[SERVER-54923] Move away from using Bson_serialization_type “any” Created: 03/Mar/21  Updated: 06/Dec/22  Resolved: 20/Jul/21

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Moustafa Maher Assignee: Backlog - Security Team
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-58711 Complete TODO listed in SERVER-54923 Closed
Assigned Teams:
Server Security
Sprint: Security 2021-03-22, Security 2021-04-05, Security 2021-04-19
Participants:

 Description   

Using Bson_serialization_type “any” means that idl compatibility checker script can’t do any type checking, since that logic is in cpp, so we want to disallow this type from parameters/reply fields as a result.

However, lots of commands actually use it for valid reasons.
For now we added some exceptions to allow using Bson_serialization_type “any” in our idl_checker script, these are the lisf of fields that still using Bson_serialization_type “any” that require your attention:

src/mongo/db/auth/sasl_commands.idl

  1. The 'saslStart'' command has parameter 'payload' that has type
  2. 'SaslPayload' 'saslStart' has a reply field 'payload' of type 'SaslPayload' 
  3. The 'saslContinue'' command has parameter 'payload' that has type 'SaslPayload' 
  4. 'saslContinue' has a reply field 'payload' of type 'SaslPayload'

 

Take a look at these fields and try to identify which ones can be converted away from using Bson_serialization_type “any”, and which ones must keep using it.
Here are the two outcomes:
1- if the field can be converted:

  • This change should be done before 5.0 (if the field is "stable") as this will be the realese for API stable Version 1
  • The exception for that field should be removed from idl_checker script (TODO will be added with this ticket number).

2- if the field can't be converted, or the change can't be done before 5.0.

  • The type of that field type should stay of Bson_serialization_type “any” and can't be changed later for any reason unless it is defined as "unstable".
  • We need to put comments on the serialization/deserialization to prevent the behavioral changes (preferably to add tests to ensure that.)


 Comments   
Comment by Githook User [ 28/Jul/21 ]

Author:

{'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}

Message: SERVER-58711 Complete TODO listed in SERVER-54923
Branch: master
https://github.com/mongodb/mongo/commit/746872f07ee5f9ca7090eabf5968a45db19f52b0

Comment by Judah Schvimer [ 20/Jul/21 ]

Closing as this does not seem worth the cost.

Comment by Sara Golemon [ 08/Mar/21 ]

Actually, this limitation in variant support in IDL will make it a little tricky: https://github.com/mongodb/mongo/blob/2a7183bad6b412fe97f464679b2a49eb46b47eec/buildscripts/idl/idl/binder.py#L90

Comment by Sara Golemon [ 08/Mar/21 ]

The two actual types that SaslPayload parses/returns are `string` (base64 encoded string, specifically) and `BinDataGeneral`, so I think we can go with a variant<> here. It'll take a tiny bit of replumbing, but worth it to have more concrete types.

Generated at Thu Feb 08 05:34:53 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.