dev/null +++ b/src/mongo/base/data_type_validated.h @@ -0,0 +1,150 @@ +/* Copyright 2015 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#pragma once + +#include <utility> + +#include "mongo/base/data_type.h" + +namespace mongo { + + /** + * Allows for specializations of load/store that run validation logic. + * + * To add validation for your T: + * 1) ensure that there are DataType::Handler<T> specializations for your type + * 2) implement a specialization of Validator<T> for your type. The two methods + * you must implement are: + * - Status validateLoad(const char* ptr, size_t length); + * - Status validateStore(const T& toStore); + * + * See bson_validate.h for an example. + * + * Then you can use Validated<T> in a DataRange (and associated types) + * + * Example: + * + * DataRangeCursor drc(buf, buf_end); + * Validated<MyObj> vobj; + * auto status = drc.readAndAdvance(&vobj); + * if (status.isOK()) { + * // use vobj.val + * // .... + * } + */ + template <typename T> + struct Validator { + + // These methods are intentionally unimplemented so that if the default validator + // is instantiated, the resulting binary will not link. + + /** + * Checks that the provided buffer contains at least 1 valid object of type T. + * The length parameter is the size of the buffer, not the size of the object. + * Specializations of this function should be hardened to malicious input from untrusted + * sources. + */ + static Status validateLoad(const char* ptr, size_t length); + + /** + * Checks that the provided object is valid to store in a buffer. + */ + static Status validateStore(const T& toStore); + }; + + template <typename T> + struct Validated { + + Validated() = default; + Validated(T value) : val(std::move(value)) {} + + operator T&() { + return val; + } + + T val = DataType::defaultConstruct<T>(); + }; + + template <typename T> + struct DataType::Handler<Validated<T>> { + + static Status load(Validated<T>* vt, const char* ptr, size_t length, size_t* advanced, + std::ptrdiff_t debug_offset) { + + size_t local_advanced = 0; + + auto valid = Validator<T>::validateLoad(ptr, length); + + if (!valid.isOK()) { + return valid; + } + + auto loadStatus = DataType::load(vt ? &vt->val : nullptr, ptr, length, &local_advanced, + debug_offset); + + if (!loadStatus.isOK()) { + return loadStatus; + } + + if (advanced) { + *advanced = local_advanced; + } + + return Status::OK(); + } + + static Status store(const Validated<T>& vt, char* ptr, size_t length, size_t* advanced, + std::ptrdiff_t debug_offset) { + + size_t local_advanced = 0; + + auto valid = Validator<T>::validateStore(vt.val); + + if (!valid.isOK()) { + return valid; + } + + auto storeStatus = DataType::store(vt.val, ptr, length, &local_advanced, debug_offset); + + if (!storeStatus.isOK()) { + return storeStatus; + } + + if (advanced) { + *advanced = local_advanced; + } + + return Status::OK(); + } + + static Validated<T> defaultConstruct() { + return Validated<T>(); + } + }; + +} // namespace mongo diff --git a/src/mongo/base/data_type_validated_test.cpp b/src/mongo/base/data_type_validated_test.cpp new file mode 100644 index 00000000000..4eb2c5c9d16 --- /dev/null +++ b/src/mongo/base/data_type_validated_test.cpp @@ -0,0 +1,132 @@ +/** + * Copyright (C) 2015 MongoDB Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * As a special exception, the copyright holders give permission to link the + * code of portions of this program with the OpenSSL library under certain + * conditions as described in each individual source file and distribute + * linked combinations including the program with the OpenSSL library. You + * must comply with the GNU Affero General Public License in all respects + * for all of the code used other than as permitted herein. If you modify + * file(s) with this exception, you may extend this exception to your + * version of the file(s), but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. If you + * delete this exception statement from all source files in the program, + * then also delete it in the license file. + */ + +#include "mongo/base/data_type_validated.h" + +#include <algorithm> +#include <iterator> + +#include "mongo/base/data_range.h" +#include "mongo/base/data_range_cursor.h" +#include "mongo/base/data_type_endian.h" +#include "mongo/base/status.h" +#include "mongo/db/jsobj.h" +#include "mongo/unittest/unittest.h" + +namespace mongo { + template<> struct Validator<char> { + static Status validateLoad(const char* ptr, size_t length) { + if ((length >= sizeof(char)) && (ptr[0] == 0xFU)) { + return Status::OK(); + } + return Status(ErrorCodes::BadValue, "bad"); + } + + static Status validateStore(const char& toStore) { + if (toStore == 0xFU) { + return Status::OK(); + } + return Status(ErrorCodes::BadValue, "bad"); + } + }; +} // namespace mongo + +namespace { + + using namespace mongo; + using std::end; + using std::begin; + + TEST(DataTypeValidated, SuccessfulValidation) { + + char buf[1]; + + { + DataRangeCursor drc(begin(buf), end(buf)); + ASSERT_OK(drc.writeAndAdvance(Validated<char>(0xFU))); + } + + { + Validated<char> valid; + ConstDataRangeCursor cdrc(begin(buf), end(buf)); + ASSERT_OK(cdrc.readAndAdvance(&valid)); + ASSERT_EQUALS(valid.val, char{0xFU}); + } + } + + TEST(DataTypeValidated, FailedValidation) { + + char buf[1]; + + { + DataRangeCursor drc(begin(buf), end(buf)); + ASSERT_NOT_OK(drc.writeAndAdvance(Validated<char>(0x01))); + } + + buf[0] = char{0x01}; + + { + Validated<char> valid; + ConstDataRangeCursor cdrc(begin(buf), end(buf)); + ASSERT_NOT_OK(cdrc.readAndAdvance(&valid)); + } + } + + TEST(DataTypeValidated, BSONValidation) { + + using std::begin; + + BSONObj valid = BSON("foo" << "bar"); + char buf[1024] = { 0 }; + std::copy(valid.objdata(), valid.objdata() + valid.objsize(), begin(buf)); + + { + Validated<BSONObj> v; + ConstDataRangeCursor cdrc(begin(buf), end(buf)); + ASSERT_OK(cdrc.readAndAdvance(&v)); + } + + { + // mess up the data + DataRangeCursor drc(begin(buf), end(buf)); + auto maxIntLE = LittleEndian<int>(std::numeric_limits<int>::max()); + + drc.writeAndAdvance(maxIntLE); + drc.writeAndAdvance(maxIntLE); + drc.writeAndAdvance(maxIntLE); + drc.writeAndAdvance(maxIntLE); + } + + { + Validated<BSONObj> v; + ConstDataRangeCursor cdrc(begin(buf), end(buf)); + ASSERT_NOT_OK(cdrc.readAndAdvance(&v)); + } + } + +} // namespace |