diff options
| author | Shreyas Kalyan <shreyas.kalyan@10gen.com> | 2019-06-25 13:52:34 -0700 |
|---|---|---|
| committer | Shreyas Kalyan <shreyas.kalyan@10gen.com> | 2019-07-12 13:34:34 -0400 |
| commit | 59801f9ec2ab77636f90c00fc8465d3d0081fe58 (patch) | |
| tree | 90898a335b07f9f78e530fb8746e75749bd13be7 | |
| parent | 6bc61c560adaee1f2f5cc8086216f4e13ed5597b (diff) | |
| download | mongo-59801f9ec2ab77636f90c00fc8465d3d0081fe58.tar.gz | |
SERVER-41919 Disallow specific types for explicit encryption
| -rw-r--r-- | jstests/client_encrypt/fle_encrypt_decrypt_shell.js | 10 | ||||
| -rw-r--r-- | src/mongo/shell/encrypted_dbclient_base.cpp | 7 |
2 files changed, 15 insertions, 2 deletions
diff --git a/jstests/client_encrypt/fle_encrypt_decrypt_shell.js b/jstests/client_encrypt/fle_encrypt_decrypt_shell.js index 368134bf152..71fedecb283 100644 --- a/jstests/client_encrypt/fle_encrypt_decrypt_shell.js +++ b/jstests/client_encrypt/fle_encrypt_decrypt_shell.js @@ -50,7 +50,12 @@ load('jstests/ssl/libs/ssl_helpers.js'); UUID(), ISODate(), new Date('December 17, 1995 03:24:00'), - BinData(2, '1234'), + BinData(0, '1234'), + BinData(1, '1234'), + BinData(3, '1234'), + BinData(4, '1234'), + BinData(5, '1234'), + BinData(6, '1234'), new Timestamp(1, 2), new ObjectId(), new DBPointer("mongo", new ObjectId()), @@ -67,7 +72,8 @@ load('jstests/ssl/libs/ssl_helpers.js'); Code("function() { return true; }") ]; - const failTestCases = [null, undefined, MinKey(), MaxKey(), DBRef("test", "test", "test")]; + const failTestCases = + [null, undefined, MinKey(), MaxKey(), DBRef("test", "test", "test"), BinData(2, '1234')]; const shell = Mongo(conn.host, clientSideFLEOptions); const keyVault = shell.getKeyVault(); diff --git a/src/mongo/shell/encrypted_dbclient_base.cpp b/src/mongo/shell/encrypted_dbclient_base.cpp index 20e87ab6d1e..1ee17b622b1 100644 --- a/src/mongo/shell/encrypted_dbclient_base.cpp +++ b/src/mongo/shell/encrypted_dbclient_base.cpp @@ -269,6 +269,13 @@ void EncryptedDBClientBase::encrypt(mozjs::MozJSImplScope* scope, scope->getProto<mozjs::DBRefInfo>().getJSClass() == jsclass) { uasserted(ErrorCodes::BadValue, "Second parameter cannot be MinKey, MaxKey, or DBRef"); } else { + if (scope->getProto<mozjs::BinDataInfo>().getJSClass() == jsclass) { + mozjs::ObjectWrapper o(cx, args.get(1)); + auto binType = BinDataType(o.getNumberInt(mozjs::InternedString::type)); + uassert(ErrorCodes::BadValue, + "Cannot encrypt BinData subtype 2.", + binType != BinDataType::ByteArrayDeprecated); + } if (scope->getProto<mozjs::NumberDecimalInfo>().getJSClass() == jsclass) { uassert(ErrorCodes::BadValue, "Cannot deterministically encrypt NumberDecimal type objects.", |