061a086641
The actual change is in src/mongo/shell/collection.js with the remaining changes
to adjust tests to the new api.
The "ideal" arguments are now an array of pipeline ops and an optional object
with extra top-level options for the command (such as {explain: true}. For
backwards compatibility, we still support the varargs style where each argument
is a pipeline stage, but there is no way to specify extra parameters in this
mode.
107 lines
2.5 KiB
JavaScript
107 lines
2.5 KiB
JavaScript
/*
|
|
* SERVER 5782 : need a $literal operator to help prevent injection attacks
|
|
*
|
|
* This test validates part of SERVER 5872 ticket. Return a literal string
|
|
* instead of the evaluated pipeline when $literal operator is used. Previously
|
|
* there was no way to prevent evaluation of things like $fieldname.
|
|
*/
|
|
|
|
/*
|
|
* 1) Load the articles db
|
|
* 2) Load the testing functions
|
|
* 3) Add another article with $author as the author name
|
|
* 4) Run two aggregations: one with $literal and one without
|
|
* 5) Assert that the two results are what we expected
|
|
*/
|
|
// Load the test documents
|
|
load('jstests/aggregation/data/articles.js');
|
|
|
|
// Make sure we're using the right db; this is the same as "use mydb;" in shell
|
|
db = db.getSiblingDB("aggdb");
|
|
|
|
// Make an article where the author is $author
|
|
db.article.save( {
|
|
_id : 4,
|
|
title : "this is the fourth title" ,
|
|
author : "$author" ,
|
|
posted : new Date(1079895594000) ,
|
|
pageViews : 123 ,
|
|
tags : [ "bad" , "doesnt" , "matter" ] ,
|
|
comments : [
|
|
{ author :"billy" , text : "i am the one" } ,
|
|
{ author :"jean" , text : "kid is not my son" }
|
|
],
|
|
other : { foo : 9 }
|
|
});
|
|
|
|
// Create a var to compare against in the aggregation
|
|
var name = "$author";
|
|
|
|
// Aggregate checking against the field $author
|
|
var l1 = db.article.aggregate(
|
|
{ $project : {
|
|
author : 1,
|
|
authorWroteIt : { $eq:["$author", name] }
|
|
}}
|
|
);
|
|
|
|
// All should be true since we are comparing a field to itself
|
|
var l1result = [
|
|
{
|
|
"_id" : 1,
|
|
"author" : "bob",
|
|
"authorWroteIt" : true
|
|
},
|
|
{
|
|
"_id" : 2,
|
|
"author" : "dave",
|
|
"authorWroteIt" : true
|
|
},
|
|
{
|
|
"_id" : 3,
|
|
"author" : "jane",
|
|
"authorWroteIt" : true
|
|
},
|
|
{
|
|
"_id" : 4,
|
|
"author" : "$author",
|
|
"authorWroteIt" : true
|
|
}
|
|
];
|
|
|
|
// Aggregate checking against the literal string $author
|
|
var l2 = db.article.aggregate(
|
|
{ $project : {
|
|
author : 1,
|
|
authorWroteIt : { $eq:["$author", { $literal: name } ] }
|
|
}}
|
|
);
|
|
|
|
// Only the one written by $author should be true
|
|
var l2result = [
|
|
{
|
|
"_id" : 1,
|
|
"author" : "bob",
|
|
"authorWroteIt" : false
|
|
},
|
|
{
|
|
"_id" : 2,
|
|
"author" : "dave",
|
|
"authorWroteIt" : false
|
|
},
|
|
{
|
|
"_id" : 3,
|
|
"author" : "jane",
|
|
"authorWroteIt" : false
|
|
},
|
|
{
|
|
"_id" : 4,
|
|
"author" : "$author",
|
|
"authorWroteIt" : true
|
|
}
|
|
];
|
|
|
|
// Asserts
|
|
assert.eq(l1.toArray(), l1result, 'l1 failed');
|
|
assert.eq(l2.toArray(), l2result, 'l2 failed');
|