Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-21493

Double quotes in shellHelper args aren't handled properly



    • Bug
    • Status: Closed
    • Minor - P4
    • Resolution: Won't Fix
    • None
    • None
    • Shell
    • ALL


      The arguments to shellHelper.* functions are passed to scope->exec() as an inline JS string delimited by double quotes on dbshell.cpp:866-867 — but double quotes in the passed arguments are not escaped.

      This isn't typically a problem for the existing builtin shellHelper functions (use, set, it, show, and help), because their arguments don't usually include quotes or string literals. However, it's problematic for useful mongorc hacks which take arbitrary JS as args, eg. time and underscore-grab. The effect is usually inexplicable-looking syntax errors when double quotes are used — but not when they are swapped for single quotes (or manually escaped, which looks and feels bizarre):

      $ /m/3.2.0-rc2/bin/mongo
      MongoDB shell version: 3.2.0-rc2
      connecting to: test
      > time sleep(1000)
      Duration: 1017 ms
      > time for (i = 0; i < 100000; i++){}
      Duration: 39 ms
      > time for (i = 0; i < 100000; i++){s = "" + i;}
      2015-11-16T08:54:08.052+1100 E QUERY    [thread1] SyntaxError: missing ) after argument list @(shellhelp2):1:58
      > time for (i = 0; i < 100000; i++){s = '' + i;}
      Duration: 59 ms
      > time for (i = 0; i < 100000; i++){s = \"\" + i;}
      Duration: 52 ms
      > use test" + (bar = "foobar") + "foo
      switched to db testfoobarfoo
      > bar
      > bar = 1234
      > use test" + bar + "foo
      switched to db test1234foo

      There is an attempt to protect against this on line 856, but it only guards cmd, ie. the first call to scope->exec() on line 859. It also completely prevents the use of shellHelpers where the first word contains a double quote, which is needlessly restrictive — all that should be necessary is to correctly handle double quotes in cmd.

      Seems the better approach would be to drop line 856, and instead either (a) use backslash to escape any double quotes in cmd and code, or (b) better yet, directly inject the strings with scope->setString(), and then just reference them when calling shellHelper inside scope->exec().


        Issue Links



              backlog-server-stm Backlog - Server Tooling and Methods (STM) (Inactive)
              kevin.pulo@mongodb.com Kevin Pulo
              0 Vote for this issue
              8 Start watching this issue