File: js_scope_leak.js

package info (click to toggle)
mongodb 1%3A2.4.10-5
  • links: PTS, VCS
  • area: main
  • in suites: jessie-kfreebsd
  • size: 82,464 kB
  • sloc: cpp: 740,225; ansic: 152,098; sh: 13,820; python: 11,864; makefile: 1,012; perl: 922; pascal: 617; java: 452; lisp: 222; asm: 174
file content (139 lines) | stat: -rw-r--r-- 4,838 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
 
// Test for SERVER-9129
// Verify global scope data does not persist past logout or auth.
// NOTE: Each test case covers 3 state transitions:
//          no auth       -> auth user 'a'
//          auth user 'a' -> auth user 'b'
//          auth user 'b' -> logout
//
//       These transitions are tested for dbEval, $where, MapReduce and $group

var conn = MongoRunner.runMongod({ auth: "", smallfiles: ""});
var test = conn.getDB("test");

// insert a single document and add two test users
test.foo.insert({a:1});
test.getLastError();
assert.eq(1, test.foo.findOne().a);
test.addUser('a', 'a');
test.addUser('b', 'b');

function missingOrEquals(string) {
    return 'function() { '
            + 'var global = function(){return this;}.call();'
            // Uncomment the next line when debugging.
            // + 'print(global.hasOwnProperty("someGlobal") ? someGlobal : "MISSING" );'
            + 'return !global.hasOwnProperty("someGlobal")'
            + '    || someGlobal == unescape("' + escape(string) + '");'
            +'}()'
}

function testDbEval() {
    // set the global variable 'someGlobal' before authenticating
    test.eval('someGlobal = "noUsers";');

    // test new user auth causes scope to be cleared
    test.auth('a', 'a');
    assert(test.eval('return ' + missingOrEquals('a')), "dbEval: Auth user 'a'");

    // test auth as another user causes scope to be cleared
    test.eval('someGlobal = "a";');
    test.auth('b', 'b');
    assert(test.eval('return ' + missingOrEquals('a&b')), "dbEval: Auth user 'b'");

    // test user logout causes scope to be cleared
    test.eval('someGlobal = "a&b";');
    test.logout();
    assert(test.eval('return ' + missingOrEquals('noUsers')), "dbEval: log out");
}
testDbEval();
testDbEval();

// test $where
function testWhere() {
    // set the global variable 'someGlobal' before authenticating
    test.foo.findOne({$where:'someGlobal = "noUsers";'});

    // test new user auth causes scope to be cleared
    test.auth('a', 'a');
    assert.eq(1,
             test.foo.count({$where: 'return ' + missingOrEquals('a')}),
             "$where: Auth user 'a");

    // test auth as another user causes scope to be cleared
    test.foo.findOne({$where:'someGlobal = "a";'});
    test.auth('b', 'b');
    assert(test.foo.count({$where: 'return ' + missingOrEquals('a&b')}), "$where: Auth user 'b'");
    // test user logout causes scope to be cleared
    test.foo.findOne({$where:'someGlobal = "a&b";'});
    test.logout();
    assert(test.foo.count({$where: 'return ' + missingOrEquals('noUsers')}), "$where: log out");
}
testWhere();
testWhere();

function testMapReduce() {
    var mapSet = function(string) { return Function('someGlobal = "' + string + '"'); }
    var mapGet = function(string) { return Function('assert(' + missingOrEquals(string) +')'); }
    var reduce = function(k, v) { }
    var setGlobalInMap = function(string) {
        test.foo.mapReduce(mapSet(string), reduce, {out:{inline:1}});
    }
    var getGlobalFromMap = function(string) {
        test.foo.mapReduce(mapGet(string), reduce, {out:{inline:1}});
    }

    // set the global variable 'someGlobal' before authenticating
    setGlobalInMap('noUsers');

    // test new user auth causes scope to be cleared
    test.auth('a', 'a');
    getGlobalFromMap('a'); // throws on fail

    // test auth as another user causes scope to be cleared
    setGlobalInMap('a');
    test.auth('b', 'b');
    getGlobalFromMap('a&b'); // throws on fail

    // test user logout causes scope to be cleared
    setGlobalInMap('a&b');
    test.logout();
    getGlobalFromMap('noUsers'); // throws on fail
}
testMapReduce();
testMapReduce();

function testGroup() {
    var setGlobalInGroup = function(string) {
        return test.foo.group({key: 'a',
                             reduce: Function('doc1', 'agg',
                                              'someGlobal = "' + string + '"'),
                             initial:{}});
    }
    var getGlobalFromGroup = function(string) {
        return test.foo.group({key: 'a',
                             reduce: Function('doc1', 'agg',
                                              'assert(' + missingOrEquals(string) +')'),
                             initial:{}});
    }

    // set the global variable 'someGlobal' before authenticating
    setGlobalInGroup('noUsers');

    // test new user auth causes scope to be cleared
    test.auth('a', 'a');
    getGlobalFromGroup('a'); // throws on fail

    // test auth as another user causes scope to be cleared
    setGlobalInGroup('a');
    test.auth('b', 'b');
    getGlobalFromGroup('a&b'); // throws on fail

    // test user logout causes scope to be cleared
    setGlobalInGroup('a&b');
    test.logout();
    getGlobalFromGroup('noUsers'); // throws on fail
}
testGroup();
testGroup();