[CDRIVER-2824] Client metadata is invalid JSON Created: 12/Sep/18 Updated: 27/Oct/23 Resolved: 13/Sep/18 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Matt Broadstone | Assignee: | A. Jesse Jiryu Davis |
| Resolution: | Works as Designed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Description |
|
It appears that libmongoc does no sanitization of (at least) the platform field when building client metadata. A log of the swift driver connecting to mongod reveals the following invalid JSON:
|
| Comments |
| Comment by A. Jesse Jiryu Davis [ 13/Sep/18 ] |
|
Including BSON string values that have quotes in them is perfectly valid driver behavior; the best fix for this is if the server properly escapes JSON strings it dumps to the logs. |
| Comment by Jeffrey Yemin [ 12/Sep/18 ] |
|
Linked to The C driver could work around this by not including double quotes in BSON strings in client metadata, but the root cause is the server logs, I suspect. |
| Comment by Jeremy Mikola [ 12/Sep/18 ] |
|
Handshake data is provided in BSON (see: spec), so is it the responsibility of libmongoc (or any driver) to escape characters in fields? I wonder if this is instead an issue the tools parsing this data on the server side. AFAIK, this data isn't stored in any server collection and gets dumped to log files. I'm not sure if it's accessible by other means, but if the tools reading it are scraping it from mongod logs, then perhaps the server needs to escape it to ensure it only prints well-formed JSON to its logs. |