diff --git a/rust/nasl-syntax/src/grouping_extension.rs b/rust/nasl-syntax/src/grouping_extension.rs index 487cc825b..631b7aa9b 100644 --- a/rust/nasl-syntax/src/grouping_extension.rs +++ b/rust/nasl-syntax/src/grouping_extension.rs @@ -36,6 +36,7 @@ impl<'a> Grouping for Lexer<'a> { if !end { Err(unclosed_token!(token)) } else { + self.depth = 0; match right { Statement::Assign(category, _, variable, stmt) => Ok(Statement::Assign( category, @@ -53,6 +54,7 @@ impl<'a> Grouping for Lexer<'a> { while let Some(token) = self.peek() { if token.category() == &Category::RightCurlyBracket { self.token(); + self.depth = 0; return Ok((token.clone(), Statement::Block(kw, results, token))); } let (end, stmt) = self.statement(0, &|cat| cat == &Category::Semicolon)?; diff --git a/rust/nasl-syntax/src/lexer.rs b/rust/nasl-syntax/src/lexer.rs index bc82c1758..b11141974 100644 --- a/rust/nasl-syntax/src/lexer.rs +++ b/rust/nasl-syntax/src/lexer.rs @@ -25,7 +25,7 @@ pub struct Lexer<'a> { // is the current depth call within a statement call. The current // implementation relies that the iterator implementation resets depth to 0 // after a statement, or error, has been returned. - depth: u8, + pub(crate) depth: u8, } #[derive(Clone, Debug, PartialEq, Eq)] @@ -115,7 +115,6 @@ impl<'a> Lexer<'a> { return Err(unexpected_token!(token)); } if abort(token.category()) { - self.depth = 0; return Ok((End::Done(token.clone()), Statement::NoOp(Some(token)))); } self.prefix_statement(token, abort) @@ -124,7 +123,6 @@ impl<'a> Lexer<'a> { match state { End::Continue => {} end => { - self.depth = 0; return Ok((end, left)); } } diff --git a/rust/nasl-syntax/src/variable_extension.rs b/rust/nasl-syntax/src/variable_extension.rs index bd3585362..2580f85f3 100644 --- a/rust/nasl-syntax/src/variable_extension.rs +++ b/rust/nasl-syntax/src/variable_extension.rs @@ -50,6 +50,8 @@ impl<'a> CommaGroup for Lexer<'a> { End::Continue => {} }; } + + self.depth = 0; Ok((end, params)) } } diff --git a/rust/nasl-syntax/tests/crash-prefix-recursion.nasl b/rust/nasl-syntax/tests/crash-prefix-recursion.nasl new file mode 100644 index 000000000..763de54a3 --- /dev/null +++ b/rust/nasl-syntax/tests/crash-prefix-recursion.nasl @@ -0,0 +1 @@ + [3 [-p0[[S[[[[[[[[z4[[a[[[[,[[[[[[[[[[[z4[[a[[[,[[[[[[[[[[[[[[[[s[[[[[[[[[[[[[[[[[a[[[[,[[[[[[[[[[[[[[[[[[s[[[[[[[[[[[[[[[[[[[,[[[[[[[[[[[[[[[[a[[[[,[[[[[[[[[[[[[[[[[[s[[[[[[[[[[[[[[[[[[[,[[[[[[[[[[[[[[[[[[[[[[s[[[[[[[[[[[[[[[,[[[[[[[[[[[[[[s[[[[[[[[[[[[[[[[[a[[[[,[[[[[[[[[Q[[[[[[[[[[[[[[[a[[[[,[[[[[[[[[[[[[[[[[[s[[[[[[[[[[[[[[[,[[[[[[[[[[[[[[s[[[[[[[[[[[[[[[[[a[[[[,[[[[[[[[s[[[[[[[[[[[[[[[[[a[[[[,[[[[[[[[[[[[[[[[[[s[[[[[[[[[[[[[[[,[[[[[[[[[[[[[[s[[[[[[[[[[[[[[[[[a[[[[,[[[[[[[[[Q[[[[[[[[[[[[[[[[[[[%[[[[[[[[[[ \ No newline at end of file diff --git a/rust/nasl-syntax/tests/missing_input_validation.rs b/rust/nasl-syntax/tests/missing_input_validation.rs index 0028ac130..4ff7444b1 100644 --- a/rust/nasl-syntax/tests/missing_input_validation.rs +++ b/rust/nasl-syntax/tests/missing_input_validation.rs @@ -5,16 +5,27 @@ #[cfg(test)] mod test { - use nasl_syntax::{logger::NaslLogger, parse}; - #[test] fn validate_recursion_depth_to_prevent_stackoverflow() { - // Reported by Anon, VSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H + // Reported by @sepehrdaddev, VSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H // Crash due to depth limit on recursion. let code = include_str!("crash-recursion-depth.nasl"); assert_eq!(code.len(), 587); let result = nasl_syntax::parse(code).collect::>(); - assert_eq!(result.len(), 1); - assert!(result[0].is_err()) + + assert_eq!( + result.iter().filter_map(|x| x.as_ref().ok()).count(), + 0, + "crash-recursion-depth should not have any valid statements." + ); + + let code = include_str!("crash-prefix-recursion.nasl"); + assert_eq!(code.len(), 515); + let result = nasl_syntax::parse(code).collect::>(); + assert_eq!( + result.iter().filter_map(|x| x.as_ref().ok()).count(), + 0, + "crash-prefix-recursion should not have any valid statements." + ); } }