[SERVER-57382] _id validation for insert is missing from $set, $setOnInsert in updates - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 5.0.0-rc2, 5.1.0-rc0
Component/s: None
Labels:
- post-rc0

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v5.0
Steps To Reproduce:

Hide

db.coll.drop()

db.coll.update({a: 1}, {$setOnInsert: { _id:
{ $first: 1}
} }, {upsert: true})

(Should fail, but doesn't)

Show
db.coll.drop() db.coll.update({a: 1}, {$setOnInsert: { _id: { $first: 1} } }, {upsert: true}) (Should fail, but doesn't)
Sprint:
Query Optimization 2021-06-14
Linked BF Score:
150

Description

The mitigate pain of dots and dollars project removed validation to allow documents with $-prefixed fields to be inserted. However, validation to prevent _id fields containing documents with $-prefixed fields was kept.

This validation is not present on the update path when an upsert happens, because upserts relied on storage_validation.cpp for validation, whereas insert has separate validation logic to handle this case. This allows documents like {_id: {$foo: 1}} to be inserted via an update with upsert set to true, causing BF-21347

We should ensure that the validation on _id fields which are objects which normally happens when a document is being inserted also happens when a document is being upserted.

Attachments

Activity

People

Assignee:: Alya Berciu

Reporter:: Alya Berciu

Participants:: Alya Berciu, Githook User, Vivian Ge

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: Jun 03 2021 01:09:16 PM UTC

Updated:: Oct 06 2021 07:35:39 PM UTC

Resolved:: Jun 09 2021 10:56:11 AM UTC