Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-65033

Invalid currentOp commands are run without validation

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Won't Fix
    • Icon: Minor - P4 Minor - P4
    • None
    • 5.0.6
    • None
    • None

    Description

      It seems that the server is not validating the format of the currentOp command, thus sometimes resolving to an unexpected behaviour for the client.

      The behaviour is easily reproducible using pymongo 4.0.2 and mongo 5.0.6 as follows:

      1. Start a new mongod instance and insert some sample data.

      2. Run the following Python snippet:

      client = MongoClient(uri)
      db = client['admin']
       
      db.command('currentOp')
      

      3. See there are a few operations that ran.

      4. Run the following Python snippet, now with an invalid command format. 

      client = MongoClient(uri)
      db = client['admin']
       
      db.command('currentOp', { 'secs_running': { '$gt': 10 }})
      

      5. It should show similar results to the previous run, even if the $gt filter is ignored (the format of the command is invalid).

      What the server received is an invalid command with the following format

      {currentOp: { 'secs_running': { '$gt': 10 }}}
      

      And the behaviour seems to run the currentOp command without filters.

      Attachments

        Activity

          People

            michael.gargiulo@mongodb.com Michael Gargiulo
            kevin.mas@mongodb.com Kevin Mas Ruiz
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: