Add MaxDepth handling

Author: captainsafia

src/Http/Http.Abstractions/src/PublicAPI.Unshipped.txt

@@ -8,6 +8,8 @@ Microsoft.AspNetCore.Http.Validation.IValidatableInfoResolver
 Microsoft.AspNetCore.Http.Validation.IValidatableInfoResolver.GetValidatableParameterInfo(System.Reflection.ParameterInfo! parameterInfo) -> Microsoft.AspNetCore.Http.Validation.ValidatableParameterInfo?
 Microsoft.AspNetCore.Http.Validation.IValidatableInfoResolver.GetValidatableTypeInfo(System.Type! type) -> Microsoft.AspNetCore.Http.Validation.ValidatableTypeInfo?
 Microsoft.AspNetCore.Http.Validation.ValidatableContext
+Microsoft.AspNetCore.Http.Validation.ValidatableContext.CurrentDepth.get -> int
+Microsoft.AspNetCore.Http.Validation.ValidatableContext.CurrentDepth.set -> void
 Microsoft.AspNetCore.Http.Validation.ValidatableContext.Prefix.get -> string!
 Microsoft.AspNetCore.Http.Validation.ValidatableContext.Prefix.set -> void
 Microsoft.AspNetCore.Http.Validation.ValidatableContext.ValidatableContext() -> void

src/Http/Http.Abstractions/src/Validation/ValidatableContext.cs

@@ -35,6 +35,12 @@ public sealed class ValidatableContext
     /// </summary>
     public Dictionary<string, string[]>? ValidationErrors { get; set; }
 
+    /// <summary>
+    /// Gets or sets the current depth in the validation hierarchy.
+    /// This is used to prevent stack overflows from circular references.
+    /// </summary>
+    public int CurrentDepth { get; set; }
+
     internal void AddValidationError(string key, string[] error)
     {
         ValidationErrors ??= [];

src/Http/Http.Abstractions/src/Validation/ValidatablePropertyInfo.cs

@@ -126,44 +126,64 @@ public Task Validate(object obj, ValidatableContext context)
         // Validate any other attributes
         ValidateValue(value, context.Prefix, validationAttributes);
 
-        // Handle enumerable values
-        if (IsEnumerable && value is System.Collections.IEnumerable enumerable)
+        // Check if we've reached the maximum depth before validating complex properties
+        if (context.CurrentDepth >= context.ValidationOptions.MaxDepth)
         {
-            var index = 0;
-            var currentPrefix = context.Prefix;
+            throw new InvalidOperationException(
+                $"Maximum validation depth of {context.ValidationOptions.MaxDepth} exceeded at '{context.Prefix}'. " +
+                "This is likely caused by a circular reference in the object graph. " +
+                "Consider increasing the MaxDepth in ValidationOptions if deeper validation is required.");
+        }
+
+        // Increment depth counter
+        context.CurrentDepth++;
 
-            foreach (var item in enumerable)
+        try
+        {
+            // Handle enumerable values
+            if (IsEnumerable && value is System.Collections.IEnumerable enumerable)
             {
-                context.Prefix = $"{currentPrefix}[{index}]";
+                var index = 0;
+                var currentPrefix = context.Prefix;
 
-                if (HasValidatableType && item != null)
+                foreach (var item in enumerable)
                 {
-                    var itemType = item.GetType();
-                    if (context.ValidationOptions.TryGetValidatableTypeInfo(itemType, out var validatableType))
+                    context.Prefix = $"{currentPrefix}[{index}]";
+
+                    if (HasValidatableType && item != null)
                     {
-                        validatableType.Validate(item, context);
+                        var itemType = item.GetType();
+                        if (context.ValidationOptions.TryGetValidatableTypeInfo(itemType, out var validatableType))
+                        {
+                            validatableType.Validate(item, context);
+                        }
                     }
+
+                    index++;
                 }
 
-                index++;
+                // Restore prefix to the property name before validating the next item
+                context.Prefix = currentPrefix;
+            }
+            else if (HasValidatableType && value != null)
+            {
+                // Validate as a complex object
+                var valueType = value.GetType();
+                if (context.ValidationOptions.TryGetValidatableTypeInfo(valueType, out var validatableType))
+                {
+                    validatableType.Validate(value, context);
+                }
             }
 
-            // Restore prefix to the property name before validating the next item
-            context.Prefix = currentPrefix;
+            return Task.CompletedTask;
         }
-        else if (HasValidatableType && value != null)
+        finally
         {
-            // Validate as a complex object
-            var valueType = value.GetType();
-            if (context.ValidationOptions.TryGetValidatableTypeInfo(valueType, out var validatableType))
-            {
-                validatableType.Validate(value, context);
-            }
+            // Always decrement the depth counter and restore prefix
+            context.CurrentDepth--;
+            context.Prefix = originalPrefix;
         }
 
-        // No need to restore prefix here as it will be restored by the calling method
-        return Task.CompletedTask;
-
         void ValidateValue(object? val, string errorPrefix, ValidationAttribute[] validationAttributes)
         {
             foreach (var attribute in validationAttributes)

src/Http/Http.Abstractions/src/Validation/ValidatableTypeInfo.cs

@@ -55,7 +55,7 @@ public ValidatableTypeInfo(
     /// Validates the specified value.
     /// </summary>
     /// <param name="value">The value to validate.</param>
-    /// <param name="context"></param>
+    /// <param name="context">The validation context.</param>
     public Task Validate(object? value, ValidatableContext context)
     {
         Debug.Assert(context.ValidationContext is not null);
@@ -64,65 +64,82 @@ public Task Validate(object? value, ValidatableContext context)
             return Task.CompletedTask;
         }
 
-        var actualType = value.GetType();
-        var originalPrefix = context.Prefix;
-
-        // First validate members
-        foreach (var member in Members)
+        // Check if we've exceeded the maximum depth
+        if (context.CurrentDepth >= context.ValidationOptions.MaxDepth)
         {
-            member.Validate(value, context);
-            context.Prefix = originalPrefix;
+            throw new InvalidOperationException(
+                $"Maximum validation depth of {context.ValidationOptions.MaxDepth} exceeded at '{context.Prefix}'. " +
+                "This is likely caused by a circular reference in the object graph. " +
+                "Consider increasing the MaxDepth in ValidationOptions if deeper validation is required.");
         }
 
-        // Then validate sub-types if any
-        if (ValidatableSubTypes != null)
+        try
         {
-            foreach (var subType in ValidatableSubTypes)
+            var actualType = value.GetType();
+            var originalPrefix = context.Prefix;
+
+            // First validate members
+            foreach (var member in Members)
             {
-                if (subType.IsAssignableFrom(actualType))
+                member.Validate(value, context);
+                context.Prefix = originalPrefix;
+            }
+
+            // Then validate sub-types if any
+            if (ValidatableSubTypes != null)
+            {
+                foreach (var subType in ValidatableSubTypes)
                 {
-                    if (context.ValidationOptions.TryGetValidatableTypeInfo(subType, out var subTypeInfo))
+                    if (subType.IsAssignableFrom(actualType))
                     {
-                        subTypeInfo.Validate(value, context);
-                        context.Prefix = originalPrefix;
+                        if (context.ValidationOptions.TryGetValidatableTypeInfo(subType, out var subTypeInfo))
+                        {
+                            subTypeInfo.Validate(value, context);
+                            context.Prefix = originalPrefix;
+                        }
                     }
                 }
             }
-        }
 
-        // Finally validate IValidatableObject if implemented
-        if (IsIValidatableObject && value is IValidatableObject validatable)
-        {
-            // Important: Set the DisplayName to the type name for top-level validations
-            // and restore the original validation context properties
-            var originalDisplayName = context.ValidationContext.DisplayName;
-            var originalMemberName = context.ValidationContext.MemberName;
+            // Finally validate IValidatableObject if implemented
+            if (IsIValidatableObject && value is IValidatableObject validatable)
+            {
+                // Important: Set the DisplayName to the type name for top-level validations
+                // and restore the original validation context properties
+                var originalDisplayName = context.ValidationContext.DisplayName;
+                var originalMemberName = context.ValidationContext.MemberName;
 
-            // Set the display name to the class name for IValidatableObject validation
-            context.ValidationContext.DisplayName = Type.Name;
-            context.ValidationContext.MemberName = null;
+                // Set the display name to the class name for IValidatableObject validation
+                context.ValidationContext.DisplayName = Type.Name;
+                context.ValidationContext.MemberName = null;
 
-            var validationResults = validatable.Validate(context.ValidationContext);
-            foreach (var validationResult in validationResults)
-            {
-                if (validationResult != ValidationResult.Success)
+                var validationResults = validatable.Validate(context.ValidationContext);
+                foreach (var validationResult in validationResults)
                 {
-                    var memberName = validationResult.MemberNames.First();
-                    var key = string.IsNullOrEmpty(originalPrefix) ?
-                        memberName :
-                        $"{originalPrefix}.{memberName}";
+                    if (validationResult != ValidationResult.Success)
+                    {
+                        var memberName = validationResult.MemberNames.First();
+                        var key = string.IsNullOrEmpty(originalPrefix) ?
+                            memberName :
+                            $"{originalPrefix}.{memberName}";
 
-                    context.AddOrExtendValidationError(key, validationResult.ErrorMessage!);
+                        context.AddOrExtendValidationError(key, validationResult.ErrorMessage!);
+                    }
                 }
+
+                // Restore the original validation context properties
+                context.ValidationContext.DisplayName = originalDisplayName;
+                context.ValidationContext.MemberName = originalMemberName;
             }
 
-            // Restore the original validation context properties
-            context.ValidationContext.DisplayName = originalDisplayName;
-            context.ValidationContext.MemberName = originalMemberName;
+            // Always restore original prefix
+            context.Prefix = originalPrefix;
+            return Task.CompletedTask;
+        }
+        finally
+        {
+            // Decrement depth when validation completes
+            context.CurrentDepth--;
         }
-
-        // Always restore original prefix
-        context.Prefix = originalPrefix;
-        return Task.CompletedTask;
     }
 }

src/Http/Http.Abstractions/test/ValidatableTypeInfoTests.cs

@@ -200,12 +200,12 @@ [new RequiredAttribute()]),
         var order = new Order
         {
             OrderNumber = "ORD-12345",
-            Items = new List<OrderItem>
-            {
+            Items =
+            [
                 new OrderItem { ProductName = "Valid Product", Quantity = 5 },
                 new OrderItem { /* Missing ProductName (required) */ Quantity = 0 /* Invalid quantity */ },
                 new OrderItem { ProductName = "Another Product", Quantity = 200 /* Invalid quantity */ }
-            }
+            ]
         };
         context.ValidationContext = new ValidationContext(order);
 
@@ -257,6 +257,64 @@ public async Task Validate_HandlesNullValues_Appropriately()
         Assert.Null(context.ValidationErrors); // No validation errors for nullable properties with null values
     }
 
+    [Fact]
+    public async Task Validate_RespectsMaxDepthOption_ForCircularReferences()
+    {
+        // Arrange
+        // Create a type that can contain itself (circular reference)
+        var nodeType = new TestValidatableTypeInfo(
+            typeof(TreeNode),
+            [
+                CreatePropertyInfo(typeof(TreeNode), typeof(string), "Name", "Name", false, false, true, false,
+                    [new RequiredAttribute()]),
+                CreatePropertyInfo(typeof(TreeNode), typeof(TreeNode), "Parent", "Parent", false, true, false, true,
+                    []),
+                CreatePropertyInfo(typeof(TreeNode), typeof(List<TreeNode>), "Children", "Children", true, false, false, true,
+                    [])
+            ],
+            false
+        );
+
+        // Create a validation options with a small max depth
+        var validationOptions = new TestValidationOptions(new Dictionary<Type, ValidatableTypeInfo>
+        {
+            { typeof(TreeNode), nodeType }
+        });
+        validationOptions.MaxDepth = 3; // Set a small max depth to trigger the limit
+
+        var context = new ValidatableContext
+        {
+            ValidationOptions = validationOptions,
+            ValidationErrors = []
+        };
+
+        // Create a deep tree with circular references
+        var rootNode = new TreeNode { Name = "Root" };
+        var level1 = new TreeNode { Name = "Level1", Parent = rootNode };
+        var level2 = new TreeNode { Name = "Level2", Parent = level1 };
+        var level3 = new TreeNode { Name = "Level3", Parent = level2 };
+        var level4 = new TreeNode { Name = "" }; // Invalid: missing required name
+        var level5 = new TreeNode { Name = "" }; // Invalid but beyond max depth, should not be validated
+
+        rootNode.Children.Add(level1);
+        level1.Children.Add(level2);
+        level2.Children.Add(level3);
+        level3.Children.Add(level4);
+        level4.Children.Add(level5);
+
+        // Add a circular reference
+        level5.Children.Add(rootNode);
+
+        context.ValidationContext = new ValidationContext(rootNode);
+
+        // Act + Assert
+        var exception = await Assert.ThrowsAsync<InvalidOperationException>(
+        async () => await nodeType.Validate(rootNode, context));
+
+        Assert.NotNull(exception);
+        Assert.Contains("Maximum validation depth of 3 exceeded at 'Children[0].Parent.Children[0]'. This is likely caused by a circular reference in the object graph. Consider increasing the MaxDepth in ValidationOptions if deeper validation is required.", exception.Message);
+    }
+
     private ValidatablePropertyInfo CreatePropertyInfo(
         Type containingType,
         Type propertyType,
@@ -323,7 +381,7 @@ private class Car : Vehicle
     private class Order
     {
         public string? OrderNumber { get; set; }
-        public List<OrderItem> Items { get; set; } = new List<OrderItem>();
+        public List<OrderItem> Items { get; set; } = [];
     }
 
     private class OrderItem
@@ -332,6 +390,13 @@ private class OrderItem
         public int Quantity { get; set; }
     }
 
+    private class TreeNode
+    {
+        public string Name { get; set; } = string.Empty;
+        public TreeNode? Parent { get; set; }
+        public List<TreeNode> Children { get; set; } = [];
+    }
+
     // Test implementations
     private class TestValidatablePropertyInfo : ValidatablePropertyInfo
     {