Check the filter max depth limit and reject the invalid ones

2024-06-01 10:28:02 +02:00 · 2021-12-07 16:32:48 +01:00 · 2021-12-07 16:32:48 +01:00 · 90f49eab6d
commit 90f49eab6d
parent 49c2db9485
1 changed files with 12 additions and 0 deletions
--- a/milli/src/search/facet/filter.rs
+++ b/milli/src/search/facet/filter.rs
@ -15,6 +15,9 @@ use crate::heed_codec::facet::{
 };
 use crate::{distance_between_two_points, CboRoaringBitmapCodec, FieldId, Index, Result};

+/// The maximum number of filters the filter AST can process.
+const MAX_FILTER_DEPTH: usize = 1000;
+
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct Filter<'a> {
    condition: FilterCondition<'a>,
@ -27,6 +30,7 @@ enum FilterError<'a> {
    BadGeoLat(f64),
    BadGeoLng(f64),
    Reserved(&'a str),
+    TooDeep,
    InternalError,
 }
 impl<'a> std::error::Error for FilterError<'a> {}
@ -40,6 +44,10 @@ impl<'a> Display for FilterError<'a> {
                attribute,
                filterable,
            ),
+            Self::TooDeep => write!(f,
+                "Too many filter conditions, can't process more than {} filters.",
+                MAX_FILTER_DEPTH
+            ),
            Self::Reserved(keyword) => write!(
                f,
                "`{}` is a reserved keyword and thus can't be used as a filter expression.",
@ -108,6 +116,10 @@ impl<'a> Filter<'a> {
            }
        }

+        if let Some(token) = ands.as_ref().and_then(|fc| fc.token_at_depth(MAX_FILTER_DEPTH)) {
+            return Err(token.as_external_error(FilterError::TooDeep).into());
+        }
+
        Ok(ands.map(|ands| Self { condition: ands }))
    }