diff options
| author | Tad Marshall <tad@10gen.com> | 2013-03-10 13:34:11 -0400 |
|---|---|---|
| committer | Tad Marshall <tad@10gen.com> | 2013-03-11 14:41:44 -0400 |
| commit | c40533e151407c0cc48cc0d514ec6fa2d600d374 (patch) | |
| tree | ba69d3ac7529c894f4183c4a91b6e13f4469c024 /src/mongo/shell/mongo.js | |
| parent | 9f5ab59f81a1c61b78fda2037302999bbd7dda0c (diff) | |
| download | mongo-c40533e151407c0cc48cc0d514ec6fa2d600d374.tar.gz | |
SERVER-8030 Validate connection string in JavaScript connect() function
Validate that the "URL" passed to the connect() function matches one of the
accepted formats (host:port/database, host/database or database) before trying
to use it to connect to a server. Change a uassert in HostAndPort::init() to
an massert to match the massert four lines above it. Add jstest for connect()
validation.
Diffstat (limited to 'src/mongo/shell/mongo.js')
| -rw-r--r-- | src/mongo/shell/mongo.js | 64 |
1 files changed, 48 insertions, 16 deletions
diff --git a/src/mongo/shell/mongo.js b/src/mongo/shell/mongo.js index e4786a7cc17..2f3667f53f3 100644 --- a/src/mongo/shell/mongo.js +++ b/src/mongo/shell/mongo.js @@ -98,26 +98,58 @@ Mongo.prototype.getReadPrefTagSet = function () { return this._readPrefTagSet; }; -connect = function( url , user , pass ){ - chatty( "connecting to: " + url ) - - if ( user && ! pass ) - throw "you specified a user and not a password. either you need a password, or you're using the old connect api"; +connect = function(url, user, pass) { + if (user && !pass) + throw Error("you specified a user and not a password. " + + "either you need a password, or you're using the old connect api"); + + // Validate connection string "url" as "hostName:portNumber/databaseName" + // or "hostName/databaseName" + // or "databaseName" + // hostName may be an IPv6 address (with colons), in which case ":portNumber" is required + // + var urlType = typeof url; + if (urlType == "undefined") { + throw Error("Missing connection string"); + } + if (urlType != "string") { + throw Error("Incorrect type \"" + urlType + + "\" for connection string \"" + tojson(url) + "\""); + } + url = url.trim(); + if (0 == url.length) { + throw Error("Empty connection string"); + } + var colon = url.lastIndexOf(":"); + var slash = url.lastIndexOf("/"); + if (0 == colon || 0 == slash) { + throw Error("Missing host name in connection string \"" + url + "\""); + } + if (colon == slash - 1 || colon == url.length - 1) { + throw Error("Missing port number in connection string \"" + url + "\""); + } + if (colon != -1 && colon < slash) { + var portNumber = url.substring(colon + 1, slash); + if (portNumber.length > 5 || !/^\d*$/.test(portNumber) || parseInt(portNumber) > 65535) { + throw Error("Invalid port number \"" + portNumber + + "\" in connection string \"" + url + "\""); + } + } + if (slash == url.length - 1) { + throw Error("Missing database name in connection string \"" + url + "\""); + } - var idx = url.lastIndexOf( "/" ); - + chatty("connecting to: " + url) var db; - - if ( idx < 0 ) - db = new Mongo().getDB( url ); + if (slash == -1) + db = new Mongo().getDB(url); else - db = new Mongo( url.substring( 0 , idx ) ).getDB( url.substring( idx + 1 ) ); - - if ( user && pass ){ - if ( ! db.auth( user , pass ) ){ - throw "couldn't login"; + db = new Mongo(url.substring(0, slash)).getDB(url.substring(slash + 1)); + + if (user && pass) { + if (!db.auth(user, pass)) { + throw Error("couldn't login"); } } - return db; } |