You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Something appears to be wrong with the way that .json is converting a Pattern object. We initially had done something like collection.find("{authz: ${user.authz.toRegex().json}")
and found our code wasn't working as expected. Not a big deal, we googled up and figured out that we were idiots since mongo doesn't support Regex() it wanted Pattern(). So we tweaked the code up to do collection.find("{authz: ${user.authz.toRegex().toPattern().json}")
and found it still didn't work.
After some deeper diving we found that using a Document("authz", user.authz.toRegex().pattern()) was working when using the native mongo java drivers. That let to some experiments where we discovered that the .json on the pattern doesn't convert things correctly.
:) If I were hardcoding this specific thing sure, but its a variable coming from data model meaning that I then have to manually escape the regex pattern to try and protect from injection attacks or simply a regex pattern that has a / or other special character in it.
I think it would be best to wait for a fix and use a properly coded fix 👍
Something appears to be wrong with the way that .json is converting a Pattern object. We initially had done something like
collection.find("{authz: ${user.authz.toRegex().json}")
and found our code wasn't working as expected. Not a big deal, we googled up and figured out that we were idiots since mongo doesn't support Regex() it wanted Pattern(). So we tweaked the code up to do
collection.find("{authz: ${user.authz.toRegex().toPattern().json}")
and found it still didn't work.
After some deeper diving we found that using a Document("authz", user.authz.toRegex().pattern()) was working when using the native mongo java drivers. That let to some experiments where we discovered that the .json on the pattern doesn't convert things correctly.
val pattern = Pattern.compile("System#.*R")
Example of what creates a bad conversion
Output:
{authz: "System#.*R"}
Example of what creates a good conversion
Output:
{"authz": {"$regex": "System#.*R", "$options": ""}}
This happens in both 3.11.0 driver (what we currently have in production) and 3.12.2 driver (we should be able to upgrade to this if needed).
The text was updated successfully, but these errors were encountered: