BugZero | MongoDB BugID 367501 - --noscripting option on mongod doesn't work

MongoDB - Defect ID: 367501

--noscripting option on mongod doesn't work

MongoDB - Defect ID: 367501

--noscripting option on mongod doesn't work

Last updated on May 31st, 2017

BugZero Risk Score
6.2 Medium

Overall: 6.2

Severity: 6.4

Community: 6.0

Lifecycle: 9.1

What is the BugZero Risk Score?

MongoDB Integration

Learn more about where this data comes from

MongoDB Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Priority: Major - P3
Status: Closed
Views: 2

Description

Info

As per documentation at: https://docs.mongodb.com/manual/core/server-side-javascript/#disable-server-side-execution-of-javascript --noscripting option when passed to mongod, doesn't stop any '$where' executions.

Top User Comments

krishna.devale commented on Sat, 25 Mar 2017 11:08:34 +0000: Hi Mark, Thanks for your response. The issue is on my side. I had an alias for mongod as 'mongod --dbpath ' On the alias when I use mongod --noscripting, mongod was not recognizing the option. Even config file is very particular about indentation. I am able to get the --noscripting feature to work now. Thanks, Krishna mark.agarunov commented on Fri, 24 Mar 2017 18:35:48 +0000: Hello krishna.devale, Thank you for the report. Unfortunately, we have not been able to reproduce this. With --noscripting passed to mongod I'm seeing: Marks-MacBook-Pro(mongod-3.5.4) test> db.test.find( {$where:function(){print("TEST"); return true;}} ); Error: error: { "ok": 0, "errmsg": "no globalScriptEngine in $where parsing", "code": 2, "codeName": "BadValue", "operationTime": Timestamp(0, 0) } And no output in the server logs. Without --noscripting TEST is printed in the server logs. Thanks, Mark

Steps to Reproduce

1. Run 'mongod --noscripting' 2. Run mongo client 'mongo' 3. Run command in mongo client: db..find( {"$where":print("HI")} ); 4. Console logs of mongod prints out "HI" per document in collection

Change history

2025-03-21 Added: 3.5.4

Links

Relevant Products

Click on a version to see all relevant bugs

Affected versions:3.5.4

Fixed versions: No known fixed versions

Relevant Products

Click on a version to see all relevant bugs

Affected versions:3.5.4

Fixed versions: No known fixed versions

Top MongoDB Defects

5.5Defect ID: 3269537
Remove unnecessary balancer configuration refresh that may crash the process during addShard
5.5Defect ID: 3305743
Fix detecting current git repo on windows
5.5Defect ID: 3277022
CollectionCatalog can't replace a collection with a view in the same WriteUnitOfWork
5.4Defect ID: 3287683
[v6.0] Ensure update fails on primary when doc_diff::computeDiff() produces empty sub-diffs
5.3Defect ID: 3270616
Two phase write operations can fail on stale router

Ready to prevent the next vendor outage?

Get a demo

MongoDB - Defect ID: 367501

--noscripting option on mongod doesn't work

MongoDB - Defect ID: 367501

--noscripting option on mongod doesn't work

Last updated on May 31st, 2017

BugZero Risk Score6.2 Medium

Bug Details

Info

Top User Comments

Steps to Reproduce

Links

Top MongoDB Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.2 Medium