SERVER-18167 add method for validating input/output to a DataRange

3 files changed, 283 insertions, 0 deletions

diff --git a/src/mongo/base/SConscript b/src/mongo/base/SConscript
index 56b6aeb91eb..b749462f256 100644
--- a/src/mongo/base/SConscript
+++ b/src/mongo/base/SConscript
@@ -35,6 +35,7 @@ env.CppUnitTest('base_test',
                  'data_range_test.cpp',
                  'data_type_string_data_test.cpp',
                  'data_type_terminated_test.cpp',
+                 'data_type_validated_test.cpp',
                  'data_view_test.cpp',
                  'encoded_value_storage_test.cpp',
                  'initializer_dependency_graph_test.cpp',
diff --git a/src/mongo/base/data_type_validated.h b/src/mongo/base/data_type_validated.h
new file mode 100644
index 00000000000..e13bb03ea60
--- /dev/null
+++ b/src/mongo/base/data_type_validated.h
@@ -0,0 +1,150 @@
+/*    Copyright 2015 MongoDB Inc.
+ *
+ *    This program is free software: you can redistribute it and/or  modify
+ *    it under the terms of the GNU Affero General Public License, version 3,
+ *    as published by the Free Software Foundation.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    GNU Affero General Public License for more details.
+ *
+ *    You should have received a copy of the GNU Affero General Public License
+ *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ *    As a special exception, the copyright holders give permission to link the
+ *    code of portions of this program with the OpenSSL library under certain
+ *    conditions as described in each individual source file and distribute
+ *    linked combinations including the program with the OpenSSL library. You
+ *    must comply with the GNU Affero General Public License in all respects
+ *    for all of the code used other than as permitted herein. If you modify
+ *    file(s) with this exception, you may extend this exception to your
+ *    version of the file(s), but you are not obligated to do so. If you do not
+ *    wish to do so, delete this exception statement from your version. If you
+ *    delete this exception statement from all source files in the program,
+ *    then also delete it in the license file.
+ */
+
+#pragma once
+
+#include <utility>
+
+#include "mongo/base/data_type.h"
+
+namespace mongo {
+
+    /**
+     * Allows for specializations of load/store that run validation logic.
+     *
+     * To add validation for your T:
+     * 1) ensure that there are DataType::Handler<T> specializations for your type
+     * 2) implement a specialization of Validator<T> for your type. The two methods
+     * you must implement are:
+     *    - Status validateLoad(const char* ptr, size_t length);
+     *    - Status validateStore(const T& toStore);
+     *
+     * See bson_validate.h for an example.
+     *
+     * Then you can use Validated<T> in a DataRange (and associated types)
+     *
+     * Example:
+     *
+     *     DataRangeCursor drc(buf, buf_end);
+     *     Validated<MyObj> vobj;
+     *     auto status = drc.readAndAdvance(&vobj);
+     *     if (status.isOK()) {
+     *         // use vobj.val
+     *         // ....
+     *     }
+     */
+    template <typename T>
+    struct Validator {
+
+        // These methods are intentionally unimplemented so that if the default validator
+        // is instantiated, the resulting binary will not link.
+
+        /**
+         * Checks that the provided buffer contains at least 1 valid object of type T.
+         * The length parameter is the size of the buffer, not the size of the object.
+         * Specializations of this function should be hardened to malicious input from untrusted
+         * sources.
+         */
+        static Status validateLoad(const char* ptr, size_t length);
+
+        /**
+         * Checks that the provided object is valid to store in a buffer.
+         */
+        static Status validateStore(const T& toStore);
+    };
+
+    template <typename T>
+    struct Validated {
+
+        Validated() = default;
+        Validated(T value) : val(std::move(value)) {}
+
+        operator T&() {
+            return val;
+        }
+
+        T val = DataType::defaultConstruct<T>();
+    };
+
+    template <typename T>
+    struct DataType::Handler<Validated<T>> {
+
+        static Status load(Validated<T>* vt, const char* ptr, size_t length, size_t* advanced,
+                           std::ptrdiff_t debug_offset) {
+
+            size_t local_advanced = 0;
+
+            auto valid = Validator<T>::validateLoad(ptr, length);
+
+            if (!valid.isOK()) {
+                return valid;
+            }
+
+            auto loadStatus = DataType::load(vt ? &vt->val : nullptr, ptr, length, &local_advanced,
+                                             debug_offset);
+
+            if (!loadStatus.isOK()) {
+                return loadStatus;
+            }
+
+            if (advanced) {
+                *advanced = local_advanced;
+            }
+
+            return Status::OK();
+        }
+
+        static Status store(const Validated<T>& vt, char* ptr, size_t length, size_t* advanced,
+                           std::ptrdiff_t debug_offset) {
+
+            size_t local_advanced = 0;
+
+            auto valid = Validator<T>::validateStore(vt.val);
+
+            if (!valid.isOK()) {
+                return valid;
+            }
+
+            auto storeStatus = DataType::store(vt.val, ptr, length, &local_advanced, debug_offset);
+
+            if (!storeStatus.isOK()) {
+                return storeStatus;
+            }
+
+            if (advanced) {
+                *advanced = local_advanced;
+            }
+
+            return Status::OK();
+        }
+
+        static Validated<T> defaultConstruct() {
+            return Validated<T>();
+        }
+    };
+
+}  // namespace mongo
diff --git a/src/mongo/base/data_type_validated_test.cpp b/src/mongo/base/data_type_validated_test.cpp
new file mode 100644
index 00000000000..4eb2c5c9d16
--- /dev/null
+++ b/src/mongo/base/data_type_validated_test.cpp
@@ -0,0 +1,132 @@
+/**
+ *    Copyright (C) 2015 MongoDB Inc.
+ *
+ *    This program is free software: you can redistribute it and/or  modify
+ *    it under the terms of the GNU Affero General Public License, version 3,
+ *    as published by the Free Software Foundation.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    GNU Affero General Public License for more details.
+ *
+ *    You should have received a copy of the GNU Affero General Public License
+ *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ *    As a special exception, the copyright holders give permission to link the
+ *    code of portions of this program with the OpenSSL library under certain
+ *    conditions as described in each individual source file and distribute
+ *    linked combinations including the program with the OpenSSL library. You
+ *    must comply with the GNU Affero General Public License in all respects
+ *    for all of the code used other than as permitted herein. If you modify
+ *    file(s) with this exception, you may extend this exception to your
+ *    version of the file(s), but you are not obligated to do so. If you do not
+ *    wish to do so, delete this exception statement from your version. If you
+ *    delete this exception statement from all source files in the program,
+ *    then also delete it in the license file.
+ */
+
+#include "mongo/base/data_type_validated.h"
+
+#include <algorithm>
+#include <iterator>
+
+#include "mongo/base/data_range.h"
+#include "mongo/base/data_range_cursor.h"
+#include "mongo/base/data_type_endian.h"
+#include "mongo/base/status.h"
+#include "mongo/db/jsobj.h"
+#include "mongo/unittest/unittest.h"
+
+namespace mongo {
+    template<> struct Validator<char> {
+        static Status validateLoad(const char* ptr, size_t length) {
+            if ((length >= sizeof(char)) && (ptr[0] == 0xFU)) {
+                return Status::OK();
+            }
+            return Status(ErrorCodes::BadValue, "bad");
+        }
+
+        static Status validateStore(const char& toStore) {
+            if (toStore == 0xFU) {
+                return Status::OK();
+            }
+            return Status(ErrorCodes::BadValue, "bad");
+        }
+    };
+}  // namespace mongo
+
+namespace {
+
+    using namespace mongo;
+    using std::end;
+    using std::begin;
+
+    TEST(DataTypeValidated, SuccessfulValidation) {
+
+        char buf[1];
+
+        {
+            DataRangeCursor drc(begin(buf), end(buf));
+            ASSERT_OK(drc.writeAndAdvance(Validated<char>(0xFU)));
+        }
+
+        {
+            Validated<char> valid;
+            ConstDataRangeCursor cdrc(begin(buf), end(buf));
+            ASSERT_OK(cdrc.readAndAdvance(&valid));
+            ASSERT_EQUALS(valid.val, char{0xFU});
+        }
+    }
+
+    TEST(DataTypeValidated, FailedValidation) {
+
+        char buf[1];
+
+        {
+            DataRangeCursor drc(begin(buf), end(buf));
+            ASSERT_NOT_OK(drc.writeAndAdvance(Validated<char>(0x01)));
+        }
+
+        buf[0] = char{0x01};
+
+        {
+            Validated<char> valid;
+            ConstDataRangeCursor cdrc(begin(buf), end(buf));
+            ASSERT_NOT_OK(cdrc.readAndAdvance(&valid));
+        }
+    }
+
+    TEST(DataTypeValidated, BSONValidation) {
+
+        using std::begin;
+
+        BSONObj valid = BSON("foo" << "bar");
+        char buf[1024] = { 0 };
+        std::copy(valid.objdata(), valid.objdata() + valid.objsize(), begin(buf));
+
+        {
+            Validated<BSONObj> v;
+            ConstDataRangeCursor cdrc(begin(buf), end(buf));
+            ASSERT_OK(cdrc.readAndAdvance(&v));
+        }
+
+        {
+            // mess up the data
+            DataRangeCursor drc(begin(buf), end(buf));
+            auto maxIntLE = LittleEndian<int>(std::numeric_limits<int>::max());
+
+            drc.writeAndAdvance(maxIntLE);
+            drc.writeAndAdvance(maxIntLE);
+            drc.writeAndAdvance(maxIntLE);
+            drc.writeAndAdvance(maxIntLE);
+        }
+
+        {
+            Validated<BSONObj> v;
+            ConstDataRangeCursor cdrc(begin(buf), end(buf));
+            ASSERT_NOT_OK(cdrc.readAndAdvance(&v));
+        }
+    }
+
+}  // namespace