arangodb
diff --git a/‎3rdParty/velocypack/include/velocypack/Builder.h
Lines changed: 13 additions & 1 deletion b/‎3rdParty/velocypack/include/velocypack/Builder.h
Lines changed: 13 additions & 1 deletion
diff --git a/‎3rdParty/velocypack/include/velocypack/Exception.h
Lines changed: 3 additions & 0 deletions b/‎3rdParty/velocypack/include/velocypack/Exception.h
Lines changed: 3 additions & 0 deletions
diff --git a/‎3rdParty/velocypack/include/velocypack/Options.h
Lines changed: 4 additions & 0 deletions b/‎3rdParty/velocypack/include/velocypack/Options.h
Lines changed: 4 additions & 0 deletions
diff --git a/‎3rdParty/velocypack/include/velocypack/Validator.h
Lines changed: 16 additions & 13 deletions b/‎3rdParty/velocypack/include/velocypack/Validator.h
Lines changed: 16 additions & 13 deletions
diff --git a/‎3rdParty/velocypack/src/Builder.cpp
Lines changed: 14 additions & 1 deletion b/‎3rdParty/velocypack/src/Builder.cpp
Lines changed: 14 additions & 1 deletion
@@ -385,7 +385,7 @@ class Builder {
       }
     }
     try {
-      checkKeyIsString(Slice(sub).isString());
+      checkKeyIsString(Slice(sub));
       auto oldPos = _pos;
       reserveSpace(1 + sizeof(void*));
       // store pointer. this doesn't need to be portable
@@ -576,6 +576,18 @@ class Builder {
     }
   }
 
+  inline void checkKeyIsString(Slice const& item) {
+    if (!_stack.empty()) {
+      ValueLength const& tos = _stack.back();
+      if (_start[tos] == 0x0b || _start[tos] == 0x14) {
+        if (!_keyWritten && !item.isString()) {
+          throw Exception(Exception::BuilderKeyMustBeString);
+        }
+        _keyWritten = !_keyWritten;
+      }
+    }
+  }
+
   inline void addArray(bool unindexed = false) {
     addCompoundValue(unindexed ? 0x13 : 0x06);
   }
 
@@ -67,6 +67,7 @@ struct Exception : std::exception {
     BuilderExternalsDisallowed = 37,
     BuilderKeyAlreadyWritten = 38,
     BuilderKeyMustBeString = 39,
+    BuilderCustomDisallowed = 40,
 
     ValidatorInvalidLength = 50,
     ValidatorInvalidType = 51,
@@ -142,6 +143,8 @@ struct Exception : std::exception {
         return "The key of the next key/value pair is already written";
       case BuilderKeyMustBeString:
         return "The key of the next key/value pair must be a string";
+      case BuilderCustomDisallowed:
+        return "Custom types are not allowed in this configuration";
 
       case ValidatorInvalidType:
         return "Invalid type found in binary data";
 
@@ -115,6 +115,10 @@ struct Options {
   // values as a security precaution)
   bool disallowExternals = false;
 
+  // disallow using type Custom (to prevent injection of arbitrary opaque
+
8000
  // values as a security precaution)
+  bool disallowCustom = false;
+
   // default options with the above settings
   static Options Defaults;
 };
 
@@ -39,7 +39,7 @@ class Validator {
 
  public:
   explicit Validator(Options const* options = &Options::Defaults)
-      : options(options) {
+      : options(options), _level(0) {
     if (options == nullptr) {
       throw Exception(Exception::InternalError, "Options cannot be a nullptr");
     }
@@ -50,28 +50,31 @@ class Validator {
  public:
   // validates a VelocyPack Slice value starting at ptr, with length bytes length
   // throws if the data is invalid
-  bool validate(char const* ptr, size_t length, bool isSubPart = false) const {
+  bool validate(char const* ptr, size_t length, bool isSubPart = false) {
     return validate(reinterpret_cast<uint8_t const*>(ptr), length, isSubPart);
   }
 
   // validates a VelocyPack Slice value starting at ptr, with length bytes length
   // throws if the data is invalid
-  bool validate(uint8_t const* ptr, size_t length, bool isSubPart = false) const;
+  bool validate(uint8_t const* ptr, size_t length, bool isSubPart = false);
 
  private:
-  void validateArray(uint8_t const* ptr, size_t length) const;
-  void validateCompactArray(uint8_t const* ptr, size_t length) const;
-  void validateUnindexedArray(uint8_t const* ptr, size_t length) const;
-  void validateIndexedArray(uint8_t const* ptr, size_t length) const;
-  void validateObject(uint8_t const* ptr, size_t length) const;
-  void validateCompactObject(uint8_t const* ptr, size_t length) const;
-  void validateIndexedObject(uint8_t const* ptr, size_t length) const;
-  void validateBufferLength(size_t expected, size_t actual, bool isSubPart) const;
-  void validateSliceLength(uint8_t const* ptr, size_t length, bool isSubPart) const;
-  ValueLength readByteSize(uint8_t const*& ptr, uint8_t const* end) const;
+  void validateArray(uint8_t const* ptr, size_t length);
+  void validateCompactArray(uint8_t const* ptr, size_t length);
+  void validateUnindexedArray(uint8_t const* ptr, size_t length);
+  void validateIndexedArray(uint8_t const* ptr, size_t length);
+  void validateObject(uint8_t const* ptr, size_t length);
+  void validateCompactObject(uint8_t const* ptr, size_t length);
+  void validateIndexedObject(uint8_t const* ptr, size_t length);
+  void validateBufferLength(size_t expected, size_t actual, bool isSubPart);
+  void validateSliceLength(uint8_t const* ptr, size_t length, bool isSubPart);
+  ValueLength readByteSize(uint8_t const*& ptr, uint8_t const* end);
 
  public:
   Options const* options;
+
+ private:
+  int _level;
 };
 
 }  // namespace arangodb::velocypack
 
@@ -795,6 +795,10 @@ uint8_t* Builder::set(Value const&
FA4C
amp; item) {
       throw Exception(Exception::NotImplemented);
     }
     case ValueType::Custom: {
+      if (options->disallowCustom) {
+        // Custom values explicitly disallowed as a security precaution
+        throw Exception(Exception::BuilderCustomDisallowed);
+      }
       throw Exception(Exception::BuilderUnexpectedType,
                       "Cannot set a ValueType::Custom with this method");
     }
@@ -803,7 +807,12 @@ uint8_t* Builder::set(Value const& item) {
 }
 
 uint8_t* Builder::set(Slice const& item) {
-  checkKeyIsString(item.isString());
+  checkKeyIsString(item);
+
+  if (options->disallowCustom && item.isCustom()) {
+    // Custom values explicitly disallowed as a security precaution
+    throw Exception(Exception::BuilderCustomDisallowed);
+  }
 
   ValueLength const l = item.byteSize();
   reserveSpace(l);
@@ -847,6 +856,10 @@ uint8_t* Builder::set(ValuePair const& pair) {
     }
     return _start + oldPos;
   } else if (pair.valueType() == ValueType::Custom) {
+    if (options->disallowCustom) {
+      // Custom values explicitly disallowed as a security precaution
+      throw Exception(Exception::BuilderCustomDisallowed);
+    }
     // We only reserve space here, the caller has to fill in the custom type
     uint64_t size = pair.getSize();
     reserveSpace(size);
Original file line number	Diff line number	Diff line change
`@@ -385,7 +385,7 @@ class Builder {`
`385`	`385`	`}`
`386`	`386`	`}`
`387`	`387`	`try {`
`388`		`- checkKeyIsString(Slice(sub).isString());`
	`388`	`+ checkKeyIsString(Slice(sub));`
`389`	`389`	`auto oldPos = _pos;`
`390`	`390`	`reserveSpace(1 + sizeof(void*));`
`391`	`391`	`// store pointer. this doesn't need to be portable`
`@@ -576,6 +576,18 @@ class Builder {`
`576`	`576`	`}`
`577`	`577`	`}`
`578`	`578`
	`579`	`+ inline void checkKeyIsString(Slice const& item) {`
	`580`	`+ if (!_stack.empty()) {`
	`581`	`+ ValueLength const& tos = _stack.back();`
	`582`	`+ if (_start[tos] == 0x0b \|\| _start[tos] == 0x14) {`
	`583`	`+ if (!_keyWritten && !item.isString()) {`
	`584`	`+ throw Exception(Exception::BuilderKeyMustBeString);`
	`585`	`+ }`
	`586`	`+ _keyWritten = !_keyWritten;`
	`587`	`+ }`
	`588`	`+ }`
	`589`	`+ }`
	`590`	`+`
`579`	`591`	`inline void addArray(bool unindexed = false) {`
`580`	`592`	`addCompoundValue(unindexed ? 0x13 : 0x06);`
`581`	`593`	`}`