Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-65033

Invalid currentOp commands are run without validation

    • Type: Icon: Improvement Improvement
    • Resolution: Won't Fix
    • Priority: Icon: Minor - P4 Minor - P4
    • None
    • Affects Version/s: 5.0.6
    • Component/s: None
    • None

      It seems that the server is not validating the format of the currentOp command, thus sometimes resolving to an unexpected behaviour for the client.

      The behaviour is easily reproducible using pymongo 4.0.2 and mongo 5.0.6 as follows:

      1. Start a new mongod instance and insert some sample data.

      2. Run the following Python snippet:

      client = MongoClient(uri)
      db = client['admin']
      
      db.command('currentOp')
      

      3. See there are a few operations that ran.

      4. Run the following Python snippet, now with an invalid command format. 

      client = MongoClient(uri)
      db = client['admin']
      
      db.command('currentOp', { 'secs_running': { '$gt': 10 }})
      

      5. It should show similar results to the previous run, even if the $gt filter is ignored (the format of the command is invalid).

      What the server received is an invalid command with the following format

      {currentOp: { 'secs_running': { '$gt': 10 }}}
      

      And the behaviour seems to run the currentOp command without filters.

            Assignee:
            michael.gargiulo@mongodb.com Michael Gargiulo
            Reporter:
            kevin.mas@mongodb.com Kevin Mas Ruiz
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: