[SERVER-46608] Ban use of $function in schema validators Created: 04/Mar/20 Updated: 29/Oct/23 Resolved: 25/Mar/20 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 4.4.0-rc0, 4.7.0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | James Wahlin | Assignee: | Svilen Mihaylov (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | qopt-team | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Minor Change | ||||
| Backport Requested: |
v4.4
|
||||
| Sprint: | Query 2020-03-23, Query 2020-04-06 | ||||
| Participants: | |||||
| Description |
|
As part of this we should consider banning $_internalJsEmit as well. |
| Comments |
| Comment by Githook User [ 25/Mar/20 ] |
|
Author: {'email': 'svilen.mihaylov@mongodb.com', 'name': 'Svilen Mihaylov', 'username': 'smihaylov-mongodb'}Message: |
| Comment by Githook User [ 25/Mar/20 ] |
|
Author: {'email': 'svilen.mihaylov@mongodb.com', 'name': 'Svilen Mihaylov', 'username': 'smihaylov-mongodb'}Message: |
| Comment by David Storch [ 05/Mar/20 ] |
|
The justification behind this work is as follows. The implementation of document validation takes advantage of the property that expression validation is typically thread-safe. There is a single instance of the validator attached to the Collection object in the catalog, and write operations can concurrently evaluate this expression. However, evaluation of $function is not currently thread-safe, which is due to the fact that the JS runtime is fundamentally single-threaded. If we want to permit JS execution in validators in the future we could explore a few strategies:
|