diff options
-rw-r--r-- | jstests/noPassthrough/setshellparameter.js | 22 | ||||
-rw-r--r-- | src/mongo/SConscript | 3 | ||||
-rw-r--r-- | src/mongo/shell/shell_options.cpp | 39 |
3 files changed, 64 insertions, 0 deletions
diff --git a/jstests/noPassthrough/setshellparameter.js b/jstests/noPassthrough/setshellparameter.js new file mode 100644 index 00000000000..9fd17abb605 --- /dev/null +++ b/jstests/noPassthrough/setshellparameter.js @@ -0,0 +1,22 @@ +// Test --setShellParameter CLI switch. + +(function() { + 'use strict'; + + function test(ssp, succeed) { + const result = + runMongoProgram('./mongo', '--setShellParameter', ssp, '--nodb', '--eval', ';'); + assert.eq(0 == result, + succeed, + '--setShellParameter ' + ssp + 'worked/didn\'t-work unexpectedly'); + } + + // Whitelisted + test('disabledSecureAllocatorDomains=foo', true); + + // Not whitelisted + test('enableTestCommands=1', false); + + // Unknown + test('theAnswerToTheQuestionOfLifeTheUniverseAndEverything=42', false); +})(); diff --git a/src/mongo/SConscript b/src/mongo/SConscript index 9a53426ed70..e262fe78f4a 100644 --- a/src/mongo/SConscript +++ b/src/mongo/SConscript @@ -496,6 +496,9 @@ if not has_option('noshell') and usemozjs: 'executor/network_interface_thread_pool', 'executor/network_interface_factory' ], + LIBDEPS_PRIVATE=[ + 'db/server_parameters', + ], # Because `::environ` is resolved in `/usr/lib/crt1.o` on FreeBSD, this library # needs to be marked `incomplete` on FreeBSD. LIBDEPS_TAGS=[] if not env.TargetOSIs('freebsd') else [ diff --git a/src/mongo/shell/shell_options.cpp b/src/mongo/shell/shell_options.cpp index 0845fba5b54..71cf4ceb147 100644 --- a/src/mongo/shell/shell_options.cpp +++ b/src/mongo/shell/shell_options.cpp @@ -42,6 +42,7 @@ #include "mongo/config.h" #include "mongo/db/auth/sasl_command_constants.h" #include "mongo/db/server_options.h" +#include "mongo/db/server_parameters.h" #include "mongo/rpc/protocol.h" #include "mongo/shell/shell_utils.h" #include "mongo/transport/message_compressor_registry.h" @@ -60,6 +61,11 @@ using std::vector; ShellGlobalParams shellGlobalParams; +// SERVER-36807: Limit --setShellParameter to SetParameters we know we want to expose. +const std::set<std::string> kSetShellParameterWhitelist = { + "disabledSecureAllocatorDomains", +}; + Status addMongoShellOptions(moe::OptionSection* options) { options->addOptionChaining( "shell", "shell", moe::Switch, "run the shell after executing files"); @@ -227,6 +233,14 @@ Status addMongoShellOptions(moe::OptionSection* options) { options->addOptionChaining( "jsHeapLimitMB", "jsHeapLimitMB", moe::Int, "set the js scope's heap size limit"); + options + ->addOptionChaining("setShellParameter", + "setShellParameter", + moe::StringMap, + "Set a configurable parameter") + .composing() + .hidden(); + return Status::OK(); } @@ -466,6 +480,31 @@ Status storeMongoShellOptions(const moe::Environment& params, if (!ret.isOK()) return ret; + if (params.count("setShellParameter")) { + auto ssp = params["setShellParameter"].as<std::map<std::string, std::string>>(); + auto map = ServerParameterSet::getGlobal()->getMap(); + for (auto it : ssp) { + const auto& name = it.first; + auto paramIt = map.find(name); + if (paramIt == map.end() || !kSetShellParameterWhitelist.count(name)) { + return {ErrorCodes::BadValue, + str::stream() << "Unknown --setShellParameter '" << name << "'"}; + } + auto* param = paramIt->second; + if (!param->allowedToChangeAtStartup()) { + return {ErrorCodes::BadValue, + str::stream() << "Cannot use --setShellParameter to set '" << name + << "' at startup"}; + } + auto status = param->setFromString(it.second); + if (!status.isOK()) { + return {ErrorCodes::BadValue, + str::stream() << "Bad value for parameter '" << name << "': " + << status.reason()}; + } + } + } + return Status::OK(); } |