merge from upstream

Signed-off-by: Anthony Petrov <anthony@swirldslabs.com>

Author: anthony-swirldslabs

pbj-core/hiero-dependency-versions/build.gradle.kts

@@ -60,7 +60,7 @@ dependencies.constraints {
     api("com.google.protobuf:protobuf-java:$protobuf") { because("com.google.protobuf") }
     api("com.google.protobuf:protobuf-java-util:$protobuf") { because("com.google.protobuf.util") }
     api("net.bytebuddy:byte-buddy:1.17.6") { because("net.bytebuddy") }
-    api("org.assertj:assertj-core:3.27.3") { because("org.assertj.core") }
+    api("org.assertj:assertj-core:3.27.6") { because("org.assertj.core") }
     api("org.junit.jupiter:junit-jupiter-api:$junit5") { because("org.junit.jupiter.api") }
     api("org.junit.jupiter:junit-jupiter-engine:$junit5") { because("org.junit.jupiter.engine") }
 

pbj-core/pbj-compiler/README.md

@@ -142,7 +142,15 @@ immutable.
 ### Generated Unit Tests
 
 For each generated model object there is a unit test generated that tests the protobuf and JSON codecs against the
-*protoc* generated code to make sure they are 100% byte for byte binary compatible.
+*protoc* generated code to make sure they are 100% byte for byte binary compatible. This requires a dependency on
+Google Protobuf libraries which may not be always desirable. To disable tests generation and avoid having to add
+a dependency on Google Protobuf libraries, add the following configuration to your `build.gradle.kts`:
+
+```kotlin
+pbj {
+   generateTestClasses = false
+}
+```
 
 ## Generated Code Formatting
 

pbj-core/pbj-compiler/src/main/java/com/hedera/pbj/compiler/impl/Field.java

@@ -23,11 +23,6 @@ public interface Field {
     /** Annotation to add to fields that can't be set to null */
     String NON_NULL_ANNOTATION = "@NonNull";
 
-    /** The default maximum size of a repeated or length-encoded field (Bytes, String, Message, etc.).
-     * The size should not be increased beyond the current limit because of the safety concerns.
-     */
-    long DEFAULT_MAX_SIZE = 2 * 1024 * 1024;
-
     /**
      * Is this field a repeated field. Repeated fields are lists of values rather than a single value.
      *
@@ -38,9 +33,14 @@ public interface Field {
     /**
      * Returns the field's max size relevant to repeated or length-encoded fields.
      * The returned value has no meaning for scalar fields (BOOL, INT, etc.).
+     * A negative value means that the parser is free to enforce any generic limit it may be using for all fields.
+     * A non-negative value would override the generic limit used by the parser for this particular field.
+     * Note that PBJ currently doesn't support setting maxSize for individual fields,
+     * so currently the method returns -1 and the parser always uses the generic limit
+     * (see `Codec.parse(..., int maxSize)` for details.)
      */
     default long maxSize() {
-        return DEFAULT_MAX_SIZE;
+        return -1;
     }
 
     /**

pbj-core/pbj-compiler/src/main/java/com/hedera/pbj/compiler/impl/generators/TestGenerator.java

@@ -421,7 +421,7 @@ private static String generateTestMethod(final String modelClassName, final Stri
                     assertEquals(charBuffer2, charBuffer);
                 
                     // Test JSON Reading
-                    final $modelClassName jsonReadPbj = $modelClassName.JSON.parse(JsonTools.parseJson(charBuffer), false, Integer.MAX_VALUE);
+                    final $modelClassName jsonReadPbj = $modelClassName.JSON.parse(JsonTools.parseJson(charBuffer), false, Integer.MAX_VALUE, Integer.MAX_VALUE);
                     assertEquals(modelObj, jsonReadPbj);
                 }
                 

pbj-core/pbj-compiler/src/main/java/com/hedera/pbj/compiler/impl/generators/json/JsonCodecParseMethodGenerator.java

@@ -49,15 +49,26 @@ static String generateParseObjectMethod(final String modelClassName, final List<
                 /**
                  * Parses a HashObject object from JSON parse tree for object JSONParser.ObjContext.
                  * Throws an UnknownFieldException wrapped in a ParseException if in strict mode ONLY.
+                 * <p>
+                 * The {@code maxSize} specifies a custom value for the default `Codec.DEFAULT_MAX_SIZE` limit. IMPORTANT:
+                 * specifying a value larger than the default one can put the application at risk because a maliciously-crafted
+                 * payload can cause the parser to allocate too much memory which can result in OutOfMemory and/or crashes.
+                 * It's important to carefully estimate the maximum size limit that a particular protobuf model type should support,
+                 * and then pass that value as a parameter. Note that the estimated limit should apply to the **type** as a whole,
+                 * rather than to individual instances of the model. In other words, this value should be a constant, or a config
+                 * value that is controlled by the application, rather than come from the input that the application reads.
+                 * When in doubt, use the other overloaded versions of this method that use the default `Codec.DEFAULT_MAX_SIZE`.
                  *
                  * @param root The JSON parsed object tree to parse data from
+                 * @param maxSize a ParseException will be thrown if the size of a delimited field exceeds the limit
                  * @return Parsed HashObject model object or null if data input was null or empty
                  * @throws ParseException If parsing fails
                  */
                 public @NonNull $modelClassName parse(
                         @Nullable final JSONParser.ObjContext root,
                         final boolean strictMode,
-                        final int maxDepth) throws ParseException {
+                        final int maxDepth,
+                        final int maxSize) throws ParseException {
                     if (maxDepth < 0) {
                         throw new ParseException("Reached maximum allowed depth of nested messages");
                     }
@@ -146,24 +157,40 @@ private static void generateFieldCaseStatement(
             final StringBuilder origSB, final Field field, final String valueGetter) {
         final StringBuilder sb = new StringBuilder();
         final boolean isMapField = field instanceof SingleField && ((SingleField) field).isMapField();
+        final boolean isMapFieldOrOneOf = isMapField || field.parent() != null;
         if (field.repeated()) {
             if (field.type() == Field.FieldType.MESSAGE) {
-                sb.append("parseObjArray($valueGetter.arr(), " + field.messageType() + ".JSON, maxDepth - 1)");
+                sb.append(("parseObjArray(checkSize(\"$fieldName\", $valueGetter.arr().value(), $maxSize), "
+                                + field.messageType() + ".JSON, maxDepth - 1, $maxSize)")
+                        .replace("$maxSize", field.maxSize() >= 0 ? String.valueOf(field.maxSize()) : "maxSize")
+                        .replace("$fieldName", field.name()));
             } else {
-                sb.append("$valueGetter.arr().value().stream().map(v -> ");
+                sb.append("checkSize(\"$fieldName\", $valueGetter.arr().value(), $maxSize).stream().map(v -> "
+                        .replace("$maxSize", field.maxSize() >= 0 ? String.valueOf(field.maxSize()) : "maxSize")
+                        .replace("$fieldName", field.name()));
                 switch (field.type()) {
                     case ENUM -> sb.append(field.messageType() + ".fromString(v.STRING().getText())");
                     case INT32, UINT32, SINT32, FIXED32, SFIXED32 -> sb.append("parseInteger(v)");
                     case INT64, UINT64, SINT64, FIXED64, SFIXED64 -> sb.append("parseLong(v)");
                     case FLOAT -> sb.append("parseFloat(v)");
                     case DOUBLE -> sb.append("parseDouble(v)");
                     case STRING ->
-                        sb.append(
-                                isMapField || field.parent() != null
-                                        ? "unescape(v.STRING().getText())"
-                                        : "toUtf8Bytes(unescape(v.STRING().getText()))");
+                        sb.append((isMapFieldOrOneOf ? "toUtf8Bytes(" : "") +
+                                "unescape(checkSize(\"$fieldName\", v.STRING().getText(), $maxSize))"
+                                .replace("$maxSize", field.maxSize() >= 0 ? String.valueOf(field.maxSize()) : "maxSize")
+                                .replace("$fieldName", field.name()) +
+                                (isMapFieldOrOneOf ? ")" : "")
+                        );
                     case BOOL -> sb.append("parseBoolean(v)");
-                    case BYTES -> sb.append("Bytes.fromBase64(v.STRING().getText())");
+
+                    // maxSize * 2 - because Base64. The *2 math isn't precise, but it's good enough for our purposes.
+                    case BYTES ->
+                        sb.append(
+                                "Bytes.fromBase64(checkSize(\"$fieldName\", v.STRING().getText(), $maxSize < (Integer.MAX_VALUE / 2) ? $maxSize * 2 : Integer.MAX_VALUE))"
+                                        .replace(
+                                                "$maxSize",
+                                                field.maxSize() >= 0 ? String.valueOf(field.maxSize()) : "maxSize")
+                                        .replace("$fieldName", field.name()));
                     default -> throw new RuntimeException("Unknown field type [" + field.type() + "]");
                 }
                 sb.append(").toList()");
@@ -175,12 +202,22 @@ private static void generateFieldCaseStatement(
                 case "FloatValue" -> sb.append("parseFloat($valueGetter)");
                 case "DoubleValue" -> sb.append("parseDouble($valueGetter)");
                 case "StringValue" ->
-                    sb.append(
-                            isMapField || field.parent() != null
-                                    ? "unescape($valueGetter.STRING().getText())"
-                                    : "toUtf8Bytes(unescape($valueGetter.STRING().getText()))");
+                    sb.append((isMapFieldOrOneOf ? "toUtf8Bytes(" : "") +
+                            "unescape(checkSize(\"$fieldName\", $valueGetter.STRING().getText(), $maxSize))"
+                            .replace("$maxSize", field.maxSize() >= 0 ? String.valueOf(field.maxSize()) : "maxSize")
+                            .replace("$fieldName", field.name()) +
+                            (isMapFieldOrOneOf ? ")" : "")
+                    );
                 case "BoolValue" -> sb.append("parseBoolean($valueGetter)");
-                case "BytesValue" -> sb.append("Bytes.fromBase64($valueGetter.STRING().getText())");
+
+                // maxSize * 2 - because Base64. The *2 math isn't precise, but it's good enough for our purposes:
+                case "BytesValue" ->
+                    sb.append(
+                            "Bytes.fromBase64(checkSize(\"$fieldName\", $valueGetter.STRING().getText(), $maxSize < (Integer.MAX_VALUE / 2) ? $maxSize * 2 : Integer.MAX_VALUE))"
+                                    .replace(
+                                            "$maxSize",
+                                            field.maxSize() >= 0 ? String.valueOf(field.maxSize()) : "maxSize")
+                                    .replace("$fieldName", field.name()));
                 default -> throw new RuntimeException("Unknown message type [" + field.messageType() + "]");
             }
         } else if (field.type() == Field.FieldType.MAP) {
@@ -204,21 +241,33 @@ private static void generateFieldCaseStatement(
         } else {
             switch (field.type()) {
                 case MESSAGE ->
-                    sb.append(
-                            field.javaFieldType()
-                                    + ".JSON.parse($valueGetter.getChild(JSONParser.ObjContext.class, 0), false, maxDepth - 1)");
+                    sb.append(field.javaFieldType()
+                            + ".JSON.parse($valueGetter.getChild(JSONParser.ObjContext.class, 0), false, maxDepth - 1, $maxSize)"
+                                    .replace(
+                                            "$maxSize",
+                                            field.maxSize() >= 0 ? String.valueOf(field.maxSize()) : "maxSize"));
                 case ENUM -> sb.append(field.javaFieldType() + ".fromString($valueGetter.STRING().getText())");
                 case INT32, UINT32, SINT32, FIXED32, SFIXED32 -> sb.append("parseInteger($valueGetter)");
                 case INT64, UINT64, SINT64, FIXED64, SFIXED64 -> sb.append("parseLong($valueGetter)");
                 case FLOAT -> sb.append("parseFloat($valueGetter)");
                 case DOUBLE -> sb.append("parseDouble($valueGetter)");
                 case STRING ->
-                    sb.append(
-                            isMapField || field.parent() != null
-                                    ? "unescape($valueGetter.STRING().getText())"
-                                    : "toUtf8Bytes(unescape($valueGetter.STRING().getText()))");
+                    sb.append((isMapFieldOrOneOf ? "toUtf8Bytes(" : "") +
+                            "unescape(checkSize(\"$fieldName\", $valueGetter.STRING().getText(), $maxSize))"
+                            .replace("$maxSize", field.maxSize() >= 0 ? String.valueOf(field.maxSize()) : "maxSize")
+                            .replace("$fieldName", field.name()) +
+                            (isMapFieldOrOneOf ? ")" : "")
+                    );
                 case BOOL -> sb.append("parseBoolean($valueGetter)");
-                case BYTES -> sb.append("Bytes.fromBase64($valueGetter.STRING().getText())");
+
+                // maxSize * 2 - because Base64. The *2 math isn't precise, but it's good enough for our purposes:
+                case BYTES ->
+                    sb.append(
+                            "Bytes.fromBase64(checkSize(\"$fieldName\", $valueGetter.STRING().getText(), $maxSize < (Integer.MAX_VALUE / 2) ? $maxSize * 2 : Integer.MAX_VALUE))"
+                                    .replace(
+                                            "$maxSize",
+                                            field.maxSize() >= 0 ? String.valueOf(field.maxSize()) : "maxSize")
+                                    .replace("$fieldName", field.name()));
                 default -> throw new RuntimeException("Unknown field type [" + field.type() + "]");
             }
         }