cursor: create synthetic failure upon top-level query and $dollar keys

Christian Hergert · Christian Hergert · commit 1e24ff9b8b72 · 2014-06-17T13:13:36.000-07:00
It is possible to submit a query to mongo-c-driver that looks like: {a:1, $orderby: {foo:1}} This is invalid since it mixes the top-level query and the orderby. It should instead be: {$query: {a:1}, {$orderby:{foo:1}}} This fixes CDRIVER-379.
diff --git a/src/mongoc/mongoc-cursor.c b/src/mongoc/mongoc-cursor.c
@@ -183,6 +183,8 @@ _mongoc_cursor_new (mongoc_client_t           *client,
 
 #define MARK_FAILED(c) \
    do { \
+      bson_init (&(c)->query); \
+      bson_init (&(c)->fields); \
       (c)->failed = true; \
       (c)->done = true; \
       (c)->end_of_event = true; \
@@ -236,6 +238,33 @@ _mongoc_cursor_new (mongoc_client_t           *client,
       }
    }
 
+   /*
+    * Check if we have a mixed top-level query and dollar keys such
+    * as $orderby. This is not allowed (you must use {$query:{}}.
+    */
+   if (bson_iter_init (&iter, query)) {
+      bool found_dollar = false;
+      bool found_non_dollar = false;
+
+      while (bson_iter_next (&iter)) {
+         if (bson_iter_key (&iter)[0] == '$') {
+            found_dollar = true;
+         } else {
+            found_non_dollar = true;
+         }
+      }
+
+      if (found_dollar && found_non_dollar) {
+         bson_set_error (&cursor->error,
+                         MONGOC_ERROR_CURSOR,
+                         MONGOC_ERROR_CURSOR_INVALID_CURSOR,
+                         "Cannot mix top-level query with dollar keys such "
+                         "as $orderby. Use {$query: {},...} instead.");
+         MARK_FAILED (cursor);
+         GOTO (finish);
+      }
+   }
+
    if (!cursor->is_command && !bson_has_field (query, "$query")) {
       bson_init (&cursor->query);
       bson_append_document (&cursor->query, "$query", 6, query);
@@ -730,6 +759,14 @@ mongoc_cursor_next (mongoc_cursor_t  *cursor,
 
    TRACE ("cursor_id(%"PRId64")", cursor->rpc.reply.cursor_id);
 
+   if (bson) {
+      *bson = NULL;
+   }
+
+   if (cursor->failed) {
+      return false;
+   }
+
    if (cursor->iface.next) {
       ret = cursor->iface.next(cursor, bson);
    } else {
diff --git a/tests/test-mongoc-cursor.c b/tests/test-mongoc-cursor.c
@@ -108,9 +108,49 @@ test_clone (void)
 }
 
 
+static void
+test_invalid_query (void)
+{
+   mongoc_client_t *client;
+   mongoc_cursor_t *cursor;
+   mongoc_uri_t *uri;
+   bson_error_t error;
+   const bson_t *doc = NULL;
+   bson_t *q;
+   bool r;
+   char *uristr;
+
+   uristr = bson_strdup_printf("mongodb://%s/", MONGOC_TEST_HOST);
+   uri = mongoc_uri_new(uristr);
+   bson_free(uristr);
+
+   client = mongoc_client_new_from_uri (uri);
+   assert (client);
+
+   q = BCON_NEW ("foo", BCON_INT32 (1), "$orderby", "{", "}");
+
+   doc = q;
+
+   cursor = _mongoc_cursor_new (client, "test.test", MONGOC_QUERY_NONE, 0, 1, 1,
+                                false, q, NULL, NULL);
+   r = mongoc_cursor_next (cursor, &doc);
+   assert (!r);
+   mongoc_cursor_error (cursor, &error);
+   assert (strstr (error.message, "$query"));
+   assert (error.domain == MONGOC_ERROR_CURSOR);
+   assert (error.code == MONGOC_ERROR_CURSOR_INVALID_CURSOR);
+   assert (doc == NULL);
+
+   mongoc_cursor_destroy (cursor);
+   mongoc_client_destroy (client);
+   mongoc_uri_destroy(uri);
+}
+
+
 void
 test_cursor_install (TestSuite *suite)
 {
    TestSuite_Add (suite, "/Cursor/get_host", test_get_host);
    TestSuite_Add (suite, "/Cursor/clone", test_clone);
+   TestSuite_Add (suite, "/Cursor/invalid_query", test_invalid_query);
 }
