SERVER-18167 handle BSON Validation in OP_COMMAND

10 files changed, 202 insertions, 58 deletions

diff --git a/src/mongo/base/data_type_validated_test.cpp b/src/mongo/base/data_type_validated_test.cpp
index 4eb2c5c9d16..2a42fe40c12 100644
--- a/src/mongo/base/data_type_validated_test.cpp
+++ b/src/mongo/base/data_type_validated_test.cpp
@@ -97,36 +97,4 @@ namespace {
         }
     }
 
-    TEST(DataTypeValidated, BSONValidation) {
-
-        using std::begin;
-
-        BSONObj valid = BSON("foo" << "bar");
-        char buf[1024] = { 0 };
-        std::copy(valid.objdata(), valid.objdata() + valid.objsize(), begin(buf));
-
-        {
-            Validated<BSONObj> v;
-            ConstDataRangeCursor cdrc(begin(buf), end(buf));
-            ASSERT_OK(cdrc.readAndAdvance(&v));
-        }
-
-        {
-            // mess up the data
-            DataRangeCursor drc(begin(buf), end(buf));
-            auto maxIntLE = LittleEndian<int>(std::numeric_limits<int>::max());
-
-            drc.writeAndAdvance(maxIntLE);
-            drc.writeAndAdvance(maxIntLE);
-            drc.writeAndAdvance(maxIntLE);
-            drc.writeAndAdvance(maxIntLE);
-        }
-
-        {
-            Validated<BSONObj> v;
-            ConstDataRangeCursor cdrc(begin(buf), end(buf));
-            ASSERT_NOT_OK(cdrc.readAndAdvance(&v));
-        }
-    }
-
 }  // namespace
diff --git a/src/mongo/bson/bson_validate.cpp b/src/mongo/bson/bson_validate.cpp
index cc1f43ef1f5..428447d989a 100644
--- a/src/mongo/bson/bson_validate.cpp
+++ b/src/mongo/bson/bson_validate.cpp
@@ -383,12 +383,4 @@ namespace mongo {
         return validateBSONIterative( &buf );
     }
 
-    Status Validator<BSONObj>::validateLoad(const char* ptr, size_t length) {
-        return validateBSON(ptr, length);
-    }
-
-    Status Validator<BSONObj>::validateStore(const BSONObj& toStore) {
-        return Status::OK();
-    }
-
 }  // namespace mongo
diff --git a/src/mongo/bson/bson_validate.h b/src/mongo/bson/bson_validate.h
index abf48c4e882..f9b6d557da1 100644
--- a/src/mongo/bson/bson_validate.h
+++ b/src/mongo/bson/bson_validate.h
@@ -29,7 +29,6 @@
 
 #pragma once
 
-#include "mongo/base/data_type_validated.h"
 #include "mongo/base/string_data.h"
 #include "mongo/bson/bsontypes.h"
 #include "mongo/platform/cstdint.h"
@@ -45,9 +44,4 @@ namespace mongo {
      */
     Status validateBSON( const char* buf, uint64_t maxLength );
 
-    template<> struct Validator<BSONObj> {
-        static Status validateLoad(const char* ptr, size_t length);
-        static Status validateStore(const BSONObj& toStore);
-    };
-
 }  // namespace mongo
diff --git a/src/mongo/rpc/SConscript b/src/mongo/rpc/SConscript
index b976ad2643d..d70a0f7d194 100644
--- a/src/mongo/rpc/SConscript
+++ b/src/mongo/rpc/SConscript
@@ -39,6 +39,7 @@ env.Library(
     ],
     source=[
         'factory.cpp',
+        'object_check.cpp',
     ],
     LIBDEPS=[
         'command_reply',
@@ -142,15 +143,15 @@ env.CppUnitTest(
         'rpc_test',
     ],
     source=[
-        'command_reply_builder_test.cpp',
         'command_reply_test.cpp',
         'command_request_builder_test.cpp',
         'command_request_test.cpp',
+        'object_check_test.cpp',
         'protocol_test.cpp',
+        'command_reply_builder_test.cpp',
     ],
     LIBDEPS=[
-        'command_request',
-        'command_reply',
-        'protocol',
+        'rpc',
+        '$BUILD_DIR/mongo/client/clientdriver'
     ],
 )
diff --git a/src/mongo/rpc/command_reply.cpp b/src/mongo/rpc/command_reply.cpp
index 7782b3b4997..dc8e22d8b89 100644
--- a/src/mongo/rpc/command_reply.cpp
+++ b/src/mongo/rpc/command_reply.cpp
@@ -31,8 +31,11 @@
 #include "mongo/rpc/command_reply.h"
 
 #include <tuple>
+#include <utility>
 
 #include "mongo/base/data_range_cursor.h"
+#include "mongo/base/data_type_validated.h"
+#include "mongo/rpc/object_check.h"
 #include "mongo/util/net/message.h"
 
 namespace mongo {
@@ -51,11 +54,8 @@ namespace rpc {
         const char* messageEnd = begin + length;
         ConstDataRangeCursor cur(begin, messageEnd);
 
-        // TODO(amidvidy): we don't currently handle BSON validation.
-        // we will eventually have to thread serverGlobalParams.objcheck through here
-        // similarly to DbMessage::nextJsObj
-        uassertStatusOK(cur.readAndAdvance<BSONObj>(&_metadata));
-        uassertStatusOK(cur.readAndAdvance<BSONObj>(&_commandReply));
+        _metadata = std::move(uassertStatusOK(cur.readAndAdvance<Validated<BSONObj>>()).val);
+        _commandReply = std::move(uassertStatusOK(cur.readAndAdvance<Validated<BSONObj>>()).val);
         _outputDocs = DocumentRange(cur.data(), messageEnd);
     }
 
diff --git a/src/mongo/rpc/command_request.cpp b/src/mongo/rpc/command_request.cpp
index f3006b73aa8..a6c73eeb389 100644
--- a/src/mongo/rpc/command_request.cpp
+++ b/src/mongo/rpc/command_request.cpp
@@ -36,7 +36,9 @@
 #include "mongo/base/data_range_cursor.h"
 #include "mongo/base/data_type_string_data.h"
 #include "mongo/base/data_type_terminated.h"
+#include "mongo/base/data_type_validated.h"
 #include "mongo/db/jsobj.h"
+#include "mongo/rpc/object_check.h"
 #include "mongo/util/assert_util.h"
 #include "mongo/util/mongoutils/str.h"
 #include "mongo/util/net/message.h"
@@ -82,8 +84,8 @@ namespace rpc {
                 (_commandName.size() >= kMinCommandNameLength) &&
                 (_commandName.size() <= kMaxCommandNameLength));
 
-        uassertStatusOK(cur.readAndAdvance<BSONObj>(&_metadata));
-        uassertStatusOK(cur.readAndAdvance<BSONObj>(&_commandArgs));
+        _metadata = std::move(uassertStatusOK(cur.readAndAdvance<Validated<BSONObj>>()).val);
+        _commandArgs = std::move(uassertStatusOK(cur.readAndAdvance<Validated<BSONObj>>()).val);
         _inputDocs = DocumentRange{cur.data(), messageEnd};
     }
 
diff --git a/src/mongo/rpc/document_range.cpp b/src/mongo/rpc/document_range.cpp
index 115cd0f3ba8..56e5d8c1add 100644
--- a/src/mongo/rpc/document_range.cpp
+++ b/src/mongo/rpc/document_range.cpp
@@ -35,6 +35,8 @@
 #include <tuple>
 #include <utility>
 
+#include "mongo/base/data_type_validated.h"
+#include "mongo/rpc/object_check.h"
 #include "mongo/util/assert_util.h"
 
 namespace mongo {
@@ -87,7 +89,7 @@ namespace rpc {
         if (_cursor.length() == 0) {
             *this = const_iterator{};
         } else {
-            uassertStatusOK(_cursor.readAndAdvance<BSONObj>(&_obj));
+            _obj = std::move(uassertStatusOK(_cursor.readAndAdvance<Validated<BSONObj>>()).val);
         }
         return *this;
     }
diff --git a/src/mongo/rpc/object_check.cpp b/src/mongo/rpc/object_check.cpp
new file mode 100644
index 00000000000..988a98ed31b
--- /dev/null
+++ b/src/mongo/rpc/object_check.cpp
@@ -0,0 +1,49 @@
+/**
+ *    Copyright (C) 2015 MongoDB Inc.
+ *
+ *    This program is free software: you can redistribute it and/or  modify
+ *    it under the terms of the GNU Affero General Public License, version 3,
+ *    as published by the Free Software Foundation.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    GNU Affero General Public License for more details.
+ *
+ *    You should have received a copy of the GNU Affero General Public License
+ *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ *    As a special exception, the copyright holders give permission to link the
+ *    code of portions of this program with the OpenSSL library under certain
+ *    conditions as described in each individual source file and distribute
+ *    linked combinations including the program with the OpenSSL library. You
+ *    must comply with the GNU Affero General Public License in all respects for
+ *    all of the code used other than as permitted herein. If you modify file(s)
+ *    with this exception, you may extend this exception to your version of the
+ *    file(s), but you are not obligated to do so. If you do not wish to do so,
+ *    delete this exception statement from your version. If you delete this
+ *    exception statement from all source files in the program, then also delete
+ *    it in the license file.
+ */
+
+#include "mongo/platform/basic.h"
+
+#include "mongo/rpc/object_check.h"
+
+#include "mongo/base/status.h"
+#include "mongo/bson/bson_validate.h"
+#include "mongo/db/jsobj.h"
+#include "mongo/db/server_options.h"
+
+
+namespace mongo {
+
+    Status Validator<BSONObj>::validateLoad(const char* ptr, size_t length) {
+        return serverGlobalParams.objcheck ? validateBSON(ptr, length) : Status::OK();
+    }
+
+    Status Validator<BSONObj>::validateStore(const BSONObj& toStore) {
+        return Status::OK();
+    }
+
+}  // namespace mongo
diff --git a/src/mongo/rpc/object_check.h b/src/mongo/rpc/object_check.h
new file mode 100644
index 00000000000..9db3e6f0015
--- /dev/null
+++ b/src/mongo/rpc/object_check.h
@@ -0,0 +1,47 @@
+/**
+ *    Copyright (C) 2015 MongoDB Inc.
+ *
+ *    This program is free software: you can redistribute it and/or  modify
+ *    it under the terms of the GNU Affero General Public License, version 3,
+ *    as published by the Free Software Foundation.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    GNU Affero General Public License for more details.
+ *
+ *    You should have received a copy of the GNU Affero General Public License
+ *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ *    As a special exception, the copyright holders give permission to link the
+ *    code of portions of this program with the OpenSSL library under certain
+ *    conditions as described in each individual source file and distribute
+ *    linked combinations including the program with the OpenSSL library. You
+ *    must comply with the GNU Affero General Public License in all respects for
+ *    all of the code used other than as permitted herein. If you modify file(s)
+ *    with this exception, you may extend this exception to your version of the
+ *    file(s), but you are not obligated to do so. If you do not wish to do so,
+ *    delete this exception statement from your version. If you delete this
+ *    exception statement from all source files in the program, then also delete
+ *    it in the license file.
+ */
+
+#pragma once
+
+#include "mongo/base/data_type_validated.h"
+
+// We do not use the rpc namespace here so we can specialize Validator.
+namespace mongo {
+    class BSONObj;
+    class Status;
+
+    /**
+     * A validator for BSON objects. The implementation will validate the input object
+     * if validation is enabled, or return Status::OK() otherwise.
+     */
+    template<> struct Validator<BSONObj> {
+        static Status validateLoad(const char* ptr, size_t length);
+        static Status validateStore(const BSONObj& toStore);
+    };
+
+}  // namespace mongo
diff --git a/src/mongo/rpc/object_check_test.cpp b/src/mongo/rpc/object_check_test.cpp
new file mode 100644
index 00000000000..30e1f739679
--- /dev/null
+++ b/src/mongo/rpc/object_check_test.cpp
@@ -0,0 +1,89 @@
+/**
+ *    Copyright (C) 2015 MongoDB Inc.
+ *
+ *    This program is free software: you can redistribute it and/or  modify
+ *    it under the terms of the GNU Affero General Public License, version 3,
+ *    as published by the Free Software Foundation.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    GNU Affero General Public License for more details.
+ *
+ *    You should have received a copy of the GNU Affero General Public License
+ *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ *    As a special exception, the copyright holders give permission to link the
+ *    code of portions of this program with the OpenSSL library under certain
+ *    conditions as described in each individual source file and distribute
+ *    linked combinations including the program with the OpenSSL library. You
+ *    must comply with the GNU Affero General Public License in all respects
+ *    for all of the code used other than as permitted herein. If you modify
+ *    file(s) with this exception, you may extend this exception to your
+ *    version of the file(s), but you are not obligated to do so. If you do not
+ *    wish to do so, delete this exception statement from your version. If you
+ *    delete this exception statement from all source files in the program,
+ *    then also delete it in the license file.
+ */
+
+#include "mongo/platform/basic.h"
+
+#include <iterator>
+
+#include "mongo/base/data_range_cursor.h"
+#include "mongo/db/jsobj.h"
+#include "mongo/db/server_options.h"
+#include "mongo/rpc/object_check.h"
+#include "mongo/unittest/unittest.h"
+#include "mongo/util/scopeguard.h"
+
+namespace {
+
+    using namespace mongo;
+
+    TEST(DataTypeValidated, BSONValidationEnabled) {
+
+        using std::swap;
+
+        bool wasEnabled = serverGlobalParams.objcheck;
+        const auto setValidation = [&](bool enabled){ serverGlobalParams.objcheck = enabled; };
+        ON_BLOCK_EXIT(setValidation, wasEnabled);
+
+        using std::begin;
+        using std::end;
+
+        BSONObj valid = BSON("baz" << "bar" << "garply" << BSON("foo" << "bar"));
+        char buf[1024] = { 0 };
+        std::copy(valid.objdata(), valid.objdata() + valid.objsize(), begin(buf));
+        {
+            Validated<BSONObj> v;
+            ConstDataRangeCursor cdrc(begin(buf), end(buf));
+            ASSERT_OK(cdrc.readAndAdvance(&v));
+        }
+
+        {
+            // mess up the data
+            DataRangeCursor drc(begin(buf), end(buf));
+            auto maxIntLE = LittleEndian<int>(std::numeric_limits<int>::max());
+
+            // skip past size so we don't trip any sanity checks.
+            drc.advance(4);  // skip size
+            while (drc.writeAndAdvance(0xFF).isOK()) ;
+        }
+
+        {
+            Validated<BSONObj> v;
+            ConstDataRangeCursor cdrc(begin(buf), end(buf));
+            ASSERT_NOT_OK(cdrc.readAndAdvance(&v));
+        }
+
+        {
+            // disable validation
+            setValidation(false);
+            Validated<BSONObj> v;
+            ConstDataRangeCursor cdrc(begin(buf), end(buf));
+            ASSERT_OK(cdrc.readAndAdvance(&v));
+        }
+    }
+
+}