Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-12817

Read only commands should validate their namespaces

    • Query Optimization
    • Major Change

      The server has many read-only commands which do not validate their collection names. Our documentation mentions that empty collection names, or collection names containing a "$" are not allowed, so commands like the following should probably error instead of returning no results:

      db.runCommand({aggregate: "$foo", pipeline: []})
      db["$a"].find() 
      db["$a"].distinct("a")
      db["$a"].count()
      
      Original Description

      http://docs.mongodb.org/manual/reference/limits/ mentions that collection names containing $ or being empty are not allowed. OTOH, aggregate takes them as argument without complaining. Aggregating over an invalid namespace should not be a legal operation, in my opinion.

      Examples:

      > var cursor = db.runCommand({aggregate: "$foo", pipeline: [], cursor : {batchSize: 50}})
      > cursor
      {
      	"cursor" : {
      		"id" : NumberLong(0),
      		"ns" : "test.$foo",
      		"firstBatch" : [ ]
      	},
      	"ok" : 1
      }
      
      > var cursor = db.runCommand({aggregate: "", pipeline: [], cursor : {batchSize: 50}})
      > cursor
      {
      	"cursor" : {
      		"id" : NumberLong(0),
      		"ns" : "test.",
      		"firstBatch" : [ ]
      	},
      	"ok" : 1
      }
      

            Assignee:
            backlog-query-optimization [DO NOT USE] Backlog - Query Optimization
            Reporter:
            davide.italiano Davide Italiano
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: