[SERVER-59568] Shell's EncryptedDBClientBase class breaks encapsulation of the scripting engine Created: 24/Aug/21 Updated: 06/Dec/22 |
|
| Status: | Backlog |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Andrew Morrow (Inactive) | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Assigned Teams: |
Server Security
|
| Participants: |
| Description |
|
Use of JS scripting facilities is intended to be made via the interfaces in src/mongo/scripting, insulating clients from details of the particular scripting engine in use. However, the shell's EncryptedDBClientBase class bypasses this interface and reaches directly down to the MozJS specific scripting implementations. This should be revisited so that the shell is not tied to details of the particular scripting provider. |