Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-63654

The $regex operation accepts invalid expressions when used inside an aggregate command

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 3.6.23, 4.2.17
    • Component/s: None
    • None
    • ALL

      TheĀ $regex operation accepts invalid expressions when used inside an aggregate command. For example, the regular expression ^+somestring is not valid. However, Mongo executes the following command without any error:

      {
        "aggregate": "PayeeReputationByPayeeAndLegalEntity",
        "pipeline": [
          {
            "$match": {
              "_id": {
                "$regex": "^+somestring",
                "$options": ""
              }
            }
          }
        ],
        "explain": true
      }
      

      The problem is that the query plan for the above aggregation is the following:

      {
        "waitedMS": NumberLong(0),
        "stages": [
          {
            "$cursor": {
              "query": {
                "_id": {
                  "$regex": "^+somestring",
                  "$options": ""
                }
              },
              "queryPlanner": {
                "plannerVersion": 1,
                "namespace": "db.some-collection"
                "indexFilterSet": false,
                "parsedQuery": {
                  "_id": /^+somestring/
                },
                "winningPlan": {
                  "stage": "FETCH",
                  "inputStage": {
                    "stage": "IXSCAN",
                    "filter": {
                      "_id": /^+somestring/
                    },
                    "keyPattern": {
                      "_id": 1
                    },
                    "indexName": "_id_",
                    "isMultiKey": false,
                    "isUnique": true,
                    "isSparse": false,
                    "isPartial": false,
                    "indexVersion": 1,
                    "direction": "forward",
                    "indexBounds": {
                      "_id": [
                        "[\"\", {})",
                        "[/^+somestring/, /^+somestring/]"
                      ]
                    }
                  }
                },
                "rejectedPlans": []
              }
            }
          }
        ],
        "ok": 1.0
      }
      

      As we can notice, the indexBounds information is completely nonsense:

      "indexBounds": {
        "_id": [
          "[\"\", {})",
          "[/^+somestring/, /^+somestring/]"
        ]
      }
      

      The above bound makes the database perform a full index-scan. Adding an escape character in front of the + character doesn't change the situation. So, the expression ^+somestring produces the same effects.

      The real problem is that the above command is the command generated by Spring Data MongoDB. In this case, there is no workaround

      I didn't try to reproduce it on version 5.x of Mongo, but I'm quite sure that the bug persists.

            Assignee:
            eric.sedor@mongodb.com Eric Sedor
            Reporter:
            rcardin Riccardo Cardin
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: