protoc-gen-swagger: fix infinite loop on circular references in query parameters (#1266)

Romeren · web-flow · commit 9e25b2b1e752 · 2020-05-04T11:59:14.000+01:00
* Added function nestedQueryParams with map[string] parameter for keeping track of and detecting circular references. Added test TestMessageToQueryParametersRecursive for testing gracefully handling of circular references between messages. See issue #1167 * Code-review change requests accepted * More missed circle references changed to cycle Fixes #1167
diff --git a/protoc-gen-swagger/genswagger/template.go b/protoc-gen-swagger/genswagger/template.go
@@ -120,8 +120,18 @@ func messageToQueryParameters(message *descriptor.Message, reg *descriptor.Regis
 	return params, nil
 }
 
-// queryParams converts a field to a list of swagger query parameters recursively.
+// queryParams converts a field to a list of swagger query parameters recursively through the use of nestedQueryParams.
 func queryParams(message *descriptor.Message, field *descriptor.Field, prefix string, reg *descriptor.Registry, pathParams []descriptor.Parameter) (params []swaggerParameterObject, err error) {
+    return nestedQueryParams(message, field, prefix, reg, pathParams, map[string]bool{})
+}
+
+// nestedQueryParams converts a field to a list of swagger query parameters recursively.
+// This function is a helper function for queryParams, that keeps track of cyclical message references
+//  through the use of
+//      touched map[string]bool
+// If a cycle is discovered, an error is returned, as cyclical data structures aren't allowed
+//  in query parameters.
+func nestedQueryParams(message *descriptor.Message, field *descriptor.Field, prefix string, reg *descriptor.Registry, pathParams []descriptor.Parameter, touched map[string]bool) (params []swaggerParameterObject, err error) {
 	// make sure the parameter is not already listed as a path parameter
 	for _, pathParam := range pathParams {
 		if pathParam.Target == field {
@@ -216,14 +226,22 @@ func queryParams(message *descriptor.Message, field *descriptor.Field, prefix st
 	if err != nil {
 		return nil, fmt.Errorf("unknown message type %s", fieldType)
 	}
+        // Check for cyclical message reference:
+        isCycle := touched[*msg.Name]
+        if isCycle {
+            return nil, fmt.Errorf("Recursive types are not allowed for query parameters, cycle found on %q", fieldType)
+        }
+        // Update map with the massage name so a cycle further down the recursive path can be detected. 
+        touched[*msg.Name] = true
+
 	for _, nestedField := range msg.Fields {
 		var fieldName string
 		if reg.GetUseJSONNamesForFields() {
 			fieldName = field.GetJsonName()
 		} else {
 			fieldName = field.GetName()
 		}
-		p, err := queryParams(msg, nestedField, prefix+fieldName+".", reg, pathParams)
+		p, err := nestedQueryParams(msg, nestedField, prefix+fieldName+".", reg, pathParams, touched)
 		if err != nil {
 			return nil, err
 		}
diff --git a/protoc-gen-swagger/genswagger/template_test.go b/protoc-gen-swagger/genswagger/template_test.go
@@ -407,6 +407,124 @@ func TestMessageToQueryParameters(t *testing.T) {
 	}
 }
 
+// TestMessagetoQueryParametersRecursive, is a check that cyclical references between messages
+//  are handled gracefully. The goal is to insure that attempts to add messages with cyclical
+//  references to query-parameters returns an error message.
+func TestMessageToQueryParametersRecursive(t *testing.T) {
+	type test struct {
+		MsgDescs []*protodescriptor.DescriptorProto
+		Message  string
+	}
+
+	tests := []test{
+                // First test:
+                // Here we test that a message that references it self through a field will return an error.
+                // Example proto:
+                // message DirectRecursiveMessage {
+                //      DirectRecursiveMessage nested = 1;
+                // }
+		{
+			MsgDescs: []*protodescriptor.DescriptorProto{
+				&protodescriptor.DescriptorProto{
+					Name: proto.String("DirectRecursiveMessage"),
+					Field: []*protodescriptor.FieldDescriptorProto{
+                                                {
+                                                        Name:     proto.String("nested"),
+                                                        Label:    protodescriptor.FieldDescriptorProto_LABEL_OPTIONAL.Enum(),
+                                                        Type:     protodescriptor.FieldDescriptorProto_TYPE_MESSAGE.Enum(),
+                                                        TypeName: proto.String(".example.DirectRecursiveMessage"),
+                                                        Number:   proto.Int32(1),
+						},
+					},
+				},
+			},
+			Message: "DirectRecursiveMessage",
+		},
+                // Second test:
+                // Here we test that a cycle through multiple messages is detected and that an error is returned.
+                // Sample:
+                // message Root { NodeMessage nested = 1; }
+                // message NodeMessage { CycleMessage nested = 1; }
+                // message CycleMessage { Root nested = 1; }
+		{
+			MsgDescs: []*protodescriptor.DescriptorProto{
+				&protodescriptor.DescriptorProto{
+					Name: proto.String("RootMessage"),
+					Field: []*protodescriptor.FieldDescriptorProto{
+                                                {
+                                                        Name:     proto.String("nested"),
+                                                        Label:    protodescriptor.FieldDescriptorProto_LABEL_OPTIONAL.Enum(),
+                                                        Type:     protodescriptor.FieldDescriptorProto_TYPE_MESSAGE.Enum(),
+                                                        TypeName: proto.String(".example.NodeMessage"),
+                                                        Number:   proto.Int32(1),
+						},
+					},
+				},
+				&protodescriptor.DescriptorProto{
+					Name: proto.String("NodeMessage"),
+					Field: []*protodescriptor.FieldDescriptorProto{
+                                                {
+                                                        Name:     proto.String("nested"),
+                                                        Label:    protodescriptor.FieldDescriptorProto_LABEL_OPTIONAL.Enum(),
+                                                        Type:     protodescriptor.FieldDescriptorProto_TYPE_MESSAGE.Enum(),
+                                                        TypeName: proto.String(".example.CycleMessage"),
+                                                        Number:   proto.Int32(1),
+						},
+					},
+				},
+				&protodescriptor.DescriptorProto{
+					Name: proto.String("CycleMessage"),
+					Field: []*protodescriptor.FieldDescriptorProto{
+                                                {
+                                                        Name:     proto.String("nested"),
+                                                        Label:    protodescriptor.FieldDescriptorProto_LABEL_OPTIONAL.Enum(),
+                                                        Type:     protodescriptor.FieldDescriptorProto_TYPE_MESSAGE.Enum(),
+                                                        TypeName: proto.String(".example.RootMessage"),
+                                                        Number:   proto.Int32(1),
+						},
+					},
+				},
+			},
+			Message: "RootMessage",
+		},
+	}
+
+	for _, test := range tests {
+		reg := descriptor.NewRegistry()
+		msgs := []*descriptor.Message{}
+		for _, msgdesc := range test.MsgDescs {
+			msgs = append(msgs, &descriptor.Message{DescriptorProto: msgdesc})
+		}
+		file := descriptor.File{
+			FileDescriptorProto: &protodescriptor.FileDescriptorProto{
+				SourceCodeInfo: &protodescriptor.SourceCodeInfo{},
+				Name:           proto.String("example.proto"),
+				Package:        proto.String("example"),
+				Dependency:     []string{},
+				MessageType:    test.MsgDescs,
+				Service:        []*protodescriptor.ServiceDescriptorProto{},
+			},
+			GoPkg: descriptor.GoPackage{
+				Path: "example.com/path/to/example/example.pb",
+				Name: "example_pb",
+			},
+			Messages: msgs,
+		}
+		reg.Load(&plugin.CodeGeneratorRequest{
+			ProtoFile: []*protodescriptor.FileDescriptorProto{file.FileDescriptorProto},
+		})
+
+		message, err := reg.LookupMsg("", ".example."+test.Message)
+		if err != nil {
+			t.Fatalf("failed to lookup message: %s", err)
+		}
+		_, err = messageToQueryParameters(message, reg, []descriptor.Parameter{})
+		if err == nil {
+			t.Fatalf("It should not be allowed to have recursive query parameters")
+		}
+	}
+}
+
 func TestMessageToQueryParametersWithJsonName(t *testing.T) {
 	type test struct {
 		MsgDescs []*protodescriptor.DescriptorProto
