Merge pull request #231 from AikidoSec/fix-slow-speeds-due-to-recursion-in-data-schema-extractor

bitterpanda63 · web-flow · commit 312d1c300c6f · 2025-10-07T13:55:36.000+02:00
Fix: Use a set of scanned objects to avoid recursion in getDataSchema
diff --git a/agent_api/src/main/java/dev/aikido/agent_api/api_discovery/DataSchemaGenerator.java b/agent_api/src/main/java/dev/aikido/agent_api/api_discovery/DataSchemaGenerator.java
@@ -15,11 +15,21 @@ public class DataSchemaGenerator {
     private static final int MAX_PROPS = 100;
 
     public static DataSchemaItem getDataSchema(Object data) {
-        return new DataSchemaGenerator().getDataSchema(data, 0);
+        // We use an IdentityHashMap to skip the hashCode() and equals() checks
+        // these checks can take longer than a simple identity check, and in rare cases
+        // be themselves recursive.
+        Set<Object> scanned = Collections.newSetFromMap(new IdentityHashMap<>());
+        return new DataSchemaGenerator().getDataSchema(data, 0, scanned);
     }
 
-    private DataSchemaItem getDataSchema(Object data, int depth) {
-        if (data == null) {
+    private DataSchemaItem getDataSchema(Object data, int depth, Set<Object> scanned) {
+        if (depth > MAX_TRAVERSAL_DEPTH) {
+            // avoid expensive recursion loops
+            return new DataSchemaItem(DataSchemaType.EMPTY);
+        }
+        depth += 1;
+
+        if (data == null || scanned.contains(data)) {
             // Handle null as a special case
             return new DataSchemaItem(DataSchemaType.EMPTY);
         }
@@ -29,15 +39,18 @@ private DataSchemaItem getDataSchema(Object data, int depth) {
             return new DataSchemaItem(primitiveToType(data));
         }
 
+        // Don't add primitive types to the scanned list (which avoids slow & heavy recursions)
+        scanned.add(data);
+
         // Collection is a catch-all for lists, sets, ...
         if (data instanceof Collection<?> dataList) {
-            return getDataSchema(dataList.toArray(), depth);
+            return getDataSchema(dataList.toArray(), depth, scanned);
         }
         // Arrays are still another thing :
         if (data.getClass().isArray()) {
             DataSchemaItem items = null;
             for (int i = 0; i < Math.min(MAX_ARRAY_DEPTH, Array.getLength(data)); i++) {
-                DataSchemaItem childDataSchemaItem = getDataSchema(Array.get(data, i), depth);
+                DataSchemaItem childDataSchemaItem = getDataSchema(Array.get(data, i), depth, scanned);
                 if (items == null) {
                     items = childDataSchemaItem;
                 } else {
@@ -53,32 +66,30 @@ private DataSchemaItem getDataSchema(Object data, int depth) {
 
         // If the depth is less than the maximum depth, get the schema for each property
         Map<String, DataSchemaItem> props = new HashMap<>();
-        if (depth <= MAX_TRAVERSAL_DEPTH) {
-            if (data instanceof Map<?, ?> map) {
-                for (Object key : map.keySet()) {
+        if (data instanceof Map<?, ?> map) {
+            for (Object key : map.keySet()) {
+                if (props.size() >= MAX_PROPS) {
+                    // We cannot allow more properties than MAX_PROPS, breaking for loop.
+                    break;
+                }
+                props.put((String) key, getDataSchema(map.get(key), depth, scanned));
+            }
+        } else if (data.getClass().toString().startsWith("class org.codehaus.groovy")) {
+            // pass through, we do not want to check org.codehaus.groovy
+        } else {
+            Field[] fields = data.getClass().getDeclaredFields();
+            for (Field field : fields) {
+                try {
+                    if (Modifier.isTransient(field.getModifiers())) {
+                        continue; // Do not scan transient fields.
+                    }
+                    field.setAccessible(true); // Allow access to private fields
                     if (props.size() >= MAX_PROPS) {
                         // We cannot allow more properties than MAX_PROPS, breaking for loop.
                         break;
                     }
-                    props.put((String) key, getDataSchema(map.get(key), depth + 1));
-                }
-            } else if (data.getClass().toString().startsWith("class org.codehaus.groovy")) {
-                // pass through, we do not want to check org.codehaus.groovy
-            } else {
-                Field[] fields = data.getClass().getDeclaredFields();
-                for (Field field : fields) {
-                    try {
-                        if (Modifier.isTransient(field.getModifiers())) {
-                            continue; // Do not scan transient fields.
-                        }
-                        field.setAccessible(true); // Allow access to private fields
-                        if (props.size() >= MAX_PROPS) {
-                            // We cannot allow more properties than MAX_PROPS, breaking for loop.
-                            break;
-                        }
-                        props.put(field.getName(), getDataSchema(field.get(data), depth + 1));
-                    } catch (IllegalAccessException | RuntimeException ignored) {
-                    }
+                    props.put(field.getName(), getDataSchema(field.get(data), depth, scanned));
+                } catch (IllegalAccessException | RuntimeException ignored) {
                 }
             }
         }
diff --git a/agent_api/src/main/java/dev/aikido/agent_api/helpers/patterns/PrimitiveType.java b/agent_api/src/main/java/dev/aikido/agent_api/helpers/patterns/PrimitiveType.java
@@ -32,6 +32,10 @@ public static boolean isPrimitiveOrString(Object source) {
         if (WRAPPER_TYPE_MAP.containsKey(source.getClass())) {
             return true;
         }
+        if (source instanceof Number) {
+            // Add special case for numbers, since it's hard to put all different number types in this map.
+            return true;
+        }
         return source instanceof String;
     }
 }
diff --git a/agent_api/src/test/java/api_discovery/DataSchemaGeneratorTest.java b/agent_api/src/test/java/api_discovery/DataSchemaGeneratorTest.java
@@ -5,6 +5,8 @@
 import dev.aikido.agent_api.api_discovery.DataSchemaItem;
 import dev.aikido.agent_api.api_discovery.DataSchemaType;
 import org.junit.jupiter.api.Test;
+
+import java.math.BigDecimal;
 import java.util.*;
 import static org.junit.jupiter.api.Assertions.*;
 
@@ -45,6 +47,58 @@ public void testGetDataSchemaComplexObject() {
         assertEquals(DataSchemaType.NUMBER, schema.properties().get("arr").items().type());
     }
 
+    @Test
+    public void testGetDataSchemaWithBigDecimal() {
+        Map<String, Object> input = new HashMap<>();
+        input.put("test", new BigDecimal("2.2"));
+        DataSchemaItem schema = DataSchemaGenerator.getDataSchema(input);
+        assertEquals(DataSchemaType.OBJECT, schema.type());
+        assertEquals(DataSchemaType.NUMBER, schema.properties().get("test").type());
+    }
+
+    static class MyRecursiveTestClass {
+        private String world;
+        private MyRecursiveTestClass myClass1;
+        private MyRecursiveTestClass myClass2;
+        private MyRecursiveTestClass myClass3;
+        private MyRecursiveTestClass myClass4;
+        private MyRecursiveTestClass myClass5;
+        private MyRecursiveTestClass myClass6;
+        private MyRecursiveTestClass myClass7;
+        private MyRecursiveTestClass myClass8;
+        private MyRecursiveTestClass myClass9;
+        private MyRecursiveTestClass myClass10;
+        MyRecursiveTestClass(String world) {
+            this.world = world;
+        }
+
+        public void setClasses(MyRecursiveTestClass recursiveTestClass) {
+            this.myClass1 = recursiveTestClass;
+            this.myClass2 = recursiveTestClass;
+            this.myClass3 = recursiveTestClass;
+            this.myClass4 = recursiveTestClass;
+            this.myClass5 = recursiveTestClass;
+            this.myClass6 = recursiveTestClass;
+            this.myClass7 = recursiveTestClass;
+            this.myClass8 = recursiveTestClass;
+            this.myClass9 = recursiveTestClass;
+            this.myClass10 = recursiveTestClass;
+        }
+    }
+
+    @Test
+    public void testKeepsTrackOfScannedObjects() {
+        // Causes Java Heap Space bug if we are not keeping track of scanned objects.
+        Map<String, Object> input = new HashMap<>();
+        var testRecursionClass = new MyRecursiveTestClass("World1");
+        testRecursionClass.setClasses(testRecursionClass);
+        input.put("test", testRecursionClass);
+        DataSchemaItem schema = DataSchemaGenerator.getDataSchema(input);
+        assertEquals(DataSchemaType.OBJECT, schema.type());
+        assertEquals(DataSchemaType.OBJECT, schema.properties().get("test").type());
+        assertEquals(DataSchemaType.STRING, schema.properties().get("test").properties().get("world").type());
+    }
+
     @Test
     public void testGetDataSchemaNestedObject() {
         Map<String, Object> input = new HashMap<>();
@@ -165,7 +219,7 @@ public void testMaxProperties() {
     }
 
     private Map<String, Object> generateTestObjectWithDepth(int depth) {
-        if (depth == 0) {
+        if (depth == 1) {
             return Collections.singletonMap("value", "testValue");
         }
         return Collections.singletonMap("prop", generateTestObjectWithDepth(depth - 1));

Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,10 @@ public static boolean isPrimitiveOrString(Object source) {`
`32`	`32`	`if (WRAPPER_TYPE_MAP.containsKey(source.getClass())) {`
`33`	`33`	`return true;`
`34`	`34`	`}`
	`35`	`+ if (source instanceof Number) {`
	`36`	`+ // Add special case for numbers, since it's hard to put all different number types in this map.`
	`37`	`+ return true;`
	`38`	`+ }`
`35`	`39`	`return source instanceof String;`
`36`	`40`	`}`
`37`	`41`	`}`