[SERVER-4122] Validate database and collection names on the server before creating them Created: 21/Oct/11 Updated: 15/Aug/12 Resolved: 21/Feb/12 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Storage |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Chris Westin | Assignee: | Randolph Tan |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||
| Operating System: | ALL | ||||||||||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||||||||||
| Description |
|
This is a call to prevent the creation of databases or collections with illegal names. During a recent training, some of the trainees ran into a problem when we were doing backups using mongodump. mongodump stopped, giving an error message because it couldn't dump a database named "*". "show dbs" in the shell confirmed that there was indeed a database named "*". (But attempting to use it failed because that led to a "..." continuation prompt.) But only a few people were affected, so this doesn't appear to be systemic. It seems likely that this was created accidentally as a result of some earlier mistyped command, possibly an attempt to use a wild card incorrectly. In some contexts, this name worked, and in others it didn't, leading me to believe we're not validating these on the server, but are instead relying on client parsers to keep them out, but apparently not always successfully. |
| Comments |
| Comment by Randolph Tan [ 21/Feb/12 ] | |||||||||||||||||
|
The fix on A related ticket ( | |||||||||||||||||
| Comment by Ben Becker [ 27/Jan/12 ] | |||||||||||||||||
|
I'm able to reproduce this from master on OSX by running 'mongodump -d *'. It seems to create a database named after the first file (or folder) in my cwd (in this case, the 'dump' folder):
mongodump is doing something with the -d argument that creates a db named after the first file in cwd, and when I run the command again without the -d argument, it creates a folder named '*' and 'dump'. When we saw this on Windows (primarily with cygwin), mongodump would fail while trying to create the directory named '*'. Will dig deeper as time permits. | |||||||||||||||||
| Comment by Chris Westin [ 19/Jan/12 ] | |||||||||||||||||
|
I'm now seeing this again on 2.0.2. But it looks more like | |||||||||||||||||
| Comment by Doug Donohoe [ 29/Nov/11 ] | |||||||||||||||||
|
Can somebody take a look at | |||||||||||||||||
| Comment by Tony Hannan [ 04/Nov/11 ] | |||||||||||||||||
|
I chose to keep allowing special chars such as * in db name for backwards compatibility. So I fixed mongodump and the shell to work with them. | |||||||||||||||||
| Comment by auto [ 04/Nov/11 ] | |||||||||||||||||
|
Author: {u'login': u'TonyGen', u'name': u'Tony Hannan', u'email': u'tony@10gen.com'}Message: | |||||||||||||||||
| Comment by Chris Westin [ 03/Nov/11 ] | |||||||||||||||||
|
If you want to go about it that way, it's not just the shell. The original problem was spotted because mongodump died when it got to a db named "*". It seems odd to disallow the chars above instead of simply requiring the db (and collection) names to be the usual programming language variable form: [a-zA-Z_][a-zA-Z0-9_]* That's pretty safe for anything. In C/C++, that's pretty easy to detect by using macros from ctype.h, usually isalpha() and isalnum(). | |||||||||||||||||
| Comment by Tony Hannan [ 03/Nov/11 ] | |||||||||||||||||
|
Currently, '/', '\', '.', ' ', and '"' are disallowed in db names (see Database::validDBName). Do we want to add '*' to that list, or do we want to make the shell work when the user types use *. Currently db.getSiblingDB("*").foo.find() works in the shell. | |||||||||||||||||
| Comment by Chris Westin [ 03/Nov/11 ] | |||||||||||||||||
|
Jira is making everything bold between two asterisks up there. The db name wasn't empty, it was an asterisk. | |||||||||||||||||
| Comment by Chris Westin [ 03/Nov/11 ] | |||||||||||||||||
|
I don't know. But I got one named "*" (a single asterisk). It looks like jira markup might be turning that into something else. | |||||||||||||||||
| Comment by Tony Hannan [ 03/Nov/11 ] | |||||||||||||||||
|
Do you know how a db with empty name was created? I get error 13075 "db name can't be empty" when I try to insert into a db named "". |