-
Type: Bug
-
Resolution: Unresolved
-
Priority: Minor - P4
-
None
-
Affects Version/s: None
-
Component/s: Query Language
-
Query Optimization
-
ALL
Adding a $eq should not have an impact on the meaning of the query, and generally it does not. {a: 4} is the same query as {a: {$eq: 4}}. Regexes are the exception to this, where {a: /regex/} will match either a stored regex type which is identical or a string which matches the regex. {a: {$eq: /regex/}} will only match stored regexes. This makes it harder to generally reason about the language. It makes it harder to write generic query analysis, parsing, or transformations - leading to special cases such as this one in $lookup.
This also complicates recommendations for avoiding "MQL injections" by adding an explicit $eq to your application's generated queries. An "MQL injection" might happen if your application issues a query {field: <value selected by user>} and a malicious user inputs a value like {$gt: 4} instead of an expected constant. Using an explicit $eq would prevent the user from being able to change the query.
- is related to
-
SERVER-55639 $in with regex has special meaning
- Backlog
-
SERVER-10840 injection is too easy with agg framework syntax
- Backlog
-
SERVER-34012 Planner's logic for taking union of index bounds intervals is slow for large $or queries
- Closed