[SERVER-6863] REST interface does not filter some invalid non-UTF8 strings Created: 27/Aug/12  Updated: 08/Jan/24  Resolved: 07/Jul/17

Status: Closed
Project: Core Server
Component/s: HTTP Console, Security
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Stennie Steneker (Inactive) Assignee: DO NOT USE - Backlog - Platform Team
Resolution: Done Votes: 2
Labels: platforms-re-triaged, triage
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
Operating System: ALL
Participants:

 Description   

The REST interface does not properly filter invalid UTF-8, eg:

wget -q "http://localhost:28017/%3Cscript%3E%80%3C/script%3E"

This has the side effect of causing some errors in the `mongo` shell when trying to show dbs:

> db.adminCommand('listDatabases')
Mon Aug 27 00:47:49 decode failed. probably invalid utf-8 string [<script>?<]
Mon Aug 27 00:47:49 	 why: TypeError: malformed UTF-8 character sequence at offset 8
Mon Aug 27 00:47:49 Error: invalid utf8 shell/utils.js:926

The errors appear to persist in the shell until `mongod` is restarted.

Other tools such as `mongodump` do not appear to be affected.


Generated at Thu Feb 08 03:12:56 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.