[SERVER-41264] Mongocryptd is willing to mark single-valued types for encryption - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: 4.1.11
Fix Version/s: 4.1.12
Component/s: Querying
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Sprint:
Query 2019-06-03

Description

As an example:

MongoDB Enterprise > db.runCommand({insert: "c", documents: [{foo: null}], jsonSchema: {type: "object", properties: {foo: {encrypt: {algorithm: "AEAD_AES_256_CBC_HMAC_SHA_512-Random", keyId: [UUID()]}}}}})

    "hasEncryptionPlaceholders" : true,

    "schemaRequiresEncryption" : true,

    "result" : {

        "insert" : "c",

        "documents" : [

                "foo" : BinData(6,"ACgAAAAQYQACAAAABWtpABAAAAAEZmnmqwnBSdWUoZ2vHYphTwp2AAA=")

],

        "lsid" : {

            "id" : UUID("b9389483-7de4-44b8-a832-e4e264e5c1bc")

},

    "ok" : 1

This should be illegal, since the client-side encryption system should not permit either random or deterministic encryption of null, undefined, minKey, and maxKey per ~~SERVER-40516~~.

The flaw is that we make these checks when analyzing the JSON schema, but not when we're actually producing intent-to-encrypt markings. The same validity checks need to be made in both places.

Attachments

Issue Links

is related to

SERVER-40516 Ban single-valued BSON types in FLE

Closed

Activity

People

Assignee:: David Storch

Reporter:: David Storch

Participants:: David Storch, Githook User

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: May 21 2019 09:07:47 PM UTC

Updated:: May 25 2019 03:46:38 AM UTC

Resolved:: May 23 2019 06:09:58 PM UTC