Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(NODE-6124): utf8 validation is insufficiently strict #680

Merged
merged 1 commit into from
May 2, 2024
Merged

fix(NODE-6124): utf8 validation is insufficiently strict #680

merged 1 commit into from
May 2, 2024

Conversation

aditi-khare-mongoDB
Copy link
Contributor

@aditi-khare-mongoDB aditi-khare-mongoDB commented May 2, 2024
edited
Loading

Note: this PR description is copied over from the 6.x branch fix.

Description

Outside of web, our toUTF8 function was insufficiently strict and allowed overlong encodings.

What is changing?

Change our functionality to use jsTextDecoder to double check utf8 input when a replacement character is detected.

Is there new documentation needed for these changes?

No.

What is the motivation for this change?

Drivers wide initiative to make UTF-8 validation strict and consistent.

UTF-8 validation now throws a BSONError on overlong encodings in Node.js

Specifically, this affects deserialize when utf8 validation is enabled, which is the default.

An overlong encoding is when the number of bytes in an encoding is inflated by padding the code point with leading 0s (see here for more information).

Double check the following

  • Ran npm run check:lint script
  • Self-review completed using the steps outlined here
  • PR title follows the correct format: type(NODE-xxxx)[!]: description
    • Example: feat(NODE-1234)!: rewriting everything in coffeescript
  • Changes are covered by tests
  • New TODOs have a related JIRA ticket

@aditi-khare-mongoDB aditi-khare-mongoDB changed the base branch from main to 5.x May 2, 2024 06:32
@aditi-khare-mongoDB aditi-khare-mongoDB marked this pull request as ready for review May 2, 2024 08:56
@nbbeeken nbbeeken self-assigned this May 2, 2024
@nbbeeken nbbeeken added the Primary Review In Review with primary reviewer, not yet ready for team's eyes label May 2, 2024
@nbbeeken nbbeeken merged commit 6460989 into 5.x May 2, 2024
3 checks passed
@nbbeeken nbbeeken deleted the NODE-6124/utf8-validation branch May 2, 2024 16:06
@github-actions github-actions bot mentioned this pull request Apr 17, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nbbeeken nbbeeken nbbeeken approved these changes

Assignees

@nbbeeken nbbeeken

Labels
Primary Review In Review with primary reviewer, not yet ready for team's eyes
Projects
None yet
Milestone
No milestone
2 participants
@aditi-khare-mongoDB @nbbeeken