MONGOID-5919 Restrict to_criteria #6085
Merged
+263
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
There was a problem hiding this comment.
Pull request overview
This PR tightens the behavior of Hash#to_criteria to mitigate security risks (MONGOID-5919) by restricting which Mongoid::Criteria methods can be invoked via a hash, and adds tests around this behavior.
Changes:
- Introduces an
ALLOWED_TO_CRITERIA_METHODSconstant inMongoid::Extensions::Hashand makes it a private constant. - Updates
Hash#to_criteriato check each hash key against the allowlist, raisingArgumentErrorfor disallowed methods and usingpublic_sendfor dispatch. - Adds comprehensive specs for
Hash#to_criteria, covering normal usage, missingklass, allowed methods, disallowed/dangerous methods, and a broader security validation suite.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| spec/mongoid/extensions/hash_spec.rb | Adds detailed tests ensuring Hash#to_criteria correctly sets klass/selector, allows a curated set of query/aggregation methods, and rejects a broad set of dangerous or non-query methods with clear ArgumentErrors. |
| lib/mongoid/extensions/hash.rb | Defines the ALLOWED_TO_CRITERIA_METHODS allowlist and changes Hash#to_criteria to enforce it, raising on any non-whitelisted method before calling into Mongoid::Criteria. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
192
to
194
| # Convert this hash to a criteria. Will iterate over each keys in the | ||
| # hash which must correspond to method on a criteria object. The hash | ||
| # must also include a "klass" key. |
There was a problem hiding this comment.
The comment states that the hash "must also include a klass key", but the new #to_criteria specs introduce and validate behavior where klass is optional; please update this documentation to reflect that klass may be omitted (resulting in a criteria with klass set to nil).
Suggested change
| # Convert this hash to a criteria. Will iterate over each keys in the | |
| # hash which must correspond to method on a criteria object. The hash | |
| # must also include a "klass" key. | |
| # Convert this hash to a criteria. Will iterate over each key in the | |
| # hash which must correspond to a method on a criteria object. The hash | |
| # may include a "klass" key; if omitted, the resulting criteria will have | |
| # its klass set to nil. |
jamis
approved these changes
Jan 22, 2026
comandeo-mongo
added
the
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.