Added parser depth counter and removed invalid noexcept

cschreib · Sep 2, 2024 · 1145943 · 1145943
1 parent 94c082c
commit 1145943
Show file tree

Hide file tree

Showing 5 changed files with 143 additions and 46 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -28,6 +28,9 @@ set(JSONEXPR_USE_SYSTEM_EXPECTED OFF CACHE BOOL "Use a pre-installed version of
 set(JSONEXPR_USE_STD_EXPECTED    OFF CACHE BOOL "Use std::expected (requires C++23). Else, use tl::expected.")
 set(JSONEXPR_USE_STD_FROM_CHARS  ON  CACHE BOOL "Use std::from_chars (requires C++17). Else, use streams.")
 
+# Configurable parameters
+set(JSONEXPR_MAX_AST_DEPTH 32 CACHE STRING "Maximum depth of the parsed AST (0=infinite)")
+
 # Development options.
 set(JSONEXPR_DEV OFF CACHE BOOL "Enable warnings in compilation.")
 

diff --git a/README.md b/README.md
@@ -20,6 +20,7 @@
         - [Error handling](#error-handling-1)
         - [Overloading](#overloading)
         - [AST functions \(advanced\)](#ast-functions-advanced)
+- [Security](#security)
 - [Acknowledgments](#acknowledgments)
 
 <!-- /MarkdownTOC -->
@@ -327,6 +328,19 @@ first_non_null(1, 1+'abc')    -> 1 (second argument was invalid, but no error si
 ```
 
 
+# Security
+
+All operations allowed in the language are meant to be safe, in the sense that they should not make the host process abort or behave in an unspecified manner (e.g., through out-of-bounds read or writes, use-after-free, incorrect type accesses, read of uninitialized memory, etc.). This is  tested by running the test suite with sanitizers, and by fuzzing.
+
+Furthermore, the parser has a fixed maximum recursion depth to prevent stack overflows. This depth is set to 32 by default, and can be changed with the CMake option `JSONEXPR_MAX_AST_DEPTH`.
+
+Despite the above, the library is not 100% risk-free. In particular, the following is currently unsafe:
+ - integer overflow and underflow in evaluated expression
+
+The following would trigger an exception (or abort the process if exceptions are disabled):
+ - running out of heap memory while parsing or evaluating an expression
+
+
 # Acknowledgments
 
 This library was written partly on my spare time, and partly during the course of my employment at [IBEX Innovations Ltd.](https://ibexinnovations.co.uk/). I would like to thank my employer for allowing me to open-source this library, with the hope that it is useful to others.
diff --git a/libjsonexpr/include/jsonexpr/config.hpp.config b/libjsonexpr/include/jsonexpr/config.hpp.config
@@ -41,4 +41,8 @@
 #    define JSONEXPR_EXPORT
 #endif
 
+#cmakedefine01 JSONEXPR_FUZZ
+
+#define JSONEXPR_MAX_AST_DEPTH ${JSONEXPR_MAX_AST_DEPTH}
+
 #endif
diff --git a/libjsonexpr/include/jsonexpr/parse.hpp b/libjsonexpr/include/jsonexpr/parse.hpp
@@ -5,7 +5,7 @@
 #include "jsonexpr/expected.hpp"
 
 namespace jsonexpr {
-JSONEXPR_EXPORT expected<ast::node, error> parse(std::string_view expression) noexcept;
+JSONEXPR_EXPORT expected<ast::node, error> parse(std::string_view expression);
 } // namespace jsonexpr
 
 #endif