On 12/6/23 20:39, Viktor Dukhovni via Postfix-devel wrote: > On Thu, Dec 07, 2023 at 01:06:57AM +0000, Hamid Maadani wrote: > >>>> However, I am concerned about the use of `bson_new_from_json()` and its >>>> need to quote the MongoDB operators. This feels completely unnatural. >>>> How is there then a distinction between: >>>> >>>> $or: [...] >>>> >>>> and >>>> >>>> "$or": [...] >>>> >>>> the latter should be a verbatim key called "$or", not a MongoDB >>>> operator. How do we avoid having issues with inputs that contain a >>>> leading "$", or are the leading "$" signs only special in the JSON >>>> object key, rather than the value? This needs to be understood and >>>> documented. As well as clarifying any potential confusion around >>>> projections... >>> ... >>> I am still uneasy about this. What if one really wanted a key that >>> starts with "$"? Ideally the API would have supported operators without >>> overloading already quoted strings. >> >> Using 'bson_new_from_json' seems to be the easiest way to give admins >> flexibility on what queries/projections they want to have. I actually >> initially wanted to use aggregations, but decided against that to keep >> simplicity. >> >> Mongo 5.0 and above support keys that start with dollar signs according to >> this: >> https://www.mongodb.com/docs/manual/core/dot-dollar-considerations >> > > I am somewhat reassured by the fact that that document consistently only > talks about dollar-prefixed *keys*, and makes no mention of special > concerns for dollar-prefixed values. So I guess, the user will have to > know that despite the formal MongoDB syntax not needing quotes for $or, > the Postfix dictionary driver will require quotes, and the operator will > still work. > > Provided "%s", "%u", and the like always appear on the *value* side of a > MongoDB query, there are no related issues. Anyone using external input > to set a *key* in the JSON query would be asking for trouble... > > We probably don't need to go as far as parsing the JSON query to ensure > that '%x' substitutions happen only in values and not in keys...
I think it would be preferable to do this, as it catches human error that would result in an insecure system. One just needs to ensure that keys keys never have a % that is not followed by another %. JSON syntax rules mean that a % cannot appear anywhere else. -- Sincerely, Demi Marie Obenour (she/her/hers) _______________________________________________ Postfix-devel mailing list -- postfix-devel@postfix.org To unsubscribe send an email to postfix-devel-le...@postfix.org
