CSHARP-2958: Research possible places when we use string comparison in an unsafe way.

Author: DmitryLukyanov

src/MongoDB.Bson/IO/BsonBinaryReader.cs

@@ -219,7 +219,7 @@ public override BsonType ReadBsonType()
             }
             catch (FormatException ex)
             {
-                if (ex.Message.StartsWith("Detected unknown BSON type"))
+                if (ex.Message.StartsWith("Detected unknown BSON type", StringComparison.Ordinal))
                 {
                     // insert the element name into the error message
                     var periodIndex = ex.Message.IndexOf('.');

src/MongoDB.Bson/Serialization/Conventions/ConventionBase.cs

@@ -61,7 +61,7 @@ public string Name
         private static string GetName(Type type)
         {
             var name = type.Name;
-            if (name.EndsWith("Convention"))
+            if (name.EndsWith("Convention", StringComparison.Ordinal))
             {
                 return name.Substring(0, name.Length - 10);
             }

src/MongoDB.Driver.Core/Core/Authentication/ScramShaAuthenticator.cs

@@ -125,7 +125,7 @@ public ScramShaMechanism(
                 _h = h;
                 _hi = hi;
                 _hmac = hmac;
-                if (!hashAlgorithmName.ToString().StartsWith("SHA"))
+                if (!hashAlgorithmName.ToString().StartsWith("SHA", StringComparison.Ordinal))
                 {
                     throw new ArgumentException("Must specify a SHA algorithm.");
                 }

src/MongoDB.Driver.Core/Core/Clusters/DnsMonitor.cs

@@ -128,7 +128,7 @@ private List<DnsEndPoint> GetValidEndPoints(List<SrvRecord> srvRecords)
             {
                 var endPoint = srvRecord.EndPoint;
                 var host = endPoint.Host;
-                if (host.EndsWith("."))
+                if (host.EndsWith(".", StringComparison.Ordinal))
                 {
                     host = host.Substring(0, host.Length - 1);
                     endPoint = new DnsEndPoint(host, endPoint.Port);

src/MongoDB.Driver.Core/Core/Configuration/ConnectionString.cs

@@ -1202,7 +1202,7 @@ private List<string> GetHostsFromResponse(IDnsQueryResponse response)
             foreach (var srvRecord in response.Answers.SrvRecords())
             {
                 var h = srvRecord.Target.ToString();
-                if (h.EndsWith("."))
+                if (h.EndsWith(".", StringComparison.Ordinal))
                 {
                     h = h.Substring(0, h.Length - 1);
                 }

src/MongoDB.Driver.Core/Core/Connections/CommandEventHelper.cs

@@ -1038,7 +1038,7 @@ private BsonDocument BuildFindCommandFromQuery(QueryMessage message)
                             // explain is special and gets handled elsewhere
                             break;
                         default:
-                            if (element.Name.StartsWith("$"))
+                            if (element.Name.StartsWith("$", StringComparison.Ordinal))
                             {
                                 // should we actually remove the $ or not?
                                 command[element.Name.Substring(1)] = element.Value;

src/MongoDB.Driver.Core/Core/Operations/ListCollectionsUsingQueryOperation.cs

@@ -177,7 +177,7 @@ private IEnumerable<BsonDocument> NormalizeQueryResponse(IEnumerable<BsonDocumen
             foreach (var collection in collections)
             {
                 var name = (string)collection["name"];
-                if (name.StartsWith(prefix))
+                if (name.StartsWith(prefix, StringComparison.Ordinal))
                 {
                     var collectionName = name.Substring(prefix.Length);
                     if (!collectionName.Contains('$'))

src/MongoDB.Driver.Core/Core/WireProtocol/CommandUsingCommandMessageWireProtocol.cs

@@ -371,7 +371,7 @@ private bool IsRetryableWriteExceptionAndDeploymentDoesNotSupportRetryableWrites
                 exception.Result.TryGetValue("code", out var errorCode) &&
                 errorCode.ToInt32() == 20 &&
                 exception.Result.TryGetValue("errmsg", out var errmsg) &&
-                errmsg.AsString.StartsWith("Transaction numbers");
+                errmsg.AsString.StartsWith("Transaction numbers", StringComparison.Ordinal);
         }
 
 

src/MongoDB.Driver.Legacy/Linq/Translators/PredicateTranslator.cs

@@ -1289,11 +1289,11 @@ private IMongoQuery BuildStringQuery(MethodCallExpression methodCallExpression)
             }
 
             pattern = "^" + pattern + "$";
-            if (pattern.StartsWith("^.*"))
+            if (pattern.StartsWith("^.*", StringComparison.Ordinal))
             {
                 pattern = pattern.Substring(3);
             }
-            if (pattern.EndsWith(".*$"))
+            if (pattern.EndsWith(".*$", StringComparison.Ordinal))
             {
                 pattern = pattern.Substring(0, pattern.Length - 3);
             }

src/MongoDB.Driver.Legacy/MongoCollection.cs

@@ -665,7 +665,7 @@ private FindAndModifyResult FindAndModify(IClientSessionHandle session, FindAndM
             var sort = args.SortBy == null ? null : new BsonDocumentWrapper(args.SortBy);
 
             FindAndModifyOperationBase<BsonDocument> operation;
-            if (updateDocument.ElementCount > 0 && updateDocument.GetElement(0).Name.StartsWith("$"))
+            if (updateDocument.ElementCount > 0 && updateDocument.GetElement(0).Name.StartsWith("$", StringComparison.Ordinal))
             {
                 operation = new FindOneAndUpdateOperation<BsonDocument>(_collectionNamespace, filter, updateDocument, resultSerializer, messageEncoderSettings)
                 {