[SERVER-51688] mongod accepts yaml configuration file containing duplicate keys Created: 16/Oct/20  Updated: 06/Dec/22  Resolved: 02/Nov/20

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 4.2.9, 4.4.1
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Dennis Kuczynski Assignee: Backlog - Security Team
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Assigned Teams:
Server Security
Operating System: ALL
Steps To Reproduce:
  • Start a mongod standalone with the above yaml conf file
  • Check that the duplicate keys are merged in the getCmdLineOpts output
Participants:

 Description   

A mongod process will start when pointed to a yaml configuration file that contains duplicate keys, for example see the following with duplicate 'net' key:

net:
  bindIp: 0.0.0.0
  maxIncomingConnections: 5000
net:
  port: 4000
processManagement:
  fork: "true"
storage:
  dbPath: /tmp/data/testProcess
systemLog:
  destination: file
  path: /tmp/data/testProcess/mongodb.log

It seems like the duplicate keys are merged:

> db.adminCommand( { getCmdLineOpts: 1  } )
{
	"argv" : [
		"/var/lib/mongodb-mms-automation/mongodb-macos-x86_64-4.4.1/bin/mongod",
		"-f",
		"/tmp/data/testProcess/automation-mongod.conf"
	],
	"parsed" : {
		"config" : "/tmp/data/testProcess/automation-mongod.conf",
		"net" : {
			"bindIp" : "0.0.0.0",
			"maxIncomingConnections" : 5000,
			"port" : 4000
		},
		"processManagement" : {
			"fork" : true
		},
		"storage" : {
			"dbPath" : "/tmp/data/testProcess"
		},
		"systemLog" : {
			"destination" : "file",
			"path" : "/tmp/data/testProcess/mongodb.log"
		}
	},
	"ok" : 1
}

I tested that this behavior occurs with the latest 4.4 and 4.2 releases.

The YAML spec says that all keys should be unique, so I believe specifying such a YAML file should be rejected with an error.

A configuration file using invalid YAML can cause problems with other tooling that parses these YAML files with alternative parsers.



 Comments   
Comment by Sara Williamson [ 02/Nov/20 ]

This behavior comes from our underlying yaml parser and is common to several yaml implementations in the wild. Also, changing this behavior would risk breaking existing configs.

Generated at Thu Feb 08 05:26:09 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.