Details
-
Improvement
-
Resolution: Unresolved
-
Major - P3
-
None
-
2.6.0-rc0
-
Query Optimization
-
Major Change
Description
The server has many read-only commands which do not validate their collection names. Our documentation mentions that empty collection names, or collection names containing a "$" are not allowed, so commands like the following should probably error instead of returning no results:
db.runCommand({aggregate: "$foo", pipeline: []}) |
db["$a"].find() |
db["$a"].distinct("a") |
db["$a"].count() |
Original Description
http://docs.mongodb.org/manual/reference/limits/ mentions that collection names containing $ or being empty are not allowed. OTOH, aggregate takes them as argument without complaining. Aggregating over an invalid namespace should not be a legal operation, in my opinion.
Examples:
> var cursor = db.runCommand({aggregate: "$foo", pipeline: [], cursor : {batchSize: 50}})
|
> cursor
|
{
|
"cursor" : {
|
"id" : NumberLong(0),
|
"ns" : "test.$foo",
|
"firstBatch" : [ ]
|
},
|
"ok" : 1
|
}
|
> var cursor = db.runCommand({aggregate: "", pipeline: [], cursor : {batchSize: 50}})
|
> cursor
|
{
|
"cursor" : {
|
"id" : NumberLong(0),
|
"ns" : "test.",
|
"firstBatch" : [ ]
|
},
|
"ok" : 1
|
}
|
Attachments
Issue Links
- is duplicated by
-
SERVER-26431 Validate the collection name for commands that read documents from a collection
-
- Closed
-