mongodb
diff --git a/‎src/mongo/bson/SConscript
Lines changed: 1 addition & 0 deletions b/‎src/mongo/bson/SConscript
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/mongo/bson/json.cpp
Lines changed: 27 additions & 15 deletions b/‎src/mongo/bson/json.cpp
Lines changed: 27 additions & 15 deletions
diff --git a/‎src/mongo/bson/json.h
Lines changed: 8 additions & 5 deletions b/‎src/mongo/bson/json.h
Lines changed: 8 additions & 5 deletions
@@ -23,6 +23,7 @@ env.CppUnitTest(
         'bson_validate_test.cpp',
         'bsonelement_test.cpp',
         'bsonobjbuilder_test.cpp',
+        'json_test.cpp',
         'oid_test.cpp',
         'simple_bsonobj_comparator_test.cpp',
     ],
 
@@ -172,15 +172,15 @@ Status JParse::parseError(StringData msg) {
     return Status(ErrorCodes::FailedToParse, ossmsg.str());
 }
 
-Status JParse::value(StringData fieldName, BSONObjBuilder& builder) {
+Status JParse::value(StringData fieldName, BSONObjBuilder& builder, int depth) {
     MONGO_JSON_DEBUG("fieldName: " << fieldName);
     if (peekToken(LBRACE)) {
-        Status ret = object(fieldName, builder);
+        Status ret = object(fieldName, builder, true, depth + 1);
         if (ret != Status::OK()) {
             return ret;
         }
     } else if (peekToken(LBRACKET)) {
-        Status ret = array(fieldName, builder);
+        Status ret = array(fieldName, builder, true, depth + 1);
         if (ret != Status::OK()) {
             return ret;
         }
@@ -220,7 +220,7 @@ Status JParse::value(StringData fieldName, BSONObjBuilder& builder) {
             return ret;
         }
     } else if (readToken("Dbref") || readToken("DBRef")) {
-        Status ret = dbRef(fieldName, builder);
+        Status ret = dbRef(fieldName, builder, depth + 1);
         if (ret != Status::OK()) {
             return ret;
         }
@@ -268,11 +268,14 @@ Status JParse::value(StringData fieldName, BSONObjBuilder& builder) {
 }
 
 Status JParse::parse(BSONObjBuilder& builder) {
-    return isArray() ? array("UNUSED", builder, false) : object("UNUSED", builder, false);
+    return isArray() ? array("UNUSED", builder, false, 0) : object("UNUSED", builder, false, 0);
 }
 
-Status JParse::object(StringData fieldName, BSONObjBuilder& builder, bool subObject) {
+Status JParse::object(StringData fieldName, BSONObjBuilder& builder, bool subObject, int depth) {
     MONGO_JSON_DEBUG("fieldName: " << fieldName);
+    if (depth > kMaxDepth) {
+        return parseError("Reached nested object limit");
+    }
     if (!readToken(LBRACE)) {
         return parseError("Expecting '{'");
     }
@@ -354,7 +357,7 @@ Status JParse::object(StringData fieldName, BSONObjBuilder& builder, bool subObj
         if (!subObject) {
             return parseError("Reserved field name in base object: $ref");
         }
-        Status ret = dbRefObject(fieldName, builder);
+        Status ret = dbRefObject(fieldName, builder, depth + 1);
         if (ret != Status::OK()) {
             return ret;
         }
@@ -429,7 +432,7 @@ Status JParse::object(StringData fieldName, BSONObjBuilder& builder, bool subObj
         if (!readToken(COLON)) {
             return parseError("Expecting ':'");
         }
-        Status valueRet = value(firstField, *objBuilder);
+        Status valueRet = value(firstField, *objBuilder, depth);
         if (valueRet != Status::OK()) {
             return valueRet;
         }
@@ -443,7 +446,7 @@ Status JParse::object(StringData fieldName, BSONObjBuilder& builder, bool subObj
             if (!readToken(COLON)) {
                 return parseError("Expecting ':'");
             }
-            Status nextFieldValueRet = value(nextFieldName, *objBuilder);
+            Status nextFieldValueRet = value(nextFieldName, *objBuilder, depth);
             if (nextFieldValueRet != Status::OK()) {
                 return nextFieldValueRet;
             }
@@ -773,7 +776,10 @@ Status JParse::regexObjectCanonical(StringData fieldName, BSONObjBuilder& builde
     return Status::OK();
 }
 
-Status JParse::dbRefObject(StringData fieldName, BSONObjBuilder& builder) {
+Status JParse::dbRefObject(StringData fieldName, BSONObjBuilder& builder, int depth) {
+    if (depth > kMaxDepth) {
+        return parseError("Reached nested object limit");
+    }
     BSONObjBuilder subBuilder(builder.subobjStart(fieldName));
 
     if (!readToken(COLON)) {
@@ -797,7 +803,7 @@ Status JParse::dbRefObject(StringData fieldName, BSONObjBuilder& builder) {
     if (!readToken(COLON)) {
         return parseError("DBRef: Expecting ':'");
     }
-    Status valueRet = value("$id", subBuilder);
+    Status valueRet = value("$id", subBuilder, depth);
     if (valueRet != Status::OK()) {
         return valueRet;
     }
@@ -945,8 +951,11 @@ Status JParse::maxKeyObject(StringData fieldName, BSONObjBuilder& builder) {
     return Status::OK();
 }
 
-Status JParse::array(StringData fieldName, BSONObjBuilder& builder, bool subObject) {
+Status JParse::array(StringData fieldName, BSONObjBuilder& builder, bool subObject, int depth) {
     MONGO_JSON_DEBUG("fieldName: " << fieldName);
+    if (depth > kMaxDepth) {
+        return parseError("Reached nested object limit");
+    }
     if (!readToken(LBRACKET)) {
         return parseError("Expecting '['");
     }
@@ -961,7 +970,7 @@ Status JParse::array(StringData fieldName, BSONObjBuilder& builder, bool subObje
     if (!peekToken(RBRACKET)) {
         DecimalCounter<uint32_t> index;
         do {
-            Status ret = value(StringData{index}, *arrayBuilder);
+            Status ret = value(StringData{index}, *arrayBuilder, depth);
             if (!ret.isOK()) {
                 return ret;
             }
@@ -1158,7 +1167,10 @@ Status JParse::numberInt(StringData fieldName, BSONObjBuilder& builder) {
     return Status::OK();
 }
 
-Status JParse::dbRef(StringData fieldName, BSONObjBuilder& builder) {
+Status JParse::dbRef(StringData fieldName, BSONObjBuilder& builder, int depth) {
+    if (depth > kMaxDepth) {
+        return parseError("Reached nested object limit");
+    }
     BSONObjBuilder subBuilder(builder.subobjStart(fieldName));
 
     if (!readToken(LPAREN)) {
@@ -1176,7 +1188,7 @@ Status JParse::dbRef(StringData fieldName, BSONObjBuilder& builder) {
         return parseError("Expecting ','");
     }
 
-    Status valueRet = value("$id", subBuilder);
+    Status valueRet = value("$id", subBuilder, depth);
     if (valueRet != Status::OK()) {
         return valueRet;
     }
 
@@ -33,6 +33,8 @@
 
 #include "mongo/base/status.h"
 #include "mongo/base/status_with.h"
+#include "mongo/base/string_data.h"
+#include "mongo/bson/bson_depth.h"
 #include "mongo/bson/bsonobj.h"
 #include "mongo/util/time_support.h"
 
@@ -101,6 +103,7 @@ std::string tojson(const BSONObj& obj,
  */
 class JParse {
 public:
+    constexpr static int kMaxDepth = BSONDepth::kDefaultMaxAllowableDepth;
     explicit JParse(StringData str);
 
     /*
@@ -136,7 +139,7 @@ class JParse {
      *   | new CONSTRUCTOR
      */
 private:
-    Status value(StringData fieldName, BSONObjBuilder&);
+    Status value(StringData fieldName, BSONObjBuilder&, int depth);
 
     /*
      * OBJECT :
@@ -166,7 +169,7 @@ class JParse {
      *
      */
 public:
-    Status object(StringData fieldName, BSONObjBuilder&, bool subObj = true);
+    Status object(StringData fieldName, BSONObjBuilder&, bool subObj = true, int depth = 0);
     Status parse(BSONObjBuilder& builder);
     bool isArray();
 
@@ -235,7 +238,7 @@ class JParse {
      *   | { FIELD("$ref") : std::string , FIELD("$id") : OBJECTID }
      *   | { FIELD("$ref") : std::string , FIELD("$id") : OIDOBJECT }
      */
-    Status dbRefObject(StringData fieldName, BSONObjBuilder&);
+    Status dbRefObject(StringData fieldName, BSONObjBuilder&, int depth);
 
     /*
      * UNDEFINEDOBJECT :
@@ -288,7 +291,7 @@ class JParse {
      *     VALUE
      *   | VALUE , ELEMENTS
      */
-    Status array(StringData fieldName, BSONObjBuilder&, bool subObj = true);
+    Status array(StringData fieldName, BSONObjBuilder&, bool subObj, int depth);
 
     /*
      * NOTE: Currently only Date can be preceded by the "new" keyword
@@ -346,7 +349,7 @@ class JParse {
      * DBREF :
      *     Dbref( <namespace std::string> , <24 character hex std::string> )
      */
-    Status dbRef(StringData fieldName, BSONObjBuilder&);
+    Status dbRef(StringData fieldName, BSONObjBuilder&, int depth);
 
     /*
      * REGEX :
Original file line number	Diff line number	Diff line change
`@@ -172,15 +172,15 @@ Status JParse::parseError(StringData msg) {`
`172`	`172`	`return Status(ErrorCodes::FailedToParse, ossmsg.str());`
`173`	`173`	`}`
`174`	`174`
`175`		`-Status JParse::value(StringData fieldName, BSONObjBuilder& builder) {`
	`175`	`+Status JParse::value(StringData fieldName, BSONObjBuilder& builder, int depth) {`
`176`	`176`	`MONGO_JSON_DEBUG("fieldName: " << fieldName);`
`177`	`177`	`if (peekToken(LBRACE)) {`
`178`		`- Status ret = object(fieldName, builder);`
	`178`	`+ Status ret = object(fieldName, builder, true, depth + 1);`
`179`	`179`	`if (ret != Status::OK()) {`
`180`	`180`	`return ret;`
`181`	`181`	`}`
`182`	`182`	`} else if (peekToken(LBRACKET)) {`
`183`		`- Status ret = array(fieldName, builder);`
	`183`	`+ Status ret = array(fieldName, builder, true, depth + 1);`
`184`	`184`	`if (ret != Status::OK()) {`
`185`	`185`	`return ret;`
`186`	`186`	`}`
`@@ -220,7 +220,7 @@ Status JParse::value(StringData fieldName, BSONObjBuilder& builder) {`
`220`	`220`	`return ret;`
`221`	`221`	`}`
`222`	`222`	`} else if (readToken("Dbref") \|\| readToken("DBRef")) {`
`223`		`- Status ret = dbRef(fieldName, builder);`
	`223`	`+ Status ret = dbRef(fieldName, builder, depth + 1);`
`224`	`224`	`if (ret != Status::OK()) {`
`225`	`225`	`return ret;`
`226`	`226`	`}`
`@@ -268,11 +268,14 @@ Status JParse::value(StringData fieldName, BSONObjBuilder& builder) {`
`268`	`268`	`}`
`269`	`269`
`270`	`270`	`Status JParse::parse(BSONObjBuilder& builder) {`
`271`		`- return isArray() ? array("UNUSED", builder, false) : object("UNUSED", builder, false);`
	`271`	`+ return isArray() ? array("UNUSED", builder, false, 0) : object("UNUSED", builder, false, 0);`
`272`	`272`	`}`
`273`	`273`
`274`		`-Status JParse::object(StringData fieldName, BSONObjBuilder& builder, bool subObject) {`
	`274`	`+Status JParse::object(StringData fieldName, BSONObjBuilder& builder, bool subObject, int depth) {`
`275`	`275`	`MONGO_JSON_DEBUG("fieldName: " << fieldName);`
	`276`	`+ if (depth > kMaxDepth) {`
	`277`	`+ return parseError("Reached nested object limit");`
	`278`	`+ }`
`276`	`279`	`if (!readToken(LBRACE)) {`
`277`	`280`	`return parseError("Expecting '{'");`
`278`	`281`	`}`
`@@ -354,7 +357,7 @@ Status JParse::object(StringData fieldName, BSONObjBuilder& builder, bool subObj`
`354`	`357`	`if (!subObject) {`
`355`	`358`	`return parseError("Reserved field name in base object: $ref");`
`356`	`359`	`}`
`357`		`- Status ret = dbRefObject(fieldName, builder);`
	`360`	`+ Status ret = dbRefObject(fieldName, builder, depth + 1);`
`358`	`361`	`if (ret != Status::OK()) {`
`359`	`362`	`return ret;`
`360`	`363`	`}`
`@@ -429,7 +432,7 @@ Status JParse::object(StringData fieldName, BSONObjBuilder& builder, bool subObj`
`429`	`432`	`if (!readToken(COLON)) {`
`430`	`433`	`return parseError("Expecting ':'");`
`431`	`434`	`}`
`432`		`- Status valueRet = value(firstField, *objBuilder);`
	`435`	`+ Status valueRet = value(firstField, *objBuilder, depth);`
`433`	`436`	`if (valueRet != Status::OK()) {`
`434`	`437`	`return valueRet;`
`435`	`438`	`}`
`@@ -443,7 +446,7 @@ Status JParse::object(StringData fieldName, BSONObjBuilder& builder, bool subObj`
`443`	`446`	`if (!readToken(COLON)) {`
`444`	`447`	`return parseError("Expecting ':'");`
`445`	`448`	`}`
`446`		`- Status nextFieldValueRet = value(nextFieldName, *objBuilder);`
	`449`	`+ Status nextFieldValueRet = value(nextFieldName, *objBuilder, depth);`
`447`	`450`	`if (nextFieldValueRet != Status::OK()) {`
`448`	`451`	`return nextFieldValueRet;`
`449`	`452`	`}`
`@@ -773,7 +776,10 @@ Status JParse::regexObjectCanonical(StringData fieldName, BSONObjBuilder& builde`
`773`	`776`	`return Status::OK();`
`774`	`777`	`}`
`775`	`778`
`776`		`-Status JParse::dbRefObject(StringData fieldName, BSONObjBuilder& builder) {`
	`779`	`+Status JParse::dbRefObject(StringData fieldName, BSONObjBuilder& builder, int depth) {`
	`780`	`+ if (depth > kMaxDepth) {`
	`781`	`+ return parseError("Reached nested object limit");`
	`782`	`+ }`
`777`	`783`	`BSONObjBuilder subBuilder(builder.subobjStart(fieldName));`
`778`	`784`
`779`	`785`	`if (!readToken(COLON)) {`
`@@ -797,7 +803,7 @@ Status JParse::dbRefObject(StringData fieldName, BSONObjBuilder& builder) {`
`797`	`803`	`if (!readToken(COLON)) {`
`798`	`804`	`return parseError("DBRef: Expecting ':'");`
`799`	`805`	`}`
`800`		`- Status valueRet = value("$id", subBuilder);`
	`806`	`+ Status valueRet = value("$id", subBuilder, depth);`
`801`	`807`	`if (valueRet != Status::OK()) {`
`802`	`808`	`return valueRet;`
`803`	`809`	`}`
`@@ -945,8 +951,11 @@ Status JParse::maxKeyObject(StringData fieldName, BSONObjBuilder& builder) {`
`945`	`951`	`return Status::OK();`
`946`	`952`	`}`
`947`	`953`
`948`		`-Status JParse::array(StringData fieldName, BSONObjBuilder& builder, bool subObject) {`
	`954`	`+Status JParse::array(StringData fieldName, BSONObjBuilder& builder, bool subObject, int depth) {`
`949`	`955`	`MONGO_JSON_DEBUG("fieldName: " << fieldName);`
	`956`	`+ if (depth > kMaxDepth) {`
	`957`	`+ return parseError("Reached nested object limit");`
	`958`	`+ }`
`950`	`959`	`if (!readToken(LBRACKET)) {`
`951`	`960`	`return parseError("Expecting '['");`
`952`	`961`	`}`
`@@ -961,7 +970,7 @@ Status JParse::array(StringData fieldName, BSONObjBuilder& builder, bool subObje`
`961`	`970`	`if (!peekToken(RBRACKET)) {`
`962`	`971`	`DecimalCounter<uint32_t> index;`
`963`	`972`	`do {`
`964`		`- Status ret = value(StringData{index}, *arrayBuilder);`
	`973`	`+ Status ret = value(StringData{index}, *arrayBuilder, depth);`
`965`	`974`	`if (!ret.isOK()) {`
`966`	`975`	`return ret;`
`967`	`976`	`}`
`@@ -1158,7 +1167,10 @@ Status JParse::numberInt(StringData fieldName, BSONObjBuilder& builder) {`
`1158`	`1167`	`return Status::OK();`
`1159`	`1168`	`}`
`1160`	`1169`
`1161`		`-Status JParse::dbRef(StringData fieldName, BSONObjBuilder& builder) {`
	`1170`	`+Status JParse::dbRef(StringData fieldName, BSONObjBuilder& builder, int depth) {`
	`1171`	`+ if (depth > kMaxDepth) {`
	`1172`	`+ return parseError("Reached nested object limit");`
	`1173`	`+ }`
`1162`	`1174`	`BSONObjBuilder subBuilder(builder.subobjStart(fieldName));`
`1163`	`1175`
`1164`	`1176`	`if (!readToken(LPAREN)) {`
`@@ -1176,7 +1188,7 @@ Status JParse::dbRef(StringData fieldName, BSONObjBuilder& builder) {`
`1176`	`1188`	`return parseError("Expecting ','");`
`1177`	`1189`	`}`
`1178`	`1190`
`1179`		`- Status valueRet = value("$id", subBuilder);`
	`1191`	`+ Status valueRet = value("$id", subBuilder, depth);`
`1180`	`1192`	`if (valueRet != Status::OK()) {`
`1181`	`1193`	`return valueRet;`
`1182`	`1194`	`}`