Merge branch 'master' into fetch-perf

Author: antonmedv

builtin/builtin.go

@@ -3,6 +3,7 @@ package builtin
 import (
 	"encoding/base64"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"reflect"
 	"sort"
@@ -16,6 +17,10 @@ import (
 var (
 	Index map[string]int
 	Names []string
+
+	// MaxDepth limits the recursion depth for nested structures.
+	MaxDepth      = 10000
+	ErrorMaxDepth = errors.New("recursion depth exceeded")
 )
 
 func init() {
@@ -377,7 +382,7 @@ var Builtins = []*Function{
 	{
 		Name: "max",
 		Func: func(args ...any) (any, error) {
-			return minMax("max", runtime.Less, args...)
+			return minMax("max", runtime.Less, 0, args...)
 		},
 		Validate: func(args []reflect.Type) (reflect.Type, error) {
 			return validateAggregateFunc("max", args)
@@ -386,7 +391,7 @@ var Builtins = []*Function{
 	{
 		Name: "min",
 		Func: func(args ...any) (any, error) {
-			return minMax("min", runtime.More, args...)
+			return minMax("min", runtime.More, 0, args...)
 		},
 		Validate: func(args []reflect.Type) (reflect.Type, error) {
 			return validateAggregateFunc("min", args)
@@ -395,7 +400,7 @@ var Builtins = []*Function{
 	{
 		Name: "mean",
 		Func: func(args ...any) (any, error) {
-			count, sum, err := mean(args...)
+			count, sum, err := mean(0, args...)
 			if err != nil {
 				return nil, err
 			}
@@ -411,7 +416,7 @@ var Builtins = []*Function{
 	{
 		Name: "median",
 		Func: func(args ...any) (any, error) {
-			values, err := median(args...)
+			values, err := median(0, args...)
 			if err != nil {
 				return nil, err
 			}
@@ -940,7 +945,10 @@ var Builtins = []*Function{
 			if v.Kind() != reflect.Array && v.Kind() != reflect.Slice {
 				return nil, size, fmt.Errorf("cannot flatten %s", v.Kind())
 			}
-			ret := flatten(v)
+			ret, err := flatten(v, 0)
+			if err != nil {
+				return nil, 0, err
+			}
 			size = uint(len(ret))
 			return ret, size, nil
 		},

builtin/builtin_test.go

@@ -722,3 +722,100 @@ func TestBuiltin_with_deref(t *testing.T) {
 		})
 	}
 }
+
+func TestBuiltin_flatten_recursion(t *testing.T) {
+	var s []any
+	s = append(s, &s) // s contains a pointer to itself
+
+	env := map[string]any{
+		"arr": s,
+	}
+
+	program, err := expr.Compile("flatten(arr)", expr.Env(env))
+	require.NoError(t, err)
+
+	_, err = expr.Run(program, env)
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), builtin.ErrorMaxDepth.Error())
+}
+
+func TestBuiltin_flatten_recursion_slice(t *testing.T) {
+	s := make([]any, 1)
+	s[0] = s
+
+	env := map[string]any{
+		"arr": s,
+	}
+
+	program, err := expr.Compile("flatten(arr)", expr.Env(env))
+	require.NoError(t, err)
+
+	_, err = expr.Run(program, env)
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), builtin.ErrorMaxDepth.Error())
+}
+
+func TestBuiltin_numerical_recursion(t *testing.T) {
+	s := make([]any, 1)
+	s[0] = s
+
+	env := map[string]any{
+		"arr": s,
+	}
+
+	tests := []string{
+		"max(arr)",
+		"min(arr)",
+		"mean(arr)",
+		"median(arr)",
+	}
+
+	for _, input := range tests {
+		t.Run(input, func(t *testing.T) {
+			program, err := expr.Compile(input, expr.Env(env))
+			require.NoError(t, err)
+
+			_, err = expr.Run(program, env)
+			require.Error(t, err)
+			assert.Contains(t, err.Error(), builtin.ErrorMaxDepth.Error())
+		})
+	}
+}
+
+func TestBuiltin_recursion_custom_max_depth(t *testing.T) {
+	originalMaxDepth := builtin.MaxDepth
+	defer func() {
+		builtin.MaxDepth = originalMaxDepth
+	}()
+
+	// Set a small depth limit
+	builtin.MaxDepth = 2
+
+	// Create a deeply nested array (depth 5)
+	// [1, [2, [3, [4, [5]]]]]
+	arr := []any{1, []any{2, []any{3, []any{4, []any{5}}}}}
+
+	env := map[string]any{
+		"arr": arr,
+	}
+
+	t.Run("flatten exceeds max depth", func(t *testing.T) {
+		program, err := expr.Compile("flatten(arr)", expr.Env(env))
+		require.NoError(t, err)
+
+		_, err = expr.Run(program, env)
+		require.Error(t, err)
+		assert.Contains(t, err.Error(), builtin.ErrorMaxDepth.Error())
+	})
+
+	t.Run("flatten within max depth", func(t *testing.T) {
+		// Depth 2: [1, [2]]
+		shallowArr := []any{1, []any{2}}
+		envShallow := map[string]any{"arr": shallowArr}
+		program, err := expr.Compile("flatten(arr)", expr.Env(envShallow))
+		require.NoError(t, err)
+
+		_, err = expr.Run(program, envShallow)
+		require.NoError(t, err)
+	})
+}

builtin/lib.go

@@ -253,15 +253,18 @@ func String(arg any) any {
 	return fmt.Sprintf("%v", arg)
 }
 
-func minMax(name string, fn func(any, any) bool, args ...any) (any, error) {
+func minMax(name string, fn func(any, any) bool, depth int, args ...any) (any, error) {
+	if depth > MaxDepth {
+		return nil, ErrorMaxDepth
+	}
 	var val any
 	for _, arg := range args {
 		rv := reflect.ValueOf(arg)
 		switch rv.Kind() {
 		case reflect.Array, reflect.Slice:
 			size := rv.Len()
 			for i := 0; i < size; i++ {
-				elemVal, err := minMax(name, fn, rv.Index(i).Interface())
+				elemVal, err := minMax(name, fn, depth+1, rv.Index(i).Interface())
 				if err != nil {
 					return nil, err
 				}
@@ -294,7 +297,10 @@ func minMax(name string, fn func(any, any) bool, args ...any) (any, error) {
 	return val, nil
 }
 
-func mean(args ...any) (int, float64, error) {
+func mean(depth int, args ...any) (int, float64, error) {
+	if depth > MaxDepth {
+		return 0, 0, ErrorMaxDepth
+	}
 	var total float64
 	var count int
 
@@ -304,7 +310,7 @@ func mean(args ...any) (int, float64, error) {
 		case reflect.Array, reflect.Slice:
 			size := rv.Len()
 			for i := 0; i < size; i++ {
-				elemCount, elemSum, err := mean(rv.Index(i).Interface())
+				elemCount, elemSum, err := mean(depth+1, rv.Index(i).Interface())
 				if err != nil {
 					return 0, 0, err
 				}
@@ -327,7 +333,10 @@ func mean(args ...any) (int, float64, error) {
 	return count, total, nil
 }
 
-func median(args ...any) ([]float64, error) {
+func median(depth int, args ...any) ([]float64, error) {
+	if depth > MaxDepth {
+		return nil, ErrorMaxDepth
+	}
 	var values []float64
 
 	for _, arg := range args {
@@ -336,7 +345,7 @@ func median(args ...any) ([]float64, error) {
 		case reflect.Array, reflect.Slice:
 			size := rv.Len()
 			for i := 0; i < size; i++ {
-				elems, err := median(rv.Index(i).Interface())
+				elems, err := median(depth+1, rv.Index(i).Interface())
 				if err != nil {
 					return nil, err
 				}
@@ -355,18 +364,24 @@ func median(args ...any) ([]float64, error) {
 	return values, nil
 }
 
-func flatten(arg reflect.Value) []any {
+func flatten(arg reflect.Value, depth int) ([]any, error) {
+	if depth > MaxDepth {
+		return nil, ErrorMaxDepth
+	}
 	ret := []any{}
 	for i := 0; i < arg.Len(); i++ {
 		v := deref.Value(arg.Index(i))
 		if v.Kind() == reflect.Array || v.Kind() == reflect.Slice {
-			x := flatten(v)
+			x, err := flatten(v, depth+1)
+			if err != nil {
+				return nil, err
+			}
 			ret = append(ret, x...)
 		} else {
 			ret = append(ret, v.Interface())
 		}
 	}
-	return ret
+	return ret, nil
 }
 
 func get(params ...any) (out any, err error) {

checker/checker.go

@@ -462,7 +462,7 @@ func (v *Checker) binaryNode(node *ast.BinaryNode) Nature {
 				return v.error(node, err.Error())
 			}
 		}
-		if l.IsString() && r.IsString() {
+		if (l.IsString() || l.IsByteSlice()) && r.IsString() {
 			return v.config.NtCache.FromType(boolType)
 		}
 		if l.MaybeCompatible(&v.config.NtCache, r, StringCheck) {
@@ -549,6 +549,13 @@ func (v *Checker) memberNode(node *ast.MemberNode) Nature {
 
 	switch base.Kind {
 	case reflect.Map:
+		// If the map key is a pointer, we should not dereference the property.
+		if !prop.AssignableTo(base.Key(&v.config.NtCache)) {
+			propDeref := prop.Deref(&v.config.NtCache)
+			if propDeref.AssignableTo(base.Key(&v.config.NtCache)) {
+				prop = propDeref
+			}
+		}
 		if !prop.AssignableTo(base.Key(&v.config.NtCache)) && !prop.IsUnknown(&v.config.NtCache) {
 			return v.error(node.Property, "cannot use %s to get an element from %s", prop.String(), base.String())
 		}
@@ -562,6 +569,7 @@ func (v *Checker) memberNode(node *ast.MemberNode) Nature {
 		return base.Elem(&v.config.NtCache)
 
 	case reflect.Array, reflect.Slice:
+		prop = prop.Deref(&v.config.NtCache)
 		if !prop.IsInteger && !prop.IsUnknown(&v.config.NtCache) {
 			return v.error(node.Property, "array elements can only be selected using an integer (got %s)", prop.String())
 		}
@@ -607,13 +615,15 @@ func (v *Checker) sliceNode(node *ast.SliceNode) Nature {
 
 	if node.From != nil {
 		from := v.visit(node.From)
+		from = from.Deref(&v.config.NtCache)
 		if !from.IsInteger && !from.IsUnknown(&v.config.NtCache) {
 			return v.error(node.From, "non-integer slice index %v", from.String())
 		}
 	}
 
 	if node.To != nil {
 		to := v.visit(node.To)
+		to = to.Deref(&v.config.NtCache)
 		if !to.IsInteger && !to.IsUnknown(&v.config.NtCache) {
 			return v.error(node.To, "non-integer slice index %v", to.String())
 		}
@@ -942,6 +952,7 @@ func (v *Checker) checkBuiltinGet(node *ast.BuiltinNode) Nature {
 
 	base := v.visit(node.Arguments[0])
 	prop := v.visit(node.Arguments[1])
+	prop = prop.Deref(&v.config.NtCache)
 
 	if id, ok := node.Arguments[0].(*ast.IdentifierNode); ok && id.Value == "$env" {
 		if s, ok := node.Arguments[1].(*ast.StringNode); ok {
@@ -1260,6 +1271,7 @@ func (v *Checker) sequenceNode(node *ast.SequenceNode) Nature {
 
 func (v *Checker) conditionalNode(node *ast.ConditionalNode) Nature {
 	c := v.visit(node.Cond)
+	c = c.Deref(&v.config.NtCache)
 	if !c.IsBool() && !c.IsUnknown(&v.config.NtCache) {
 		return v.error(node.Cond, "non-bool expression (type %v) used as condition", c.String())
 	}
@@ -1277,6 +1289,13 @@ func (v *Checker) conditionalNode(node *ast.ConditionalNode) Nature {
 		return v.config.NtCache.NatureOf(nil)
 	}
 	if t1.AssignableTo(t2) {
+		if t1.IsArray() && t2.IsArray() {
+			e1 := t1.Elem(&v.config.NtCache)
+			e2 := t2.Elem(&v.config.NtCache)
+			if !e1.AssignableTo(e2) || !e2.AssignableTo(e1) {
+				return v.config.NtCache.FromType(arrayType)
+			}
+		}
 		return t1
 	}
 	return Nature{}

checker/checker_test.go

@@ -134,6 +134,7 @@ func TestCheck(t *testing.T) {
 		{"Bool ?? Bool"},
 		{"let foo = 1; foo == 1"},
 		{"(Embed).EmbedPointerEmbedInt > 0"},
+		{"(true ? [1] : [[1]])[0][0] == 1"},
 	}
 
 	c := new(checker.Checker)

checker/nature/nature.go

@@ -10,11 +10,12 @@ import (
 )
 
 var (
-	intType      = reflect.TypeOf(0)
-	floatType    = reflect.TypeOf(float64(0))
-	arrayType    = reflect.TypeOf([]any{})
-	timeType     = reflect.TypeOf(time.Time{})
-	durationType = reflect.TypeOf(time.Duration(0))
+	intType       = reflect.TypeOf(0)
+	floatType     = reflect.TypeOf(float64(0))
+	arrayType     = reflect.TypeOf([]any{})
+	byteSliceType = reflect.TypeOf([]byte{})
+	timeType      = reflect.TypeOf(time.Time{})
+	durationType  = reflect.TypeOf(time.Duration(0))
 
 	builtinInt = map[reflect.Type]struct{}{
 		reflect.TypeOf(int(0)):     {},
@@ -502,6 +503,10 @@ func (n *Nature) IsString() bool {
 	return n.Kind == reflect.String
 }
 
+func (n *Nature) IsByteSlice() bool {
+	return n.Type == byteSliceType
+}
+
 func (n *Nature) IsArray() bool {
 	return n.Kind == reflect.Slice || n.Kind == reflect.Array
 }