Merged PR 24735: [6.0] ASP.NET ModelStateDictionary fix

Adding Recursion depth control to ModelStateDictionary

Author: wtgodbe

src/Mvc/Mvc.Abstractions/src/ModelBinding/ModelStateDictionary.cs

@@ -25,6 +25,9 @@ public class ModelStateDictionary : IReadOnlyDictionary<string, ModelStateEntry?
         /// </summary>
         public static readonly int DefaultMaxAllowedErrors = 200;
 
+        // internal for testing
+        internal const int DefaultMaxRecursionDepth = 32;
+
         private const char DelimiterDot = '.';
         private const char DelimiterOpen = '[';
 
@@ -43,8 +46,18 @@ public ModelStateDictionary()
         /// Initializes a new instance of the <see cref="ModelStateDictionary"/> class.
         /// </summary>
         public ModelStateDictionary(int maxAllowedErrors)
+            : this(maxAllowedErrors, maxValidationDepth: DefaultMaxRecursionDepth, maxStateDepth: DefaultMaxRecursionDepth)
+        {
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="ModelStateDictionary"/> class.
+        /// </summary>
+        private ModelStateDictionary(int maxAllowedErrors, int maxValidationDepth, int maxStateDepth)
         {
             MaxAllowedErrors = maxAllowedErrors;
+            MaxValidationDepth = maxValidationDepth;
+            MaxStateDepth = maxStateDepth;
             var emptySegment = new StringSegment(buffer: string.Empty);
             _root = new ModelStateNode(subKey: emptySegment)
             {
@@ -58,7 +71,9 @@ public ModelStateDictionary(int maxAllowedErrors)
         /// </summary>
         /// <param name="dictionary">The <see cref="ModelStateDictionary"/> to copy values from.</param>
         public ModelStateDictionary(ModelStateDictionary dictionary)
-            : this(dictionary?.MaxAllowedErrors ?? DefaultMaxAllowedErrors)
+            : this(dictionary?.MaxAllowedErrors ?? DefaultMaxAllowedErrors,
+                  dictionary?.MaxValidationDepth ?? DefaultMaxRecursionDepth,
+                  dictionary?.MaxStateDepth ?? DefaultMaxRecursionDepth)
         {
             if (dictionary == null)
             {
@@ -154,7 +169,7 @@ public bool IsValid
         }
 
         /// <inheritdoc />
-        public ModelValidationState ValidationState => GetValidity(_root) ?? ModelValidationState.Valid;
+        public ModelValidationState ValidationState => GetValidity(_root, currentDepth: 0) ?? ModelValidationState.Valid;
 
         /// <inheritdoc />
         public ModelStateEntry? this[string key]
@@ -174,6 +189,10 @@ public ModelStateEntry? this[string key]
         // Flag that indicates if TooManyModelErrorException has already been added to this dictionary.
         private bool HasRecordedMaxModelError { get; set; }
 
+        internal int? MaxValidationDepth { get; set; }
+
+        internal int? MaxStateDepth { get; set; }
+
         /// <summary>
         /// Adds the specified <paramref name="exception"/> to the <see cref="ModelStateEntry.Errors"/> instance
         /// that is associated with the specified <paramref name="key"/>. If the maximum number of allowed
@@ -217,7 +236,6 @@ public bool TryAddModelException(string key, Exception exception)
                 return false;
             }
 
-            ErrorCount++;
             AddModelErrorCore(key, exception);
             return true;
         }
@@ -327,7 +345,6 @@ public bool TryAddModelError(string key, Exception exception, ModelMetadata meta
                 return TryAddModelError(key, exception.Message);
             }
 
-            ErrorCount++;
             AddModelErrorCore(key, exception);
             return true;
         }
@@ -385,13 +402,13 @@ public bool TryAddModelError(string key, string errorMessage)
                 return false;
             }
 
-            ErrorCount++;
             var modelState = GetOrAddNode(key);
             Count += !modelState.IsContainerNode ? 0 : 1;
             modelState.ValidationState = ModelValidationState.Invalid;
             modelState.MarkNonContainerNode();
             modelState.Errors.Add(errorMessage);
 
+            ErrorCount++;
             return true;
         }
 
@@ -411,7 +428,7 @@ public ModelValidationState GetFieldValidationState(string key)
             }
 
             var item = GetNode(key);
-            return GetValidity(item) ?? ModelValidationState.Unvalidated;
+            return GetValidity(item, currentDepth: 0) ?? ModelValidationState.Unvalidated;
         }
 
         /// <summary>
@@ -611,11 +628,18 @@ private ModelStateNode GetOrAddNode(string key)
             var current = _root;
             if (key.Length > 0)
             {
+                var currentDepth = 0;
                 var match = default(MatchResult);
                 do
                 {
+                    if (MaxStateDepth != null && currentDepth >= MaxStateDepth)
+                    {
+                        throw new InvalidOperationException(Resources.FormatModelStateDictionary_MaxModelStateDepth(MaxStateDepth));
+                    }
+
                     var subKey = FindNext(key, ref match);
                     current = current.GetOrAddNode(subKey);
+                    currentDepth++;
 
                 } while (match.Type != Delimiter.None);
 
@@ -661,9 +685,10 @@ private static StringSegment FindNext(string key, ref MatchResult currentMatch)
             return new StringSegment(key, keyStart, index - keyStart);
         }
 
-        private static ModelValidationState? GetValidity(ModelStateNode? node)
+        private ModelValidationState? GetValidity(ModelStateNode? node, int currentDepth)
         {
-            if (node == null)
+            if (node == null ||
+                (MaxValidationDepth != null && currentDepth >= MaxValidationDepth))
             {
                 return null;
             }
@@ -686,9 +711,11 @@ private static StringSegment FindNext(string key, ref MatchResult currentMatch)
 
             if (node.ChildNodes != null)
             {
+                currentDepth++;
+
                 for (var i = 0; i < node.ChildNodes.Count; i++)
                 {
-                    var entryState = GetValidity(node.ChildNodes[i]);
+                    var entryState = GetValidity(node.ChildNodes[i], currentDepth);
 
                     if (entryState == ModelValidationState.Unvalidated)
                     {
@@ -712,7 +739,6 @@ private void EnsureMaxErrorsReachedRecorded()
                 var exception = new TooManyModelErrorsException(Resources.ModelStateDictionary_MaxModelStateErrors);
                 AddModelErrorCore(string.Empty, exception);
                 HasRecordedMaxModelError = true;
-                ErrorCount++;
             }
         }
 
@@ -723,6 +749,8 @@ private void AddModelErrorCore(string key, Exception exception)
             modelState.ValidationState = ModelValidationState.Invalid;
             modelState.MarkNonContainerNode();
             modelState.Errors.Add(exception);
+
+            ErrorCount++;
         }
 
         /// <summary>

src/Mvc/Mvc.Abstractions/src/Resources.resx

@@ -180,4 +180,7 @@
   <data name="RecordTypeHasValidationOnProperties" xml:space="preserve">
     <value>Record type '{0}' has validation metadata defined on property '{1}' that will be ignored. '{1}' is a parameter in the record primary constructor and validation metadata must be associated with the constructor parameter.</value>
   </data>
-</root>
+  <data name="ModelStateDictionary_MaxModelStateDepth" xml:space="preserve">
+    <value>The specified key exceeded the maximum ModelState depth: {0}</value>
+  </data>
+</root>

src/Mvc/Mvc.Abstractions/test/ModelBinding/ModelStateDictionaryTest.cs

@@ -1601,6 +1601,163 @@ public void GetModelStateForProperty_ReturnsModelStateForIndexedChildren()
             Assert.Equal("value1", property.RawValue);
         }
 
+
+        [Fact]
+        public void GetFieldValidationState_ReturnsUnvalidated_IfTreeHeightIsGreaterThanLimit()
+        {
+            // Arrange
+            var stackLimit = 5;
+            var dictionary = new ModelStateDictionary();
+            var key = string.Join(".", Enumerable.Repeat("foo", stackLimit + 1));
+            dictionary.MaxValidationDepth = stackLimit;
+            dictionary.MaxStateDepth = null;
+            dictionary.MarkFieldValid(key);
+
+            // Act
+            var validationState = dictionary.GetFieldValidationState("foo");
+
+            // Assert
+            Assert.Equal(ModelValidationState.Unvalidated, validationState);
+        }
+
+        [Fact]
+        public void IsValidProperty_ReturnsTrue_IfTreeHeightIsGreaterThanLimit()
+        {
+            // Arrange
+            var stackLimit = 5;
+            var dictionary = new ModelStateDictionary();
+            var key = string.Join(".", Enumerable.Repeat("foo", stackLimit + 1));
+            dictionary.MaxValidationDepth = stackLimit;
+            dictionary.MaxStateDepth = null;
+            dictionary.AddModelError(key, "some error");
+
+            // Act
+            var isValid = dictionary.IsValid;
+            var validationState = dictionary.ValidationState;
+
+            // Assert
+            Assert.True(isValid);
+            Assert.Equal(ModelValidationState.Valid, validationState);
+        }
+
+        [Fact]
+        public void TryAddModelException_Throws_IfKeyHasTooManySegments()
+        {
+            // Arrange
+            var exception = new TestException();
+
+            var stateDepth = 5;
+            var dictionary = new ModelStateDictionary();
+            var key = string.Join(".", Enumerable.Repeat("foo", stateDepth + 1));
+            dictionary.MaxStateDepth = stateDepth;
+
+            // Act
+            var invalidException = Assert.Throws<InvalidOperationException>(() => dictionary.TryAddModelException(key, exception));
+
+            // Assert
+            Assert.Equal(
+                $"The specified key exceeded the maximum ModelState depth: {dictionary.MaxStateDepth}",
+                invalidException.Message);
+        }
+
+        [Fact]
+        public void TryAddModelError_Throws_IfKeyHasTooManySegments()
+        {
+            // Arrange
+            var stateDepth = 5;
+            var dictionary = new ModelStateDictionary();
+            var key = string.Join(".", Enumerable.Repeat("foo", stateDepth + 1));
+            dictionary.MaxStateDepth = stateDepth;
+
+            // Act
+            var invalidException = Assert.Throws<InvalidOperationException>(() => dictionary.TryAddModelError(key, "errorMessage"));
+
+            // Assert
+            Assert.Equal(
+                $"The specified key exceeded the maximum ModelState depth: {dictionary.MaxStateDepth}",
+                invalidException.Message);
+        }
+
+        [Fact]
+        public void SetModelValue_Throws_IfKeyHasTooManySegments()
+        {
+            var stateDepth = 5;
+            var dictionary = new ModelStateDictionary();
+            var key = string.Join(".", Enumerable.Repeat("foo", stateDepth + 1));
+            dictionary.MaxStateDepth = stateDepth;
+
+            // Act
+            var invalidException = Assert.Throws<InvalidOperationException>(() => dictionary.SetModelValue(key, string.Empty, string.Empty));
+
+            // Assert
+            Assert.Equal(
+                $"The specified key exceeded the maximum ModelState depth: {dictionary.MaxStateDepth}",
+                invalidException.Message);
+        }
+
+        [Fact]
+        public void MarkFieldValid_Throws_IfKeyHasTooManySegments()
+        {
+            // Arrange
+            var stateDepth = 5;
+            var source = new ModelStateDictionary();
+            var key = string.Join(".", Enumerable.Repeat("foo", stateDepth + 1));
+            source.MaxStateDepth = stateDepth;
+
+            // Act
+            var exception = Assert.Throws<InvalidOperationException>(() => source.MarkFieldValid(key));
+
+            // Assert
+            Assert.Equal(
+                $"The specified key exceeded the maximum ModelState depth: {source.MaxStateDepth}",
+                exception.Message);
+        }
+
+        [Fact]
+        public void MarkFieldSkipped_Throws_IfKeyHasTooManySegments()
+        {
+            // Arrange
+            var stateDepth = 5;
+            var source = new ModelStateDictionary();
+            var key = string.Join(".", Enumerable.Repeat("foo", stateDepth + 1));
+            source.MaxStateDepth = stateDepth;
+
+            // Act
+            var exception = Assert.Throws<InvalidOperationException>(() => source.MarkFieldSkipped(key));
+
+            // Assert
+            Assert.Equal(
+                $"The specified key exceeded the maximum ModelState depth: {source.MaxStateDepth}",
+                exception.Message);
+        }
+
+        [Fact]
+        public void Constructor_SetsDefaultRecursionDepth()
+        {
+            // Arrange && Act
+            var dictionary = new ModelStateDictionary();
+
+            // Assert
+            Assert.Equal(ModelStateDictionary.DefaultMaxRecursionDepth, dictionary.MaxValidationDepth);
+            Assert.Equal(ModelStateDictionary.DefaultMaxRecursionDepth, dictionary.MaxStateDepth);
+        }
+
+        [Fact]
+        public void CopyConstructor_PreservesRecursionDepth()
+        {
+            // Arrange
+            var dictionary = new ModelStateDictionary();
+            dictionary.MaxValidationDepth = 5;
+            dictionary.MaxStateDepth = 4;
+
+            // Act
+            var newDictionary = new ModelStateDictionary(dictionary);
+
+            // Assert
+            Assert.Equal(dictionary.MaxValidationDepth, newDictionary.MaxValidationDepth);
+            Assert.Equal(dictionary.MaxStateDepth, newDictionary.MaxStateDepth);
+        }
+
         private class OptionsAccessor : IOptions<MvcOptions>
         {
             public MvcOptions Value { get; } = new MvcOptions();

src/Mvc/Mvc.Core/src/Infrastructure/ControllerActionInvokerProvider.cs

@@ -20,6 +20,8 @@ internal class ControllerActionInvokerProvider : IActionInvokerProvider
         private readonly ControllerActionInvokerCache _controllerActionInvokerCache;
         private readonly IReadOnlyList<IValueProviderFactory> _valueProviderFactories;
         private readonly int _maxModelValidationErrors;
+        private readonly int? _maxValidationDepth;
+        private readonly int _maxModelBindingRecursionDepth;
         private readonly ILogger _logger;
         private readonly DiagnosticListener _diagnosticListener;
         private readonly IActionResultTypeMapper _mapper;
@@ -46,6 +48,8 @@ public ControllerActionInvokerProvider(
             _controllerActionInvokerCache = controllerActionInvokerCache;
             _valueProviderFactories = optionsAccessor.Value.ValueProviderFactories.ToArray();
             _maxModelValidationErrors = optionsAccessor.Value.MaxModelValidationErrors;
+            _maxValidationDepth = optionsAccessor.Value.MaxValidationDepth;
+            _maxModelBindingRecursionDepth = optionsAccessor.Value.MaxModelBindingRecursionDepth;
             _logger = loggerFactory.CreateLogger<ControllerActionInvoker>();
             _diagnosticListener = diagnosticListener;
             _mapper = mapper;
@@ -70,6 +74,8 @@ public void OnProvidersExecuting(ActionInvokerProviderContext context)
                     ValueProviderFactories = new CopyOnWriteList<IValueProviderFactory>(_valueProviderFactories)
                 };
                 controllerContext.ModelState.MaxAllowedErrors = _maxModelValidationErrors;
+                controllerContext.ModelState.MaxValidationDepth = _maxValidationDepth;
+                controllerContext.ModelState.MaxStateDepth = _maxModelBindingRecursionDepth;
 
                 var (cacheEntry, filters) = _controllerActionInvokerCache.GetCachedResult(controllerContext);
 

src/Mvc/Mvc.Core/src/Routing/ControllerRequestDelegateFactory.cs

@@ -21,6 +21,8 @@ internal class ControllerRequestDelegateFactory : IRequestDelegateFactory
         private readonly ControllerActionInvokerCache _controllerActionInvokerCache;
         private readonly IReadOnlyList<IValueProviderFactory> _valueProviderFactories;
         private readonly int _maxModelValidationErrors;
+        private readonly int? _maxValidationDepth;
+        private readonly int _maxModelBindingRecursionDepth;
         private readonly ILogger _logger;
         private readonly DiagnosticListener _diagnosticListener;
         private readonly IActionResultTypeMapper _mapper;
@@ -48,6 +50,8 @@ public ControllerRequestDelegateFactory(
             _controllerActionInvokerCache = controllerActionInvokerCache;
             _valueProviderFactories = optionsAccessor.Value.ValueProviderFactories.ToArray();
             _maxModelValidationErrors = optionsAccessor.Value.MaxModelValidationErrors;
+            _maxValidationDepth = optionsAccessor.Value.MaxValidationDepth;
+            _maxModelBindingRecursionDepth = optionsAccessor.Value.MaxModelBindingRecursionDepth;
             _enableActionInvokers = optionsAccessor.Value.EnableActionInvokers;
             _logger = loggerFactory.CreateLogger<ControllerActionInvoker>();
             _diagnosticListener = diagnosticListener;
@@ -86,6 +90,8 @@ public ControllerRequestDelegateFactory(
                 };
 
                 controllerContext.ModelState.MaxAllowedErrors = _maxModelValidationErrors;
+                controllerContext.ModelState.MaxValidationDepth = _maxValidationDepth;
+                controllerContext.ModelState.MaxStateDepth = _maxModelBindingRecursionDepth;
 
                 var (cacheEntry, filters) = _controllerActionInvokerCache.GetCachedResult(controllerContext);