Lower the size of the input expression to 100k codepoints

Also, introduce `ParserOptions` to encapsulate limit and behavior settings.

PiperOrigin-RevId: 368935535

Author: TristonianJones

parser/BUILD

@@ -25,9 +25,11 @@ cc_library(
     deps = [
         ":cel_cc_parser",
         ":macro",
+        ":options",
         ":source_factory",
         ":visitor",
         "@antlr4_runtimes//:cpp",
+        "@com_google_absl//absl/status",
         "@com_google_absl//absl/status:statusor",
         "@com_google_absl//absl/strings",
         "@com_google_absl//absl/strings:str_format",
@@ -108,10 +110,16 @@ cc_library(
     ],
 )
 
+cc_library(
+    name = "options",
+    hdrs = ["options.h"],
+)
+
 cc_test(
     name = "parser_test",
     srcs = ["parser_test.cc"],
     deps = [
+        ":options",
         ":parser",
         ":source_factory",
         "//testutil:expr_printer",

parser/options.h

@@ -0,0 +1,35 @@
+#ifndef THIRD_PARTY_CEL_CPP_PARSER_OPTIONS_H_
+#define THIRD_PARTY_CEL_CPP_PARSER_OPTIONS_H_
+
+namespace google {
+namespace api {
+namespace expr {
+namespace parser {
+
+constexpr int kDefaultErrorRecoveryLimit = 30;
+constexpr int kDefaultMaxRecursionDepth = 250;
+constexpr int kExpressionSizeCodepointLimit = 100'000;
+
+// Options for configuring the limits and features of the parser.
+struct ParserOptions {
+  // Limit of the number of error recovery attempts made by the ANTLR parser
+  // when processing an input. This limit, when reached, will halt further
+  // parsing of the expression.
+  int error_recovery_limit = kDefaultErrorRecoveryLimit;
+
+  // Limit on the amount of recusive parse instructions permitted when building
+  // the abstract syntax tree for the expression. This prevents pathological
+  // inputs from causing stack overflows.
+  int max_recursion_depth = kDefaultMaxRecursionDepth;
+
+  // Limit on the number of codepoints in the input string which the parser will
+  // attempt to parse.
+  int expression_size_codepoint_limit = kExpressionSizeCodepointLimit;
+};
+
+}  // namespace parser
+}  // namespace expr
+}  // namespace api
+}  // namespace google
+
+#endif  // THIRD_PARTY_CEL_CPP_PARSER_OPTIONS_H_

parser/parser.cc

@@ -1,11 +1,13 @@
 #include "parser/parser.h"
 
+#include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/str_format.h"
 #include "absl/strings/str_replace.h"
 #include "absl/types/optional.h"
 #include "parser/cel_grammar.inc/cel_grammar/CelLexer.h"
 #include "parser/cel_grammar.inc/cel_grammar/CelParser.h"
+#include "parser/options.h"
 #include "parser/source_factory.h"
 #include "parser/visitor.h"
 #include "antlr4-runtime.h"
@@ -126,19 +128,15 @@ class RecoveryLimitErrorStrategy : public antlr4::DefaultErrorStrategy {
 
 absl::StatusOr<ParsedExpr> Parse(const std::string& expression,
                                  const std::string& description,
-                                 int max_recursion_depth,
-                                 int error_recovery_limit) {
-  return ParseWithMacros(expression, Macro::AllMacros(), description,
-                         max_recursion_depth, error_recovery_limit);
+                                 const ParserOptions& options) {
+  return ParseWithMacros(expression, Macro::AllMacros(), description, options);
 }
 
 absl::StatusOr<ParsedExpr> ParseWithMacros(const std::string& expression,
                                            const std::vector<Macro>& macros,
                                            const std::string& description,
-                                           int max_recursion_depth,
-                                           int error_recovery_limit) {
-  auto result = EnrichedParse(expression, macros, description,
-                              max_recursion_depth, error_recovery_limit);
+                                           const ParserOptions& options) {
+  auto result = EnrichedParse(expression, macros, description, options);
   if (result.ok()) {
     return result->parsed_expr();
   }
@@ -147,14 +145,19 @@ absl::StatusOr<ParsedExpr> ParseWithMacros(const std::string& expression,
 
 absl::StatusOr<VerboseParsedExpr> EnrichedParse(
     const std::string& expression, const std::vector<Macro>& macros,
-    const std::string& description, int max_recursion_depth,
-    int error_recovery_limit) {
+    const std::string& description, const ParserOptions& options) {
   ANTLRInputStream input(expression);
+  if (input.size() > options.expression_size_codepoint_limit) {
+    return absl::InvalidArgumentError(absl::StrCat(
+        "expression size exceeds codepoint limit.", " input size: ",
+        input.size(), ", limit: ", options.expression_size_codepoint_limit));
+  }
   CelLexer lexer(&input);
   CommonTokenStream tokens(&lexer);
   CelParser parser(&tokens);
-  ExprRecursionListener listener(max_recursion_depth);
-  ParserVisitor visitor(description, expression, max_recursion_depth, macros);
+  ExprRecursionListener listener(options.max_recursion_depth);
+  ParserVisitor visitor(description, expression, options.max_recursion_depth,
+                        macros);
 
   lexer.removeErrorListeners();
   parser.removeErrorListeners();
@@ -165,7 +168,7 @@ absl::StatusOr<VerboseParsedExpr> EnrichedParse(
   // Limit the number of error recovery attempts to prevent bad expressions
   // from consuming lots of cpu / memory.
   std::shared_ptr<RecoveryLimitErrorStrategy> error_strategy(
-      new RecoveryLimitErrorStrategy(error_recovery_limit));
+      new RecoveryLimitErrorStrategy(options.error_recovery_limit));
   parser.setErrorHandler(error_strategy);
 
   CelParser::StartContext* root;

parser/parser.h

@@ -5,16 +5,14 @@
 #include "absl/status/statusor.h"
 #include "absl/types/optional.h"
 #include "parser/macro.h"
+#include "parser/options.h"
 #include "parser/source_factory.h"
 
 namespace google {
 namespace api {
 namespace expr {
 namespace parser {
 
-constexpr int kDefaultErrorRecoveryLimit = 30;
-constexpr int kDefaultMaxRecursionDepth = 250;
-
 class VerboseParsedExpr {
  public:
   VerboseParsedExpr(google::api::expr::v1alpha1::ParsedExpr parsed_expr,
@@ -37,19 +35,16 @@ class VerboseParsedExpr {
 absl::StatusOr<VerboseParsedExpr> EnrichedParse(
     const std::string& expression, const std::vector<Macro>& macros,
     const std::string& description = "<input>",
-    int max_recursion_depth = kDefaultMaxRecursionDepth,
-    int error_recovery_limit = kDefaultErrorRecoveryLimit);
+    const ParserOptions& options = ParserOptions());
 
 absl::StatusOr<google::api::expr::v1alpha1::ParsedExpr> Parse(
     const std::string& expression, const std::string& description = "<input>",
-    int max_recursion_depth = kDefaultMaxRecursionDepth,
-    int error_recovery_limit = kDefaultErrorRecoveryLimit);
+    const ParserOptions& options = ParserOptions());
 
 absl::StatusOr<google::api::expr::v1alpha1::ParsedExpr> ParseWithMacros(
     const std::string& expression, const std::vector<Macro>& macros,
     const std::string& description = "<input>",
-    int max_recursion_depth = kDefaultMaxRecursionDepth,
-    int error_recovery_limit = kDefaultErrorRecoveryLimit);
+    const ParserOptions& options = ParserOptions());
 
 }  // namespace parser
 }  // namespace expr

parser/parser_test.cc

@@ -11,6 +11,7 @@
 #include "absl/strings/str_format.h"
 #include "absl/strings/str_join.h"
 #include "absl/types/optional.h"
+#include "parser/options.h"
 #include "parser/source_factory.h"
 #include "testutil/expr_printer.h"
 
@@ -998,7 +999,9 @@ TEST(ExpressionTest, TsanOom) {
 }
 
 TEST(ExpressionTest, ErrorRecoveryLimits) {
-  auto result = Parse("......", "", kDefaultMaxRecursionDepth, 1);
+  ParserOptions options;
+  options.error_recovery_limit = 1;
+  auto result = Parse("......", "", options);
   EXPECT_FALSE(result.ok());
   EXPECT_EQ(result.status().message(),
             "ERROR: :1:2: Syntax error: missing IDENTIFIER at '.'\n"
@@ -1009,6 +1012,16 @@ TEST(ExpressionTest, ErrorRecoveryLimits) {
             " | ..^");
 }
 
+TEST(ExpressionTest, ExpressionSizeLimit) {
+  ParserOptions options;
+  options.expression_size_codepoint_limit = 10;
+  auto result = Parse("...............", "", options);
+  EXPECT_FALSE(result.ok());
+  EXPECT_EQ(
+      result.status().message(),
+      "expression size exceeds codepoint limit. input size: 15, limit: 10");
+}
+
 INSTANTIATE_TEST_SUITE_P(CelParserTest, ExpressionTest,
                          testing::ValuesIn(test_cases));