[SERVER-70355] [FLE2] Empty encrypted range predicate returns all documents Created: 07/Oct/22  Updated: 29/Oct/23  Resolved: 21/Oct/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Gil Alon Assignee: Ted Tuckman
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: QO 2022-10-31
Participants:

 Description   

coll.find({age: {$gt: NumberInt(30), $lt: NumberInt(18)}}) 

This query in the collection below returned the entire collection. 

const docs = [
    {_id: 0, age: NumberInt(20)},
    {_id: 1, age: NumberInt(45)},
    {_id: 2, age: NumberInt(56)},
    {_id: 3, age: NumberInt(16)}
]; 

However, this tassert statement should have thrown an error. 

 



 Comments   
Comment by Githook User [ 21/Oct/22 ]

Author:

{'name': 'Ted Tuckman', 'email': 'ted.tuckman@mongodb.com', 'username': 'TedTuckman'}

Message: SERVER-70355 Fix find query analysis to not produce empty query for non-intersecting intervals
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/151f71bf135164e74a8e5cb347fe2e77a840c7f6

Comment by Gil Alon [ 10/Oct/22 ]

Notes after talking to Davis. In the enterprise module FLEMatchExpression::processRangesInAndClause the last for loop is never entered. The IndexBoundsBuilder code never creates an interval since no interval can be created by the given values. Therefore the nodes are deleted without ever being added again.

Comment by Gil Alon [ 10/Oct/22 ]

Here are some initial thoughts after investigating the bug: 

  1. In crypto::FLEClientCrypto::transformPlaceholders() the BSONobj that represents the query has an empty filter ({}). So the entire collection is returned since there is no filter in the find query. This function is called in the enterprise module file fle::shell::ImplicitEncryptedDbClient:preprocessRequest()
  2. In the enterprise modules in fle::shell::implicitEncryptedDbClient::handleEncryptionRequest(). The filter saved under schemaInfo is changed to {} after the call to runQueryAnalysis. 
Generated at Thu Feb 08 06:15:57 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.