[SERVER-34117] mongodb+srv uri_tests require working name resolution Created: 23/Mar/18  Updated: 06/Dec/22  Resolved: 03/Dec/21

Status: Closed
Project: Core Server
Component/s: Security, Shell
Affects Version/s: 3.6.3
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Dimitri John Ledkov Assignee: Backlog - Server Tooling and Methods (STM) (Inactive)
Resolution: Won't Fix Votes: 0
Labels: move-stm
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Server Tooling & Methods
Operating System: ALL
Steps To Reproduce:

$ sudo mv /etc/resolv.conf /etc/resolv.conf.back
$ ./build/opt/mongo/client/mongo_uri_test
...
[cpp_unit_test:mongo_uri_test] 2018-03-23T22:05:45.253+0000 2018-03-23T22:05:45.239+0000 I -        [main] 	 going to run test: srvRecordTest
[cpp_unit_test:mongo_uri_test] 2018-03-23T22:05:45.254+0000 2018-03-23T22:05:45.242+0000 E -        [main] Throwing exception: Expected ::mongo::Status::OK() == (rs.getStatus()) (OK  == DNSHostNotFound Failed to look up service "_mongodb._tcp.test1.test.build.10gen.cc": Success) @src/mongo/client/mongo_uri_test.cpp:779
[cpp_unit_test:mongo_uri_test] 2018-03-23T22:05:45.254+0000 2018-03-23T22:05:45.243+0000 I -        [main] FAIL: srvRecordTest	Expected ::mongo::Status::OK() == (rs.getStatus()) (OK  == DNSHostNotFound Failed to look up service "_mongodb._tcp.test1.test.build.10gen.cc": Success) @src/mongo/client/mongo_uri_test.cpp:779
[cpp_unit_test:mongo_uri_test] 2018-03-23T22:05:45.254+0000 2018-03-23T22:05:45.243+0000 I -        [main] 	 DONE running tests
[cpp_unit_test:mongo_uri_test] 2018-03-23T22:05:45.254+0000 2018-03-23T22:05:45.243+0000 I -        [main] **************************************************
[cpp_unit_test:mongo_uri_test] 2018-03-23T22:05:45.254+0000 2018-03-23T22:05:45.243+0000 I -        [main] MongoURI                       | tests:    6 | fails:    1 | assert calls:          0 | time secs:  0.025
[cpp_unit_test:mongo_uri_test] 2018-03-23T22:05:45.255+0000 	srvRecordTest	Expected ::mongo::Status::OK() == (rs.getStatus()) (OK  == DNSHostNotFound Failed to look up service "_mongodb._tcp.test1.test.build.10gen.cc": Success) @src/mongo/client/mongo_uri_test.cpp:779
[cpp_unit_test:mongo_uri_test] 2018-03-23T22:05:45.255+0000 2018-03-23T22:05:45.243+0000 I -        [main] TOTALS                         | tests:    6 | fails:    1 | assert calls:          0 | time secs:  0.025
[cpp_unit_test:mongo_uri_test] 2018-03-23T22:05:45.255+0000 2018-03-23T22:05:45.243+0000 I -        [main] Failing tests:
[cpp_unit_test:mongo_uri_test] 2018-03-23T22:05:45.255+0000 2018-03-23T22:05:45.243+0000 I -        [main] 	 MongoURI/srvRecordTest Failed
[cpp_unit_test:mongo_uri_test] 2018-03-23T22:05:45.255+0000 2018-03-23T22:05:45.243+0000 I -        [main] FAILURE - 1 tests in 1 suites failed
[executor:cpp_unit_test:job0] 2018-03-23T22:05:45.256+0000 mongo_uri_test ran in 0.08 seconds.

Participants:

 Description   

mongo_uri_test.cpp fails on systems without DNS resolvers.
Specifically the valid URLs starting with `mongodb+srv://` test cases result in calling `dns::lookupSRVRecords("_mongodb._tcp." + canonicalHost)` which bombs out, on systems with (intentionally) broken DNS.

It would be nice if that call is somehow mocked, or stubbed out, or some test responses are provided, to exercise tests on "offline" machines.

ps. Long story short, DNS resolution is disabled on Ubuntu builders.

pss. Longer story: I was told that Kees Cook asserted that it is a security vulnerability to James Troup, when I guess work was being done to create Launchpad PPAs, which would run untrusted code builds. James Troup asked for a proof of concept, and Kees Cook established two-way communication and got a shell up inside the builder over DNS queries to his nameserver. Ever since then DNS resolution was disabled on the Ubuntu builders. I don't know if this is true or not, but that's what I've been told.

In the meantime, I will disable the expected success mongodb+srv:// test cases from the build.



 Comments   
Comment by Brooke Miller [ 03/Dec/21 ]

We've deprecated the mongo shell in favor of the new mongosh. Unfortunately, we aren't able to pursue improvements to the deprecated shell except in extreme cases, such as critical security fixes. Please start making use of mongosh and let us know if it works for you in this case.

Generated at Thu Feb 08 04:35:37 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.