[CDRIVER-4658] Replace operations may inadvertently execute update pipelines Created: 08/Jun/23 Updated: 12/Jun/23 |
|
| Status: | Backlog |
| Project: | C Driver |
| Component/s: | CRUD |
| Affects Version/s: | 1.15.0 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | Jeremy Mikola | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Description |
SummaryI discovered this while investigating a similar issue in
Furthermore, when libmongoc appends the update/replacement/pipeline parameter on the wire, it decides to use a BSON array or document type based on _mongoc_document_is_pipeline (see: _mongoc_write_command_update_append). This makes it possible for a replace operation to inadvertently execute an update pipeline, as demonstrated in kevinAlbs/c-bootstrap. The findAndModify helper does something similar in mongoc_collection_find_and_modify_with_opts, but it's seemingly less of a problem there since libmongoc doesn't implement the CRUD API – so there's no notion of findOneAndUpdate or findOneAndReplace. Environmentlibmongoc 1.23.5, although reproducible in versions since 1.15 (when How to ReproduceSee: https://github.com/kevinAlbs/c-bootstrap/blob/master/investigations/PHPLIB-1129/main.c |