Limit value number instead of key number in form reader

Author: pakrym

src/Microsoft.AspNetCore.Http/Features/FormFeature.cs

@@ -148,7 +148,7 @@ private async Task<IFormCollection> InnerReadFormAsync(CancellationToken cancell
                     var encoding = FilterEncoding(contentType.Encoding);
                     using (var formReader = new FormReader(_request.Body, encoding)
                     {
-                        KeyCountLimit = _options.KeyCountLimit,
+                        ValueCountLimit = _options.ValueCountLimit,
                         KeyLengthLimit = _options.KeyLengthLimit,
                         ValueLengthLimit = _options.ValueLengthLimit,
                     })
@@ -200,9 +200,9 @@ private async Task<IFormCollection> InnerReadFormAsync(CancellationToken cancell
                             {
                                 files = new FormFileCollection();
                             }
-                            if (files.Count >= _options.KeyCountLimit)
+                            if (files.Count >= _options.ValueCountLimit)
                             {
-                                throw new InvalidDataException($"Form key count limit {_options.KeyCountLimit} exceeded.");
+                                throw new InvalidDataException($"Form value count limit {_options.ValueCountLimit} exceeded.");
                             }
                             files.Add(file);
                         }
@@ -222,9 +222,9 @@ private async Task<IFormCollection> InnerReadFormAsync(CancellationToken cancell
                                 // The value length limit is enforced by MultipartBodyLengthLimit
                                 var value = await reader.ReadToEndAsync();
                                 formAccumulator.Append(key, value);
-                                if (formAccumulator.Count > _options.KeyCountLimit)
+                                if (formAccumulator.ValueCount > _options.ValueCountLimit)
                                 {
-                                    throw new InvalidDataException($"Form key count limit {_options.KeyCountLimit} exceeded.");
+                                    throw new InvalidDataException($"Form value count limit {_options.ValueCountLimit} exceeded.");
                                 }
                             }
                         }

src/Microsoft.AspNetCore.Http/Features/FormOptions.cs

@@ -33,10 +33,10 @@ public class FormOptions
         public long BufferBodyLengthLimit { get; set; } = DefaultBufferBodyLengthLimit;
 
         /// <summary>
-        /// A limit for the number of form entries to allow. Entries with the same key will be combined.
+        /// A limit for the number of form entries to allow.
         /// Forms that exceed this limit will throw an <see cref="InvalidDataException"/> when parsed.
         /// </summary>
-        public int KeyCountLimit { get; set; } = FormReader.DefaultKeyCountLimit;
+        public int ValueCountLimit { get; set; } = FormReader.DefaultValueCountLimit;
 
         /// <summary>
         /// A limit on the length of individual keys. Forms containing keys that exceed this limit will

src/Microsoft.AspNetCore.WebUtilities/FormReader.cs

@@ -17,7 +17,7 @@ namespace Microsoft.AspNetCore.WebUtilities
     /// </summary>
     public class FormReader : IDisposable
     {
-        public const int DefaultKeyCountLimit = 1024;
+        public const int DefaultValueCountLimit = 1024;
         public const int DefaultKeyLengthLimit = 1024 * 2;
         public const int DefaultValueLengthLimit = 1024 * 1024 * 4;
 
@@ -78,9 +78,9 @@ public FormReader(Stream stream, Encoding encoding, ArrayPool<char> charPool)
         }
 
         /// <summary>
-        /// The limit on the number of form keys to allow in ReadForm or ReadFormAsync.
+        /// The limit on the number of form values to allow in ReadForm or ReadFormAsync.
         /// </summary>
-        public int KeyCountLimit { get; set; } = DefaultKeyCountLimit;
+        public int ValueCountLimit { get; set; } = DefaultValueCountLimit;
 
         /// <summary>
         /// The limit on the length of form keys.
@@ -293,9 +293,9 @@ private void Append(ref KeyValueAccumulator accumulator)
             if (ReadSucceded())
             {
                 accumulator.Append(_currentKey, _currentValue);
-                if (accumulator.Count > KeyCountLimit)
+                if (accumulator.ValueCount > ValueCountLimit)
                 {
-                    throw new InvalidDataException($"Form key count limit {KeyCountLimit} exceeded.");
+                    throw new InvalidDataException($"Form value count limit {ValueCountLimit} exceeded.");
                 }
             }
         }

src/Microsoft.AspNetCore.WebUtilities/KeyValueAccumulator.cs

@@ -59,11 +59,15 @@ public void Append(string key, string value)
                 // First value for this key
                 _accumulator[key] = new StringValues(value);
             }
+
+            ValueCount++;
         }
 
-        public bool HasValues => _accumulator != null;
+        public bool HasValues => ValueCount > 0;
+
+        public int KeyCount => _accumulator?.Count ?? 0;
 
-        public int Count => _accumulator?.Count ?? 0;
+        public int ValueCount { get; private set; }
 
         public Dictionary<string, StringValues> GetResults()
         {

src/Microsoft.AspNetCore.WebUtilities/MultipartReader.cs

@@ -104,7 +104,7 @@ private async Task<Dictionary<string, StringValues>> ReadHeadersAsync(Cancellati
                 var name = line.Substring(0, splitIndex);
                 var value = line.Substring(splitIndex + 1, line.Length - splitIndex - 1).Trim();
                 accumulator.Append(name, value);
-                if (accumulator.Count > HeadersCountLimit)
+                if (accumulator.KeyCount > HeadersCountLimit)
                 {
                     throw new InvalidDataException($"Multipart headers count limit {HeadersCountLimit} exceeded.");
                 }

test/Microsoft.AspNetCore.Http.Tests/Features/FormFeatureTests.cs

@@ -2,10 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.Collections.Generic;
 using System.IO;
 using System.Text;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http.Internal;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Http.Features
@@ -48,33 +48,35 @@ public async Task ReadFormAsync_SimpleData_ReturnsParsedFormCollection(bool buff
         }
 
         private const string MultipartContentType = "multipart/form-data; boundary=WebKitFormBoundary5pDRpGheQXaM8k3T";
-        private const string EmptyMultipartForm =
-"--WebKitFormBoundary5pDRpGheQXaM8k3T--";
+
+        private const string EmptyMultipartForm = "--WebKitFormBoundary5pDRpGheQXaM8k3T--";
+
         // Note that CRLF (\r\n) is required. You can't use multi-line C# strings here because the line breaks on Linux are just LF.
-        private const string MultipartFormWithField =
-"--WebKitFormBoundary5pDRpGheQXaM8k3T\r\n" +
+        private const string MultipartFormEnd = "--WebKitFormBoundary5pDRpGheQXaM8k3T--\r\n";
+
+        private const string MultipartFormField = "--WebKitFormBoundary5pDRpGheQXaM8k3T\r\n" +
 "Content-Disposition: form-data; name=\"description\"\r\n" +
 "\r\n" +
-"Foo\r\n" +
-"--WebKitFormBoundary5pDRpGheQXaM8k3T--";
-        private const string MultipartFormWithFile =
-"--WebKitFormBoundary5pDRpGheQXaM8k3T\r\n" +
+"Foo\r\n";
+
+        private const string MultipartFormFile = "--WebKitFormBoundary5pDRpGheQXaM8k3T\r\n" +
 "Content-Disposition: form-data; name=\"myfile1\"; filename=\"temp.html\"\r\n" +
 "Content-Type: text/html\r\n" +
 "\r\n" +
-"<html><body>Hello World</body></html>\r\n" +
-"--WebKitFormBoundary5pDRpGheQXaM8k3T--";
+"<html><body>Hello World</body></html>\r\n";
+
+        private const string MultipartFormWithField =
+            MultipartFormField +
+            MultipartFormEnd;
+
+        private const string MultipartFormWithFile =
+            MultipartFormFile +
+            MultipartFormEnd;
+
         private const string MultipartFormWithFieldAndFile =
-"--WebKitFormBoundary5pDRpGheQXaM8k3T\r\n" +
-"Content-Disposition: form-data; name=\"description\"\r\n" +
-"\r\n" +
-"Foo\r\n" +
-"--WebKitFormBoundary5pDRpGheQXaM8k3T\r\n" +
-"Content-Disposition: form-data; name=\"myfile1\"; filename=\"temp.html\"\r\n" +
-"Content-Type: text/html\r\n" +
-"\r\n" +
-"<html><body>Hello World</body></html>\r\n" +
-"--WebKitFormBoundary5pDRpGheQXaM8k3T--";
+            MultipartFormField +
+            MultipartFormFile +
+            MultipartFormEnd;
 
         [Theory]
         [InlineData(true)]
@@ -243,6 +245,55 @@ public async Task ReadFormAsync_MultipartWithFieldAndFile_ReturnsParsedFormColle
             await responseFeature.CompleteAsync();
         }
 
+        [Theory]
+        [InlineData(true)]
+        [InlineData(false)]
+        public async Task ReadFormAsync_ValueCountLimitExceeded_Throw(bool bufferRequest)
+        {
+            var formContent = new List<byte>();
+            formContent.AddRange(Encoding.UTF8.GetBytes(MultipartFormField));
+            formContent.AddRange(Encoding.UTF8.GetBytes(MultipartFormField));
+            formContent.AddRange(Encoding.UTF8.GetBytes(MultipartFormField));
+            formContent.AddRange(Encoding.UTF8.GetBytes(MultipartFormEnd));
+
+            var context = new DefaultHttpContext();
+            var responseFeature = new FakeResponseFeature();
+            context.Features.Set<IHttpResponseFeature>(responseFeature);
+            context.Request.ContentType = MultipartContentType;
+            context.Request.Body = new NonSeekableReadStream(formContent.ToArray());
+
+            IFormFeature formFeature = new FormFeature(context.Request, new FormOptions() { BufferBody = bufferRequest, ValueCountLimit = 2 });
+            context.Features.Set<IFormFeature>(formFeature);
+
+            var exception = await Assert.ThrowsAsync<InvalidDataException> (() => context.Request.ReadFormAsync());
+            Assert.Equal(exception.Message, "Form value count limit 2 exceeded.");
+        }
+
+        [Theory]
+        [InlineData(true)]
+        [InlineData(false)]
+        public async Task ReadFormAsync_ValueCountLimitExceededWithFiles_Throw(bool bufferRequest)
+        {
+            var formContent = new List<byte>();
+            formContent.AddRange(Encoding.UTF8.GetBytes(MultipartFormFile));
+            formContent.AddRange(Encoding.UTF8.GetBytes(MultipartFormFile));
+            formContent.AddRange(Encoding.UTF8.GetBytes(MultipartFormFile));
+            formContent.AddRange(Encoding.UTF8.GetBytes(MultipartFormEnd));
+
+
+            var context = new DefaultHttpContext();
+            var responseFeature = new FakeResponseFeature();
+            context.Features.Set<IHttpResponseFeature>(responseFeature);
+            context.Request.ContentType = MultipartContentType;
+            context.Request.Body = new NonSeekableReadStream(formContent.ToArray());
+
+            IFormFeature formFeature = new FormFeature(context.Request, new FormOptions() { BufferBody = bufferRequest, ValueCountLimit = 2 });
+            context.Features.Set<IFormFeature>(formFeature);
+
+            var exception = await Assert.ThrowsAsync<InvalidDataException> (() => context.Request.ReadFormAsync());
+            Assert.Equal(exception.Message, "Form value count limit 2 exceeded.");
+        }
+
         [Theory]
         // FileBufferingReadStream transitions to disk storage after 30kb, and stops pooling buffers at 1mb.
         [InlineData(true, 1024)]
@@ -313,10 +364,7 @@ private Stream CreateMultipartWithFormAndFile(Stream fileContents)
         {
             var stream = new MemoryStream();
             var header =
-"--WebKitFormBoundary5pDRpGheQXaM8k3T\r\n" +
-"Content-Disposition: form-data; name=\"description\"\r\n" +
-"\r\n" +
-"Foo\r\n" +
+MultipartFormField +
 "--WebKitFormBoundary5pDRpGheQXaM8k3T\r\n" +
 "Content-Disposition: form-data; name=\"myfile1\"; filename=\"temp.html\"\r\n" +
 "Content-Type: text/html\r\n" +

test/Microsoft.AspNetCore.WebUtilities.Tests/FormReaderTests.cs

@@ -65,28 +65,40 @@ public async Task ReadFormAsync_EmptyValuedWithAdditionalEntryAllowed(bool buffe
         [Theory]
         [InlineData(true)]
         [InlineData(false)]
-        public async Task ReadFormAsync_KeyCountLimitMet_Success(bool bufferRequest)
+        public async Task ReadFormAsync_ValueCountLimitMet_Success(bool bufferRequest)
         {
-            var body = MakeStream(bufferRequest, "foo=1&bar=2&baz=3&baz=4");
+            var body = MakeStream(bufferRequest, "foo=1&bar=2&baz=3");
 
-            var formCollection = await ReadFormAsync(new FormReader(body) { KeyCountLimit = 3 });
+            var formCollection = await ReadFormAsync(new FormReader(body) { ValueCountLimit = 3 });
 
             Assert.Equal("1", formCollection["foo"].ToString());
             Assert.Equal("2", formCollection["bar"].ToString());
-            Assert.Equal("3,4", formCollection["baz"].ToString());
+            Assert.Equal("3", formCollection["baz"].ToString());
             Assert.Equal(3, formCollection.Count);
         }
 
         [Theory]
         [InlineData(true)]
         [InlineData(false)]
-        public async Task ReadFormAsync_KeyCountLimitExceeded_Throw(bool bufferRequest)
+        public async Task ReadFormAsync_ValueCountLimitExceeded_Throw(bool bufferRequest)
         {
             var body = MakeStream(bufferRequest, "foo=1&baz=2&bar=3&baz=4&baf=5");
 
             var exception = await Assert.ThrowsAsync<InvalidDataException>(
-                () => ReadFormAsync(new FormReader(body) { KeyCountLimit = 3 }));
-            Assert.Equal("Form key count limit 3 exceeded.", exception.Message);
+                () => ReadFormAsync(new FormReader(body) { ValueCountLimit = 3 }));
+            Assert.Equal("Form value count limit 3 exceeded.", exception.Message);
+        }
+
+        [Theory]
+        [InlineData(true)]
+        [InlineData(false)]
+        public async Task ReadFormAsync_ValueCountLimitExceededSameKey_Throw(bool bufferRequest)
+        {
+            var body = MakeStream(bufferRequest, "baz=1&baz=2&baz=3&baz=4");
+
+            var exception = await Assert.ThrowsAsync<InvalidDataException>(
+                () => ReadFormAsync(new FormReader(body) { ValueCountLimit = 3 }));
+            Assert.Equal("Form value count limit 3 exceeded.", exception.Message);
         }
 
         [Theory]