Details
Description
As an example:
MongoDB Enterprise > db.runCommand({insert: "c", documents: [{foo: null}], jsonSchema: {type: "object", properties: {foo: {encrypt: {algorithm: "AEAD_AES_256_CBC_HMAC_SHA_512-Random", keyId: [UUID()]}}}}})
|
{
|
"hasEncryptionPlaceholders" : true,
|
"schemaRequiresEncryption" : true,
|
"result" : {
|
"insert" : "c",
|
"documents" : [
|
{
|
"foo" : BinData(6,"ACgAAAAQYQACAAAABWtpABAAAAAEZmnmqwnBSdWUoZ2vHYphTwp2AAA=")
|
}
|
],
|
"lsid" : {
|
"id" : UUID("b9389483-7de4-44b8-a832-e4e264e5c1bc")
|
}
|
},
|
"ok" : 1
|
}
|
This should be illegal, since the client-side encryption system should not permit either random or deterministic encryption of null, undefined, minKey, and maxKey per SERVER-40516.
The flaw is that we make these checks when analyzing the JSON schema, but not when we're actually producing intent-to-encrypt markings. The same validity checks need to be made in both places.
Attachments
Issue Links
- is related to
-
SERVER-40516 Ban single-valued BSON types in FLE
-
- Closed
-