Adding Recursion depth control to ModelStateDictionary

brunolins16 · brunolins16 · commit 70303d701656 · 2022-07-21T14:48:58.000-07:00
diff --git a/src/Mvc/Mvc.Abstractions/src/ModelBinding/ModelStateDictionary.cs b/src/Mvc/Mvc.Abstractions/src/ModelBinding/ModelStateDictionary.cs
@@ -24,11 +24,13 @@ public class ModelStateDictionary : IReadOnlyDictionary<string, ModelStateEntry>
         /// </summary>
         public static readonly int DefaultMaxAllowedErrors = 200;
 
+        private const int DefaultMaxRecursionDepth = 32;
         private const char DelimiterDot = '.';
         private const char DelimiterOpen = '[';
 
         private readonly ModelStateNode _root;
         private int _maxAllowedErrors;
+        private int _maxRecursionDepth;
 
         /// <summary>
         /// Initializes a new instance of the <see cref="ModelStateDictionary"/> class.
@@ -44,6 +46,7 @@ public ModelStateDictionary()
         public ModelStateDictionary(int maxAllowedErrors)
         {
             MaxAllowedErrors = maxAllowedErrors;
+            MaxRecursionDepth = DefaultMaxRecursionDepth;
             var emptySegment = new StringSegment(buffer: string.Empty);
             _root = new ModelStateNode(subKey: emptySegment)
             {
@@ -153,7 +156,7 @@ public bool IsValid
         }
 
         /// <inheritdoc />
-        public ModelValidationState ValidationState => GetValidity(_root) ?? ModelValidationState.Valid;
+        public ModelValidationState ValidationState => GetValidity(_root, currentDepth: 0) ?? ModelValidationState.Valid;
 
         /// <inheritdoc />
         public ModelStateEntry this[string key]
@@ -173,6 +176,22 @@ public ModelStateEntry this[string key]
         // Flag that indicates if TooManyModelErrorException has already been added to this dictionary.
         private bool HasRecordedMaxModelError { get; set; }
 
+        internal int MaxRecursionDepth
+        {
+            get
+            {
+                return _maxRecursionDepth;
+            }
+            set
+            {
+                if (value < 0)
+                {
+                    throw new ArgumentOutOfRangeException(nameof(value));
+                }
+                _maxRecursionDepth = value;
+            }
+        }
+
         /// <summary>
         /// Adds the specified <paramref name="exception"/> to the <see cref="ModelStateEntry.Errors"/> instance
         /// that is associated with the specified <paramref name="key"/>. If the maximum number of allowed
@@ -409,7 +428,7 @@ public ModelValidationState GetFieldValidationState(string key)
             }
 
             var item = GetNode(key);
-            return GetValidity(item) ?? ModelValidationState.Unvalidated;
+            return GetValidity(item, currentDepth: 0) ?? ModelValidationState.Unvalidated;
         }
 
         /// <summary>
@@ -661,9 +680,9 @@ private static StringSegment FindNext(string key, ref MatchResult currentMatch)
             return new StringSegment(key, keyStart, index - keyStart);
         }
 
-        private static ModelValidationState? GetValidity(ModelStateNode node)
+        private static ModelValidationState? GetValidity(ModelStateNode node, int currentDepth)
         {
-            if (node == null)
+            if (node == null || currentDepth >= MaxRecursionDepth)
             {
                 return null;
             }
@@ -686,9 +705,11 @@ private static StringSegment FindNext(string key, ref MatchResult currentMatch)
 
             if (node.ChildNodes != null)
             {
+                currentDepth++;
+
                 for (var i = 0; i < node.ChildNodes.Count; i++)
                 {
-                    var entryState = GetValidity(node.ChildNodes[i]);
+                    var entryState = GetValidity(node.ChildNodes[i], currentDepth);
 
                     if (entryState == ModelValidationState.Unvalidated)
                     {
diff --git a/src/Mvc/Mvc.Core/src/Infrastructure/ControllerActionInvokerProvider.cs b/src/Mvc/Mvc.Core/src/Infrastructure/ControllerActionInvokerProvider.cs
@@ -18,6 +18,7 @@ internal class ControllerActionInvokerProvider : IActionInvokerProvider
         private readonly ControllerActionInvokerCache _controllerActionInvokerCache;
         private readonly IReadOnlyList<IValueProviderFactory> _valueProviderFactories;
         private readonly int _maxModelValidationErrors;
+        private readonly int _maxModelBindingRecursionDepth;
         private readonly ILogger _logger;
         private readonly DiagnosticListener _diagnosticListener;
         private readonly IActionResultTypeMapper _mapper;
@@ -44,6 +45,7 @@ public ControllerActionInvokerProvider(
             _controllerActionInvokerCache = controllerActionInvokerCache;
             _valueProviderFactories = optionsAccessor.Value.ValueProviderFactories.ToArray();
             _maxModelValidationErrors = optionsAccessor.Value.MaxModelValidationErrors;
+            _maxModelBindingRecursionDepth = optionsAccessor.Value.MaxModelBindingRecursionDepth;
             _logger = loggerFactory.CreateLogger<ControllerActionInvoker>();
             _diagnosticListener = diagnosticListener;
             _mapper = mapper;
@@ -68,6 +70,7 @@ public void OnProvidersExecuting(ActionInvokerProviderContext context)
                     ValueProviderFactories = new CopyOnWriteList<IValueProviderFactory>(_valueProviderFactories)
                 };
                 controllerContext.ModelState.MaxAllowedErrors = _maxModelValidationErrors;
+                controllerContext.ModelState.MaxRecursionDepth = _maxModelBindingRecursionDepth;
 
                 var (cacheEntry, filters) = _controllerActionInvokerCache.GetCachedResult(controllerContext);
 
