search

microsoft / AdaptiveCards

A new way for developers to exchange card content in a common and consistent way.
https://adaptivecards.io
MIT License
1.75k stars 548 forks source link

AdaptiveCard.FromJson, AdaptiveCardTemplate Support Newtonsoft 13 with higher than 64 max depth #7470

Open karrimrabibiomni opened 2 years ago

karrimrabibiomni commented 2 years ago

Target Platforms

Other

SDK Version

2.7.3

Application Name

Custom Application

Problem Description

Can you please support Newtonsoft version 13, when Newtonsoft version 12 is used this bug does not happen but version 12 has a security vulnerability.

https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678

the JsonSerializerSettings needs a MaxDepth = int.MaxValue, as in version 13 a small default max depth has been introduced.

This exact error is caused when applying the template in the AdaptiveCardTemplate constructor but will also happen again inside the AdaptiveCard.FromJson call if the maxdepth is not applied to both areas of the code.

AdaptiveCards.Templating.AdaptiveTemplateException HResult=0x80131500 Message=Setting root data failed with given data context Source=AdaptiveCards.Templating StackTrace: at AdaptiveCards.Templating.AdaptiveCardsTemplateVisitor..ctor(Func2 nullSubstitutionOption, String data) at AdaptiveCards.Templating.AdaptiveCardTemplate.Expand(EvaluationContext context, Func2 nullSubstitutionOption) at AdaptiveCards.Templating.AdaptiveCardTemplate.Expand(Object rootData, Func`2 nullSubstitutionOption) at BottKitt.Bot.Flow.FlowDialogConverter.<>c__DisplayClass56_0.<b__0>d.MoveNext() in

This exception was originally thrown at this call stack: [External Code]

Inner Exception 1: JsonReaderException: The reader's MaxDepth of 64 has been exceeded. Path '$tenjinInterpolatedVariables.conversation.DialogState.dialogStack[0].state.dialogs.dialogStack[0].state.dialogs.dialogStack[0].state.dialogs.dialogStack[0].state._adaptive.actions[0].dialogStack[0].state.dialogs.dialogStack[0].state._adaptive.actions[0].dialogStack[0].state.dialogs.dialogStack[0].state._adaptive.actions[0].dialogStack[0].state.dialogs.dialogStack[0].state._adaptive.actions[0].dialogStack[0].state.dialogs.dialogStack[0].state._adaptive.actions[0].dialogStack[0].state', line 1, position 6345.

Screenshots

No response

Card JSON

{
  "type": "AdaptiveCard",
  "$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
  "version": "1.3",
  "body": [
    {
      "type": "TextBlock",
      "text": "No comments found for ${incident.Number}",
      "id": "nocomments_text",
      "$when": "${totalComments == 0}"
    },
    {
      "type": "Container",
      "$when": "${totalComments > 0}",
      "items": [
        {
          "type": "ColumnSet",
          "columns": [
            {
              "type": "Column",
              "width": "stretch",
              "items": [
                {
                  "type": "TextBlock",
                  "text": "${incident.Number} comments",
                  "wrap": true,
                  "id": "card_title"
                }
              ]
            },
            {
              "type": "Column",
              "width": "auto",
              "items": [
                {
                  "type": "TextBlock",
                  "text": "Page ${currentPage} of ${totalPages}",
                  "wrap": true,
                  "id": "card_pageinfo"
                }
              ]
            }
          ]
        }
      ]
    },
    {
      "type": "Container",
      "$data": "${comments}",
      "items": [
        {
          "type": "ColumnSet",
          "spacing": "Medium",
          "columns": [
            {
              "type": "Column",
              "width": "auto",
              "items": [
                {
                  "type": "Image",
                  "url": "${User.PhotoUrl}",
                  "style": "Person",
                  "size": "Small",
                  "$when": "${User.PhotoUrl != ''}"
                },
                {
                  "type": "Image",
                  "url": "images/servicenow_icon.png",
                  "style": "Person",
                  "size": "Small",
                  "$when": "${User.PhotoUrl == ''}"
                }
              ]
            },
            {
              "type": "Column",
              "width": "stretch",
              "items": [
                {
                  "type": "ColumnSet",
                  "columns": [
                    {
                      "type": "Column",
                      "width": "stretch",
                      "items": [
                        {
                          "type": "TextBlock",
                          "text": "${User.DisplayName}",
                          "wrap": true,
                          "weight": "Bolder"
                        }
                      ]
                    },
                    {
                      "type": "Column",
                      "width": "auto",
                      "verticalContentAlignment": "Bottom",
                      "items": [
                        {
                          "type": "TextBlock",
                          "text": "{{DATE(${CreatedDate}, COMPACT)}}",
                          "wrap": true,
                          "size": "Small"
                        }
                      ]
                    }
                  ]
                },
                {
                  "type": "TextBlock",
                  "text": "${Comment}",
                  "wrap": true,
                  "spacing": "Small"
                }
              ]
            }
          ]
        }
      ]
    }
  ]
}

Sample Code Language

c#

Sample Code

AdaptiveCard.FromJson(new AdaptiveCardTemplate(templateJson).Expand(rootData)).Card;

licanhua commented 2 years ago

@paulcam206 Can you prioritize it? Look like it has security concerns

karrimrabibiomni commented 2 years ago

What is the status of this fix it is now preventing us from using the latest 14.17.1 Bot framework.