Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-59136

Split shell specific logic from "scripting" library

    • Type: Icon: Task Task
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • Labels:
    • Server Security

      The "scripting" library target provides the functionality needed to evaluate JavaScript in the server and the shell. Some functionality in it is specific to the shell, such as that needed to establish outbound server connections. Though controls exist to prevent servers from invoking this logic, this does result in some portions of networking and authentication code being linked into the library, and included in server-side consumers and artifacts.

      We should split the shell specific logic out from the library, and include it into the shell directly.

            backlog-server-security [DO NOT USE] Backlog - Security Team
            spencer.jackson@mongodb.com Spencer Jackson
            0 Vote for this issue
            3 Start watching this issue