Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-70134

Upsert fails if exactly one tag exists for the QE encrypted value in the query

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 6.3.0-rc0
    • Affects Version/s: None
    • Component/s: Queryable Encryption
    • None
    • Fully Compatible
    • v6.2, v6.1, v6.0
    • Hide 
      const kms = { key: BinData(0, "/tu9jUCBqZdwCelwE/EAm/4WqdxrSMi04B8e9uAV+m30rI1J2nhKZZtQjdvsSCwuI4erR6IEcEK+5eGUAODv43NDNIR9QheT2edWFewUfHKsl9cnzTc86meIzOmYl6dr")};
 
var testdb = db.getSiblingDB("testdb");
testdb.dropDatabase();
 
const csfleOpts = {
    kmsProviders: {
        local: kms,
    },
    keyVaultNamespace: "testdb.keystore",
    schemaMap: {},
};
 
var shell = Mongo(db.getMongo().host.toString(), csfleOpts);
var kv = shell.getKeyVault();
 
const schema = {
    "fields": [
        {
            "path": "foo",
            "keyId": kv.createKey("local", "ignored"),
            "bsonType": "string",
            "queries": {"queryType": "equality"}
        },
    ]
};
 
var edb = shell.getDB("testdb");
edb.createCollection("testcoll", {encryptedFields: schema});
 
var ecoll = edb.getCollection("testcoll");
ecoll.createIndex({__safeContent__: 1});
 
ecoll.insertOne({foo: "foovalue"});
 
ecoll.updateOne(
	{ $and: [{foo: "foovalue"}, {bar: "barvalue"}]},
	{ $set: { foo: "other_foovalue", bar: "other_barvalue" } },
	{ upsert: true }
)
      Show
      const kms = { key: BinData(0, "/tu9jUCBqZdwCelwE/EAm/4WqdxrSMi04B8e9uAV+m30rI1J2nhKZZtQjdvsSCwuI4erR6IEcEK+5eGUAODv43NDNIR9QheT2edWFewUfHKsl9cnzTc86meIzOmYl6dr" )}; var testdb = db.getSiblingDB( "testdb" ); testdb.dropDatabase(); const csfleOpts = { kmsProviders: { local: kms, }, keyVaultNamespace: "testdb.keystore" , schemaMap: {}, }; var shell = Mongo(db.getMongo().host.toString(), csfleOpts); var kv = shell.getKeyVault(); const schema = { "fields" : [ { "path" : "foo" , "keyId" : kv.createKey( "local" , "ignored" ), "bsonType" : "string" , "queries" : { "queryType" : "equality" } }, ] }; var edb = shell.getDB( "testdb" ); edb.createCollection( "testcoll" , {encryptedFields: schema}); var ecoll = edb.getCollection( "testcoll" ); ecoll.createIndex({__safeContent__: 1}); ecoll.insertOne({foo: "foovalue" }); ecoll.updateOne( { $ and : [{foo: "foovalue" }, {bar: "barvalue" }]}, { $set: { foo: "other_foovalue" , bar: "other_barvalue" } }, { upsert: true } )
    • QO 2022-12-12, Security 2022-11-28
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None

      Suppose foo is a QE equality indexed field, bar is a unencrypted field, and testcoll is an encrypted collection containing a single document: {foo: "foovalue"}.

      Running this command with upsert:

      db.testcoll.updateOne(
	{ $and: [{foo: "foovalue"}, {bar: "barvalue"}]},
	{ $set: { foo: "other_foovalue", bar: "other_barvalue" } },
	{ upsert: true }
)

      fails with the error message: Plan executor error during findAndModify :: caused by :: The field '_safeContent_' must be an array but is of type binData in document {no id}

            Assignee:
            davis.haupt@mongodb.com Davis Haupt (Inactive)
            Reporter:
            erwin.pe@mongodb.com Erwin Pe
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: