SERVER-41919 Disallow specific types for explicit encryption

Author: shreyaskalyan

jstests/client_encrypt/fle_encrypt_decrypt_shell.js

@@ -50,7 +50,12 @@ load('jstests/ssl/libs/ssl_helpers.js');
         UUID(),
         ISODate(),
         new Date('December 17, 1995 03:24:00'),
-        BinData(2, '1234'),
+        BinData(0, '1234'),
+        BinData(1, '1234'),
+        BinData(3, '1234'),
+        BinData(4, '1234'),
+        BinData(5, '1234'),
+        BinData(6, '1234'),
         new Timestamp(1, 2),
         new ObjectId(),
         new DBPointer("mongo", new ObjectId()),
@@ -67,7 +72,8 @@ load('jstests/ssl/libs/ssl_helpers.js');
         Code("function() { return true; }")
     ];
 
-    const failTestCases = [null, undefined, MinKey(), MaxKey(), DBRef("test", "test", "test")];
+    const failTestCases =
+        [null, undefined, MinKey(), MaxKey(), DBRef("test", "test", "test"), BinData(2, '1234')];
 
     const shell = Mongo(conn.host, clientSideFLEOptions);
     const keyVault = shell.getKeyVault();

src/mongo/shell/encrypted_dbclient_base.cpp

@@ -269,6 +269,13 @@ void EncryptedDBClientBase::encrypt(mozjs::MozJSImplScope* scope,
                    scope->getProto<mozjs::DBRefInfo>().getJSClass() == jsclass) {
             uasserted(ErrorCodes::BadValue, "Second parameter cannot be MinKey, MaxKey, or DBRef");
         } else {
+            if (scope->getProto<mozjs::BinDataInfo>().getJSClass() == jsclass) {
+                mozjs::ObjectWrapper o(cx, args.get(1));
+                auto binType = BinDataType(o.getNumberInt(mozjs::InternedString::type));
+                uassert(ErrorCodes::BadValue,
+                        "Cannot encrypt BinData subtype 2.",
+                        binType != BinDataType::ByteArrayDeprecated);
+            }
             if (scope->getProto<mozjs::NumberDecimalInfo>().getJSClass() == jsclass) {
                 uassert(ErrorCodes::BadValue,
                         "Cannot deterministically encrypt NumberDecimal type objects.",