1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
/**
* Test function roundtripping in documents with --enableJavaScriptProtection.
*
* Ensure that:
* 1. A function stored in a document can be loaded into a Code()
* object in the mongo shell with the --enableJavaScriptProtection flag.
* 2. A Code object is correctly serialized as BSON type 'Code' or
* 'CodeWScope'.
*/
(function() {
"use strict";
var testServer = MongoRunner.runMongod();
assert.neq(null, testServer, "failed to start mongod");
var db = testServer.getDB("test");
var t = db.js_protection_roundtrip;
function withoutJavaScriptProtection() {
var doc = db.js_protection_roundtrip.findOne({_id: 0});
assert.neq(doc, null);
assert.eq(typeof doc.myFunc, "function", "myFunc should have been presented as a function");
assert.eq(doc.myFunc(), "yes");
}
function withJavaScriptProtection() {
var doc = db.js_protection_roundtrip.findOne({_id: 0});
assert.neq(doc, null);
assert(doc.myFunc instanceof Code, "myFunc should have been a Code object");
doc.myFunc = eval("(" + doc.myFunc.code + ")");
assert.eq(doc.myFunc(), "yes");
}
function testFunctionUnmarshall(jsProtection, evalFunc) {
var evalString = "(" + tojson(evalFunc) + ")();";
var protectionFlag =
jsProtection ? "--enableJavaScriptProtection" : "--disableJavaScriptProtection";
var exitCode =
runMongoProgram("mongo", "--port", testServer.port, protectionFlag, "--eval", evalString);
assert.eq(exitCode, 0);
}
/**
* ACTUAL TEST
*/
var result = t.insert({
_id: 0,
myFunc: function() {
return "yes";
}
});
assert.commandWorked(result);
testFunctionUnmarshall(true, withJavaScriptProtection);
testFunctionUnmarshall(false, withoutJavaScriptProtection);
MongoRunner.stopMongod(testServer);
})();
|