[SERVER-21334] find command should prohibit $-options Created: 06/Nov/15  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Querying
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: A. Jesse Jiryu Davis Assignee: Backlog - Query Optimization
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Query Optimization
Sprint: QuInt E (01/11/16), Query F (02/01/16)
Participants:

 Description   

It seems to me that this should cause an error, to protect against driver or application bugs:

> db.runCommand({find: 'collection', $orderby: {i: 1}})



 Comments   
Comment by Shane Harvey [ 13/Sep/17 ]

We can no longer prohibit all $-prefixed keys since OP_MSG uses them for global command arguments such as $db and $readPreference. A black list would still be possible.

Comment by A. Jesse Jiryu Davis [ 12/Dec/15 ]

Or we could prohibit all keys beginning with $, no matter what, including $foo and $whatever. You should never have a need to pass those to "find".

The one thing to watch out for is, this is still the right way to do a "find" command with a read preference on mongos:

db.$cmd.findOne({$query: {find: 'collection', filter: {}}, $readPreference: {mode: "secondary}}})

Comment by J Rassi [ 11/Dec/15 ]

I suggest we blacklist $query and the other OP_QUERY dollar-options enumerated in LiteParsedQuery::initFullQuery().

Generated at Thu Feb 08 03:57:02 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.