Added validation to check a Document passed into FindAndReplace does not contain update operators

Trisha Gee · Trisha Gee · commit bb32c63badf2 · 2013-08-27T16:00:56.000+02:00
diff --git a/driver/src/main/org/mongodb/operation/CommandResultWithPayloadDecoder.java b/driver/src/main/org/mongodb/operation/CommandResultWithPayloadDecoder.java
@@ -43,18 +43,14 @@ public Document decode(final BSONReader reader) {
         reader.readStartDocument();
         while (reader.readBSONType() != END_OF_DOCUMENT) {
             final String fieldName = reader.readName();
-            final Object result;
             final BSONType bsonType = reader.getCurrentBSONType();
             if (bsonType.equals(DOCUMENT) && fieldName.equals(FIELD_CONTAINING_PAYLOAD)) {
-                result = payloadDecoder.decode(reader);
+                document.put(fieldName, payloadDecoder.decode(reader));
             } else {
-                result = codecs.decode(reader);
+                document.put(fieldName, codecs.decode(reader));
             }
-            document.put(fieldName, result);
         }
-
         reader.readEndDocument();
-
         return document;
     }
 }
diff --git a/driver/src/main/org/mongodb/operation/CommandWithPayloadEncoder.java b/driver/src/main/org/mongodb/operation/CommandWithPayloadEncoder.java
@@ -20,7 +20,7 @@
 import org.mongodb.Document;
 import org.mongodb.Encoder;
 import org.mongodb.codecs.Codecs;
-import org.mongodb.codecs.validators.FieldNameValidator;
+import org.mongodb.codecs.validators.Validator;
 
 import java.util.Map;
 
@@ -29,12 +29,14 @@ class CommandWithPayloadEncoder<T> implements Encoder<Document> {
     private final Codecs codecs = Codecs.createDefault();
 
     private final Encoder<T> payloadEncoder;
-    private final FieldNameValidator fieldNameValidator = new FieldNameValidator();
     private final String fieldContainingPayload;
+    private final Validator<T> payloadValidator;
 
-    CommandWithPayloadEncoder(final String fieldContainingPayload, final Encoder<T> payloadEncoder) {
+    CommandWithPayloadEncoder(final String fieldContainingPayload, final Encoder<T> payloadEncoder,
+                              final Validator<T> payloadValidator) {
         this.payloadEncoder = payloadEncoder;
         this.fieldContainingPayload = fieldContainingPayload;
+        this.payloadValidator = payloadValidator;
     }
 
     //we need to cast the payload to (T) to encode it
@@ -45,11 +47,12 @@ public void encode(final BSONWriter bsonWriter, final Document value) {
 
         for (final Map.Entry<String, Object> entry : value.entrySet()) {
             final String fieldName = entry.getKey();
-            fieldNameValidator.validate(fieldName);
 
             bsonWriter.writeName(fieldName);
             if (fieldContainingPayload.equals(fieldName)) {
-                payloadEncoder.encode(bsonWriter, (T) entry.getValue());
+                final T payload = (T) entry.getValue();
+                payloadValidator.validate(payload);
+                payloadEncoder.encode(bsonWriter, payload);
             } else {
                 codecs.encode(bsonWriter, entry.getValue());
             }
diff --git a/driver/src/main/org/mongodb/operation/FindAndReplaceOperation.java b/driver/src/main/org/mongodb/operation/FindAndReplaceOperation.java
@@ -39,7 +39,7 @@ public FindAndReplaceOperation(final BufferProvider bufferProvider, final Sessio
         this.namespace = namespace;
         this.findAndReplace = findAndReplace;
         resultDecoder = new CommandResultWithPayloadDecoder<T>(payloadDecoder);
-        commandEncoder = new CommandWithPayloadEncoder<T>("update", payloadEncoder);
+        commandEncoder = new CommandWithPayloadEncoder<T>("update", payloadEncoder, new FindAndReplaceValidator<T>());
     }
 
     @SuppressWarnings("unchecked")
diff --git a/driver/src/main/org/mongodb/operation/FindAndReplaceValidator.java b/driver/src/main/org/mongodb/operation/FindAndReplaceValidator.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2008 - 2013 10gen, Inc. <http://10gen.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.mongodb.operation;
+
+import org.mongodb.Document;
+import org.mongodb.codecs.validators.Validator;
+
+import static java.lang.String.format;
+
+public class FindAndReplaceValidator<T> implements Validator<T> {
+    @Override
+    public void validate(final T value) {
+        if (value instanceof Document){
+            for (String key : ((Document) value).keySet()) {
+                if (key.startsWith("$")) {
+                    throw new IllegalArgumentException(format("Can't use update operators (beginning with '$') in a find and replace "
+                                                              + "operation (Bad Key: '%s')", value));
+                }
+            }
+        }
+    }
+}
diff --git a/driver/src/test/acceptance/org/mongodb/acceptancetest/crud/FindAndReplaceAcceptanceTest.java b/driver/src/test/acceptance/org/mongodb/acceptancetest/crud/FindAndReplaceAcceptanceTest.java
@@ -26,10 +26,12 @@
 
 import java.util.Date;
 
+import static org.hamcrest.CoreMatchers.startsWith;
 import static org.hamcrest.core.Is.is;
 import static org.hamcrest.core.IsEqual.equalTo;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertThat;
+import static org.junit.Assert.fail;
 
 /**
  * Documents and tests the functionality provided for find-and-replace atomic operations.
@@ -146,16 +148,21 @@ public void shouldInsertDocumentWhenFilterDoesNotMatchAnyDocumentsAndUpsertFlagI
                    document, equalTo(replacementDocument));
     }
 
-    //    @Test(expected = IllegalArgumentException.class)
-    //    public void shouldThrowAnExceptionIfReplacementContainsUpdateOperators() {
-    //        final Document documentInserted = new Document(KEY, VALUE_TO_CARE_ABOUT);
-    //        collection.insert(documentInserted);
-    //
-    //        assertThat(collection.count(), is(1L));
-    //
-    //        collection.filter(new Document(KEY, VALUE_TO_CARE_ABOUT))
-    //                .replaceAndGet(new Document("$set", new Document("foo", "bar")), Get.AfterChangeApplied);
-    //    }
+    @Test
+    public void shouldThrowAnExceptionIfReplacementContainsUpdateOperators() {
+        final Document documentInserted = new Document(KEY, VALUE_TO_CARE_ABOUT);
+        collection.insert(documentInserted);
+
+        assertThat(collection.find().count(), is(1L));
+
+        try {
+            collection.find(new Document(KEY, VALUE_TO_CARE_ABOUT))
+                      .getOneAndReplace(new Document("$inc", new Document("someNumber", "635")));
+            fail("Should throw an IllegalArgumentException when trying to do a replace with a document containing an update operation");
+        } catch (IllegalArgumentException e) {
+            assertThat(e.getMessage(), startsWith("Can't use update operators (beginning with '$') in a find and replace operation"));
+        }
+    }
 
     //TODO: should not be able to change the ID of a document
 

Original file line number	Diff line number	Diff line change
`@@ -43,18 +43,14 @@ public Document decode(final BSONReader reader) {`
`43`	`43`	`reader.readStartDocument();`
`44`	`44`	`while (reader.readBSONType() != END_OF_DOCUMENT) {`
`45`	`45`	`final String fieldName = reader.readName();`
`46`		`- final Object result;`
`47`	`46`	`final BSONType bsonType = reader.getCurrentBSONType();`
`48`	`47`	`if (bsonType.equals(DOCUMENT) && fieldName.equals(FIELD_CONTAINING_PAYLOAD)) {`
`49`		`- result = payloadDecoder.decode(reader);`
	`48`	`+ document.put(fieldName, payloadDecoder.decode(reader));`
`50`	`49`	`} else {`
`51`		`- result = codecs.decode(reader);`
	`50`	`+ document.put(fieldName, codecs.decode(reader));`
`52`	`51`	`}`
`53`		`- document.put(fieldName, result);`
`54`	`52`	`}`
`55`		`-`
`56`	`53`	`reader.readEndDocument();`
`57`		`-`
`58`	`54`	`return document;`
`59`	`55`	`}`
`60`	`56`	`}`
Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,7 @@ public FindAndReplaceOperation(final BufferProvider bufferProvider, final Sessio`
`39`	`39`	`this.namespace = namespace;`
`40`	`40`	`this.findAndReplace = findAndReplace;`
`41`	`41`	`resultDecoder = new CommandResultWithPayloadDecoder<T>(payloadDecoder);`
`42`		`- commandEncoder = new CommandWithPayloadEncoder<T>("update", payloadEncoder);`
	`42`	`+ commandEncoder = new CommandWithPayloadEncoder<T>("update", payloadEncoder, new FindAndReplaceValidator<T>());`
`43`	`43`	`}`
`44`	`44`
`45`	`45`	`@SuppressWarnings("unchecked")`