[DRIVERS-2088] Limit BSON depth Created: 30/Oct/19  Updated: 31/Mar/22

Status: Backlog
Project: Drivers
Component/s: BSON
Fix Version/s: None

Type: Spec Change Priority: Major - P3
Reporter: Divjot Arora (Inactive) Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: Stitch
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Driver Changes: Needed

 Description   

Stitch has asked for Go to implement BSON depth tracking (GODRIVER-502) as a safeguard against malicious servers that could return deeply nested documents to force a stack overflow. Is this something we should consider specifying across drivers?



 Comments   
Comment by David Golden [ 27/Jul/20 ]

The server imposes a nesting limit of 100: https://docs.mongodb.com/manual/reference/limits/index.html#Nested-Depth-for-BSON-Documents

The Extended JSON v2 spec imposes a limit of 100 when encoding and 200 when decoding (because of Extended JSON nesting): https://github.com/mongodb/specifications/blob/master/source/extended-json.rst#of-parsers-and-generators

I suggest that drivers that don't already have a default should follow the server and limit to 100.

I have a very minor preference that the limit be configurable, as otherwise, it's very hard for anyone to work with and fix a document that is over the limit (from source that doesn't respect it) – even if they know have sufficient memory not to explode the stack.

Comment by Bernie Hackett [ 18/May/20 ]

I think we should to this, but I'm not sure we can unify the definition of "too deep". PyMongo uses a set of Python C API macros for this, that matches how pure python does depth tracking. Other languages probably have similar built in functionality, but with a different definition of "too deep".

Generated at Thu Feb 08 08:24:41 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.