[SERVER-57382] _id validation for insert is missing from $set, $setOnInsert in updates Created: 03/Jun/21  Updated: 29/Oct/23  Resolved: 09/Jun/21

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 5.0.0-rc2, 5.1.0-rc0

Type: Bug Priority: Major - P3
Reporter: Alya Berciu Assignee: Alya Berciu
Resolution: Fixed Votes: 0
Labels: post-rc0
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Related
is related to SERVER-75517 illegal format of `_id` possible via ... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v5.0
Steps To Reproduce:

db.coll.drop()

db.coll.update({a: 1}, {$setOnInsert: { _id:

{ $first: 1}

} }, {upsert: true})

(Should fail, but doesn't)

Sprint: Query Optimization 2021-06-14
Participants:
Linked BF Score: 150

 Description   

The mitigate pain of dots and dollars project removed validation to allow documents with $-prefixed fields to be inserted. However, validation to prevent _id fields containing documents with $-prefixed fields was kept.

This validation is not present on the update path when an upsert happens, because upserts relied on storage_validation.cpp for validation, whereas insert has separate validation logic to handle this case. This allows documents like {_id: {$foo: 1}} to be inserted via an update with upsert set to true, causing BF-21347

We should ensure that the validation on _id fields which are objects which normally happens when a document is being inserted also happens when a document is being upserted.

 



 Comments   
Comment by Vivian Ge (Inactive) [ 06/Oct/21 ]

Updating the fixversion since branching activities occurred yesterday. This ticket will be in rc0 when it’s been triggered. For more active release information, please keep an eye on #server-release. Thank you!

Comment by Githook User [ 09/Jun/21 ]

Author:

{'name': 'Alya Berciu', 'email': 'alyacarina@gmail.com', 'username': 'alyacb'}

Message: SERVER-57382 Add _id $-prefix validation to storage validation
Branch: v5.0
https://github.com/mongodb/mongo/commit/0605e9dc4ade820c2735c1c62e10ef4868faaadf

Comment by Githook User [ 09/Jun/21 ]

Author:

{'name': 'Alya Berciu', 'email': 'alyacarina@gmail.com', 'username': 'alyacb'}

Message: SERVER-57382 Add _id $-prefix validation to storage validation
Branch: master
https://github.com/mongodb/mongo/commit/a11aba2bf9f18a8e73a23099519ad45a2939d238

Generated at Thu Feb 08 05:41:42 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.