blob: 57de9cc85b13586f433647ac9f760655d9fb220f [file] [log] [blame]
mpagenkoaf801632020-07-03 10:00:42 +00001// Copyright 2019 The Go Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
5package impl
6
7import (
8 "fmt"
9 "math"
10 "math/bits"
11 "reflect"
12 "unicode/utf8"
13
14 "google.golang.org/protobuf/encoding/protowire"
15 "google.golang.org/protobuf/internal/encoding/messageset"
16 "google.golang.org/protobuf/internal/flags"
17 "google.golang.org/protobuf/internal/strs"
18 pref "google.golang.org/protobuf/reflect/protoreflect"
19 preg "google.golang.org/protobuf/reflect/protoregistry"
20 piface "google.golang.org/protobuf/runtime/protoiface"
21)
22
23// ValidationStatus is the result of validating the wire-format encoding of a message.
24type ValidationStatus int
25
26const (
27 // ValidationUnknown indicates that unmarshaling the message might succeed or fail.
28 // The validator was unable to render a judgement.
29 //
30 // The only causes of this status are an aberrant message type appearing somewhere
31 // in the message or a failure in the extension resolver.
32 ValidationUnknown ValidationStatus = iota + 1
33
34 // ValidationInvalid indicates that unmarshaling the message will fail.
35 ValidationInvalid
36
37 // ValidationValid indicates that unmarshaling the message will succeed.
38 ValidationValid
39)
40
41func (v ValidationStatus) String() string {
42 switch v {
43 case ValidationUnknown:
44 return "ValidationUnknown"
45 case ValidationInvalid:
46 return "ValidationInvalid"
47 case ValidationValid:
48 return "ValidationValid"
49 default:
50 return fmt.Sprintf("ValidationStatus(%d)", int(v))
51 }
52}
53
54// Validate determines whether the contents of the buffer are a valid wire encoding
55// of the message type.
56//
57// This function is exposed for testing.
58func Validate(mt pref.MessageType, in piface.UnmarshalInput) (out piface.UnmarshalOutput, _ ValidationStatus) {
59 mi, ok := mt.(*MessageInfo)
60 if !ok {
61 return out, ValidationUnknown
62 }
63 if in.Resolver == nil {
64 in.Resolver = preg.GlobalTypes
65 }
66 o, st := mi.validate(in.Buf, 0, unmarshalOptions{
67 flags: in.Flags,
68 resolver: in.Resolver,
69 })
70 if o.initialized {
71 out.Flags |= piface.UnmarshalInitialized
72 }
73 return out, st
74}
75
76type validationInfo struct {
77 mi *MessageInfo
78 typ validationType
79 keyType, valType validationType
80
81 // For non-required fields, requiredBit is 0.
82 //
83 // For required fields, requiredBit's nth bit is set, where n is a
84 // unique index in the range [0, MessageInfo.numRequiredFields).
85 //
86 // If there are more than 64 required fields, requiredBit is 0.
87 requiredBit uint64
88}
89
90type validationType uint8
91
92const (
93 validationTypeOther validationType = iota
94 validationTypeMessage
95 validationTypeGroup
96 validationTypeMap
97 validationTypeRepeatedVarint
98 validationTypeRepeatedFixed32
99 validationTypeRepeatedFixed64
100 validationTypeVarint
101 validationTypeFixed32
102 validationTypeFixed64
103 validationTypeBytes
104 validationTypeUTF8String
105 validationTypeMessageSetItem
106)
107
108func newFieldValidationInfo(mi *MessageInfo, si structInfo, fd pref.FieldDescriptor, ft reflect.Type) validationInfo {
109 var vi validationInfo
110 switch {
111 case fd.ContainingOneof() != nil && !fd.ContainingOneof().IsSynthetic():
112 switch fd.Kind() {
113 case pref.MessageKind:
114 vi.typ = validationTypeMessage
115 if ot, ok := si.oneofWrappersByNumber[fd.Number()]; ok {
116 vi.mi = getMessageInfo(ot.Field(0).Type)
117 }
118 case pref.GroupKind:
119 vi.typ = validationTypeGroup
120 if ot, ok := si.oneofWrappersByNumber[fd.Number()]; ok {
121 vi.mi = getMessageInfo(ot.Field(0).Type)
122 }
123 case pref.StringKind:
124 if strs.EnforceUTF8(fd) {
125 vi.typ = validationTypeUTF8String
126 }
127 }
128 default:
129 vi = newValidationInfo(fd, ft)
130 }
131 if fd.Cardinality() == pref.Required {
132 // Avoid overflow. The required field check is done with a 64-bit mask, with
133 // any message containing more than 64 required fields always reported as
134 // potentially uninitialized, so it is not important to get a precise count
135 // of the required fields past 64.
136 if mi.numRequiredFields < math.MaxUint8 {
137 mi.numRequiredFields++
138 vi.requiredBit = 1 << (mi.numRequiredFields - 1)
139 }
140 }
141 return vi
142}
143
144func newValidationInfo(fd pref.FieldDescriptor, ft reflect.Type) validationInfo {
145 var vi validationInfo
146 switch {
147 case fd.IsList():
148 switch fd.Kind() {
149 case pref.MessageKind:
150 vi.typ = validationTypeMessage
151 if ft.Kind() == reflect.Slice {
152 vi.mi = getMessageInfo(ft.Elem())
153 }
154 case pref.GroupKind:
155 vi.typ = validationTypeGroup
156 if ft.Kind() == reflect.Slice {
157 vi.mi = getMessageInfo(ft.Elem())
158 }
159 case pref.StringKind:
160 vi.typ = validationTypeBytes
161 if strs.EnforceUTF8(fd) {
162 vi.typ = validationTypeUTF8String
163 }
164 default:
165 switch wireTypes[fd.Kind()] {
166 case protowire.VarintType:
167 vi.typ = validationTypeRepeatedVarint
168 case protowire.Fixed32Type:
169 vi.typ = validationTypeRepeatedFixed32
170 case protowire.Fixed64Type:
171 vi.typ = validationTypeRepeatedFixed64
172 }
173 }
174 case fd.IsMap():
175 vi.typ = validationTypeMap
176 switch fd.MapKey().Kind() {
177 case pref.StringKind:
178 if strs.EnforceUTF8(fd) {
179 vi.keyType = validationTypeUTF8String
180 }
181 }
182 switch fd.MapValue().Kind() {
183 case pref.MessageKind:
184 vi.valType = validationTypeMessage
185 if ft.Kind() == reflect.Map {
186 vi.mi = getMessageInfo(ft.Elem())
187 }
188 case pref.StringKind:
189 if strs.EnforceUTF8(fd) {
190 vi.valType = validationTypeUTF8String
191 }
192 }
193 default:
194 switch fd.Kind() {
195 case pref.MessageKind:
196 vi.typ = validationTypeMessage
197 if !fd.IsWeak() {
198 vi.mi = getMessageInfo(ft)
199 }
200 case pref.GroupKind:
201 vi.typ = validationTypeGroup
202 vi.mi = getMessageInfo(ft)
203 case pref.StringKind:
204 vi.typ = validationTypeBytes
205 if strs.EnforceUTF8(fd) {
206 vi.typ = validationTypeUTF8String
207 }
208 default:
209 switch wireTypes[fd.Kind()] {
210 case protowire.VarintType:
211 vi.typ = validationTypeVarint
212 case protowire.Fixed32Type:
213 vi.typ = validationTypeFixed32
214 case protowire.Fixed64Type:
215 vi.typ = validationTypeFixed64
216 case protowire.BytesType:
217 vi.typ = validationTypeBytes
218 }
219 }
220 }
221 return vi
222}
223
224func (mi *MessageInfo) validate(b []byte, groupTag protowire.Number, opts unmarshalOptions) (out unmarshalOutput, result ValidationStatus) {
225 mi.init()
226 type validationState struct {
227 typ validationType
228 keyType, valType validationType
229 endGroup protowire.Number
230 mi *MessageInfo
231 tail []byte
232 requiredMask uint64
233 }
234
235 // Pre-allocate some slots to avoid repeated slice reallocation.
236 states := make([]validationState, 0, 16)
237 states = append(states, validationState{
238 typ: validationTypeMessage,
239 mi: mi,
240 })
241 if groupTag > 0 {
242 states[0].typ = validationTypeGroup
243 states[0].endGroup = groupTag
244 }
245 initialized := true
246 start := len(b)
247State:
248 for len(states) > 0 {
249 st := &states[len(states)-1]
250 for len(b) > 0 {
251 // Parse the tag (field number and wire type).
252 var tag uint64
253 if b[0] < 0x80 {
254 tag = uint64(b[0])
255 b = b[1:]
256 } else if len(b) >= 2 && b[1] < 128 {
257 tag = uint64(b[0]&0x7f) + uint64(b[1])<<7
258 b = b[2:]
259 } else {
260 var n int
261 tag, n = protowire.ConsumeVarint(b)
262 if n < 0 {
263 return out, ValidationInvalid
264 }
265 b = b[n:]
266 }
267 var num protowire.Number
268 if n := tag >> 3; n < uint64(protowire.MinValidNumber) || n > uint64(protowire.MaxValidNumber) {
269 return out, ValidationInvalid
270 } else {
271 num = protowire.Number(n)
272 }
273 wtyp := protowire.Type(tag & 7)
274
275 if wtyp == protowire.EndGroupType {
276 if st.endGroup == num {
277 goto PopState
278 }
279 return out, ValidationInvalid
280 }
281 var vi validationInfo
282 switch {
283 case st.typ == validationTypeMap:
284 switch num {
285 case 1:
286 vi.typ = st.keyType
287 case 2:
288 vi.typ = st.valType
289 vi.mi = st.mi
290 vi.requiredBit = 1
291 }
292 case flags.ProtoLegacy && st.mi.isMessageSet:
293 switch num {
294 case messageset.FieldItem:
295 vi.typ = validationTypeMessageSetItem
296 }
297 default:
298 var f *coderFieldInfo
299 if int(num) < len(st.mi.denseCoderFields) {
300 f = st.mi.denseCoderFields[num]
301 } else {
302 f = st.mi.coderFields[num]
303 }
304 if f != nil {
305 vi = f.validation
306 if vi.typ == validationTypeMessage && vi.mi == nil {
307 // Probable weak field.
308 //
309 // TODO: Consider storing the results of this lookup somewhere
310 // rather than recomputing it on every validation.
311 fd := st.mi.Desc.Fields().ByNumber(num)
312 if fd == nil || !fd.IsWeak() {
313 break
314 }
315 messageName := fd.Message().FullName()
316 messageType, err := preg.GlobalTypes.FindMessageByName(messageName)
317 switch err {
318 case nil:
319 vi.mi, _ = messageType.(*MessageInfo)
320 case preg.NotFound:
321 vi.typ = validationTypeBytes
322 default:
323 return out, ValidationUnknown
324 }
325 }
326 break
327 }
328 // Possible extension field.
329 //
330 // TODO: We should return ValidationUnknown when:
331 // 1. The resolver is not frozen. (More extensions may be added to it.)
332 // 2. The resolver returns preg.NotFound.
333 // In this case, a type added to the resolver in the future could cause
334 // unmarshaling to begin failing. Supporting this requires some way to
335 // determine if the resolver is frozen.
336 xt, err := opts.resolver.FindExtensionByNumber(st.mi.Desc.FullName(), num)
337 if err != nil && err != preg.NotFound {
338 return out, ValidationUnknown
339 }
340 if err == nil {
341 vi = getExtensionFieldInfo(xt).validation
342 }
343 }
344 if vi.requiredBit != 0 {
345 // Check that the field has a compatible wire type.
346 // We only need to consider non-repeated field types,
347 // since repeated fields (and maps) can never be required.
348 ok := false
349 switch vi.typ {
350 case validationTypeVarint:
351 ok = wtyp == protowire.VarintType
352 case validationTypeFixed32:
353 ok = wtyp == protowire.Fixed32Type
354 case validationTypeFixed64:
355 ok = wtyp == protowire.Fixed64Type
356 case validationTypeBytes, validationTypeUTF8String, validationTypeMessage:
357 ok = wtyp == protowire.BytesType
358 case validationTypeGroup:
359 ok = wtyp == protowire.StartGroupType
360 }
361 if ok {
362 st.requiredMask |= vi.requiredBit
363 }
364 }
365
366 switch wtyp {
367 case protowire.VarintType:
368 if len(b) >= 10 {
369 switch {
370 case b[0] < 0x80:
371 b = b[1:]
372 case b[1] < 0x80:
373 b = b[2:]
374 case b[2] < 0x80:
375 b = b[3:]
376 case b[3] < 0x80:
377 b = b[4:]
378 case b[4] < 0x80:
379 b = b[5:]
380 case b[5] < 0x80:
381 b = b[6:]
382 case b[6] < 0x80:
383 b = b[7:]
384 case b[7] < 0x80:
385 b = b[8:]
386 case b[8] < 0x80:
387 b = b[9:]
388 case b[9] < 0x80 && b[9] < 2:
389 b = b[10:]
390 default:
391 return out, ValidationInvalid
392 }
393 } else {
394 switch {
395 case len(b) > 0 && b[0] < 0x80:
396 b = b[1:]
397 case len(b) > 1 && b[1] < 0x80:
398 b = b[2:]
399 case len(b) > 2 && b[2] < 0x80:
400 b = b[3:]
401 case len(b) > 3 && b[3] < 0x80:
402 b = b[4:]
403 case len(b) > 4 && b[4] < 0x80:
404 b = b[5:]
405 case len(b) > 5 && b[5] < 0x80:
406 b = b[6:]
407 case len(b) > 6 && b[6] < 0x80:
408 b = b[7:]
409 case len(b) > 7 && b[7] < 0x80:
410 b = b[8:]
411 case len(b) > 8 && b[8] < 0x80:
412 b = b[9:]
413 case len(b) > 9 && b[9] < 2:
414 b = b[10:]
415 default:
416 return out, ValidationInvalid
417 }
418 }
419 continue State
420 case protowire.BytesType:
421 var size uint64
422 if len(b) >= 1 && b[0] < 0x80 {
423 size = uint64(b[0])
424 b = b[1:]
425 } else if len(b) >= 2 && b[1] < 128 {
426 size = uint64(b[0]&0x7f) + uint64(b[1])<<7
427 b = b[2:]
428 } else {
429 var n int
430 size, n = protowire.ConsumeVarint(b)
431 if n < 0 {
432 return out, ValidationInvalid
433 }
434 b = b[n:]
435 }
436 if size > uint64(len(b)) {
437 return out, ValidationInvalid
438 }
439 v := b[:size]
440 b = b[size:]
441 switch vi.typ {
442 case validationTypeMessage:
443 if vi.mi == nil {
444 return out, ValidationUnknown
445 }
446 vi.mi.init()
447 fallthrough
448 case validationTypeMap:
449 if vi.mi != nil {
450 vi.mi.init()
451 }
452 states = append(states, validationState{
453 typ: vi.typ,
454 keyType: vi.keyType,
455 valType: vi.valType,
456 mi: vi.mi,
457 tail: b,
458 })
459 b = v
460 continue State
461 case validationTypeRepeatedVarint:
462 // Packed field.
463 for len(v) > 0 {
464 _, n := protowire.ConsumeVarint(v)
465 if n < 0 {
466 return out, ValidationInvalid
467 }
468 v = v[n:]
469 }
470 case validationTypeRepeatedFixed32:
471 // Packed field.
472 if len(v)%4 != 0 {
473 return out, ValidationInvalid
474 }
475 case validationTypeRepeatedFixed64:
476 // Packed field.
477 if len(v)%8 != 0 {
478 return out, ValidationInvalid
479 }
480 case validationTypeUTF8String:
481 if !utf8.Valid(v) {
482 return out, ValidationInvalid
483 }
484 }
485 case protowire.Fixed32Type:
486 if len(b) < 4 {
487 return out, ValidationInvalid
488 }
489 b = b[4:]
490 case protowire.Fixed64Type:
491 if len(b) < 8 {
492 return out, ValidationInvalid
493 }
494 b = b[8:]
495 case protowire.StartGroupType:
496 switch {
497 case vi.typ == validationTypeGroup:
498 if vi.mi == nil {
499 return out, ValidationUnknown
500 }
501 vi.mi.init()
502 states = append(states, validationState{
503 typ: validationTypeGroup,
504 mi: vi.mi,
505 endGroup: num,
506 })
507 continue State
508 case flags.ProtoLegacy && vi.typ == validationTypeMessageSetItem:
509 typeid, v, n, err := messageset.ConsumeFieldValue(b, false)
510 if err != nil {
511 return out, ValidationInvalid
512 }
513 xt, err := opts.resolver.FindExtensionByNumber(st.mi.Desc.FullName(), typeid)
514 switch {
515 case err == preg.NotFound:
516 b = b[n:]
517 case err != nil:
518 return out, ValidationUnknown
519 default:
520 xvi := getExtensionFieldInfo(xt).validation
521 if xvi.mi != nil {
522 xvi.mi.init()
523 }
524 states = append(states, validationState{
525 typ: xvi.typ,
526 mi: xvi.mi,
527 tail: b[n:],
528 })
529 b = v
530 continue State
531 }
532 default:
533 n := protowire.ConsumeFieldValue(num, wtyp, b)
534 if n < 0 {
535 return out, ValidationInvalid
536 }
537 b = b[n:]
538 }
539 default:
540 return out, ValidationInvalid
541 }
542 }
543 if st.endGroup != 0 {
544 return out, ValidationInvalid
545 }
546 if len(b) != 0 {
547 return out, ValidationInvalid
548 }
549 b = st.tail
550 PopState:
551 numRequiredFields := 0
552 switch st.typ {
553 case validationTypeMessage, validationTypeGroup:
554 numRequiredFields = int(st.mi.numRequiredFields)
555 case validationTypeMap:
556 // If this is a map field with a message value that contains
557 // required fields, require that the value be present.
558 if st.mi != nil && st.mi.numRequiredFields > 0 {
559 numRequiredFields = 1
560 }
561 }
562 // If there are more than 64 required fields, this check will
563 // always fail and we will report that the message is potentially
564 // uninitialized.
565 if numRequiredFields > 0 && bits.OnesCount64(st.requiredMask) != numRequiredFields {
566 initialized = false
567 }
568 states = states[:len(states)-1]
569 }
570 out.n = start - len(b)
571 if initialized {
572 out.initialized = true
573 }
574 return out, ValidationValid
575}