diff options
| author | samontea <merciers.merciers@gmail.com> | 2020-12-17 03:27:34 +0000 |
|---|---|---|
| committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-12-23 18:31:03 +0000 |
| commit | 11ba9fe9ff8140ceaed147f70a7524bde67e47ec (patch) | |
| tree | 439a9a291cf87aef395245f78602bde9fbdc5b6e /src/mongo/db/initialize_api_parameters.cpp | |
| parent | 9bb0493128738041cec5addb1179cf13784eac04 (diff) | |
| download | mongo-11ba9fe9ff8140ceaed147f70a7524bde67e47ec.tar.gz | |
SERVER-51615 Disallow writes to system.js collection with apiStrict:true
Diffstat (limited to 'src/mongo/db/initialize_api_parameters.cpp')
| -rw-r--r-- | src/mongo/db/initialize_api_parameters.cpp | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/mongo/db/initialize_api_parameters.cpp b/src/mongo/db/initialize_api_parameters.cpp index 1c4ec3c1009..d480e3acf2b 100644 --- a/src/mongo/db/initialize_api_parameters.cpp +++ b/src/mongo/db/initialize_api_parameters.cpp @@ -75,6 +75,14 @@ const APIParametersFromClient initializeAPIParameters(const BSONObj& requestBody str::stream() << "Provided apiStrict:true, but the command " << command->getName() << " is not in API Version " << apiVersionFromClient, strictAssert); + bool strictDoesntWriteToSystemJS = + !(command->getReadWriteType() == BasicCommand::ReadWriteType::kWrite && + requestBody.firstElementType() == BSONType::String && + requestBody.firstElement().String() == "system.js"); + uassert(ErrorCodes::APIStrictError, + str::stream() << "Provided apiStrict:true, but the command " << command->getName() + << " attempts to write to system.js", + strictDoesntWriteToSystemJS); } if (apiParamsFromClient.getApiDeprecationErrors().get_value_or(false)) { |