Skip to content

fix(query): shallow clone $or, $and if merging onto empty query filter #14580

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
May 11, 2024
Merged

fix(query): shallow clone $or, $and if merging onto empty query filter #14580

merged 6 commits into from
May 11, 2024

Conversation

@vkarpov15
Copy link
Collaborator

@vkarpov15 vkarpov15 commented May 8, 2024

Fix #14567

Summary

Currently, when you call TestModel.find({ $and }), Mongoose doesn't clone the $and. Then Query.prototype.and() uses push() to add onto the $and array, which modifies the existing $and array.

We already have some logic in place from #12944 that shallow clones $and, $or if they're set, but that only currently kicks in if there's an existing $and / $or. With this PR, we'll do a shallow clone on $and, $or if they exist on the user's provided query filter.

Examples

@vkarpov15 vkarpov15 mentioned this pull request May 8, 2024
Closed
2 tasks
github-advanced-security[bot]
github-advanced-security bot found potential problems May 8, 2024
View reviewed changes
lib/utils.js
if (isPOJO(from[key])) {
to[key] = { ...from[key] };
} else {
to[key] = from[key];

Check warning

Code scanning / CodeQL

Prototype-polluting function

Properties are copied from [from](1) to [to](2) without guarding against prototype pollution.
sderrow
sderrow reviewed May 9, 2024
View reviewed changes
Copy link
Contributor

@sderrow sderrow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Just a couple thoughts.

@vkarpov15 vkarpov15 merged commit 3526799 into master May 11, 2024
@hasezoey hasezoey deleted the vkarpov15/gh-14567 branch May 11, 2024 15:33
@sclamage sclamage mentioned this pull request May 23, 2024
Closed
2 tasks
vkarpov15 added a commit that referenced this pull request May 24, 2024
@vkarpov15
bring in some changes from #14580
d4ad58e
@vkarpov15 vkarpov15 mentioned this pull request May 24, 2024
Merged
@saileshbro saileshbro mentioned this pull request Jun 5, 2024
Merged
@NotZarifGithub NotZarifGithub mentioned this pull request Jun 5, 2024
Open
@Gabo-Tech Gabo-Tech mentioned this pull request Jun 5, 2024
Open
@cqumilankorangi cqumilankorangi mentioned this pull request Jun 5, 2024
Open
@bryopsida bryopsida mentioned this pull request Jun 5, 2024
Closed
@lholmquist lholmquist mentioned this pull request Jun 5, 2024
Closed
@saileshbro saileshbro mentioned this pull request Jun 5, 2024
Merged
@Erenkrs Erenkrs mentioned this pull request Jun 5, 2024
Open
@tomlebl tomlebl mentioned this pull request Jun 5, 2024
Closed
@yunji0387 yunji0387 mentioned this pull request Jun 5, 2024
Merged
@DulranS DulranS mentioned this pull request Jun 5, 2024
Open
@yunji0387 yunji0387 mentioned this pull request Jun 5, 2024
Merged
This was referenced Jun 5, 2024
Open
Open
@yunji0387 yunji0387 mentioned this pull request Jun 17, 2024
Merged
@ashiq-firoz ashiq-firoz mentioned this pull request Jun 17, 2024
Open
@NehalRajora NehalRajora mentioned this pull request Jun 18, 2024
Open
@MinhhTien MinhhTien mentioned this pull request Jun 19, 2024
Closed
@Erenkrs Erenkrs mentioned this pull request Jun 20, 2024
Open
@YoutacRandS-VA YoutacRandS-VA mentioned this pull request Jun 20, 2024
Open
@patinhere patinhere mentioned this pull request Jun 20, 2024
Open
@tarasovkir tarasovkir mentioned this pull request Jun 20, 2024
Open
@Erenkrs Erenkrs mentioned this pull request Jun 21, 2024
Open
@akanchhaS akanchhaS mentioned this pull request Jun 21, 2024
Open
@Pratham-Darji Pratham-Darji mentioned this pull request Jun 21, 2024
Open
@Gabo-Tech Gabo-Tech mentioned this pull request Jun 21, 2024
Open
@NotZarifGithub NotZarifGithub mentioned this pull request Jun 21, 2024
Open
@MinhhTien MinhhTien mentioned this pull request Jun 21, 2024
Closed
@nejidevelops nejidevelops mentioned this pull request Jun 21, 2024
Open
@Erenkrs Erenkrs mentioned this pull request Jun 21, 2024
Open
This was referenced Jun 22, 2024
Open
Open
@MihikaNigam MihikaNigam mentioned this pull request Jun 22, 2024
Open
@nturukunga nturukunga mentioned this pull request Jun 22, 2024
Open
@DulranS DulranS mentioned this pull request Jun 22, 2024
Open
@LunarArtemis LunarArtemis mentioned this pull request Jun 22, 2024
Open
@javascript-benchmark javascript-benchmark mentioned this pull request Jun 22, 2024
Open
@lholmquist lholmquist mentioned this pull request Jun 22, 2024
Closed
@Erenkrs Erenkrs mentioned this pull request Jun 22, 2024
Open
@nay0101 nay0101 mentioned this pull request Jun 23, 2024
Closed
@yunji0387 yunji0387 mentioned this pull request Jun 23, 2024
Merged
@darshanthind darshanthind mentioned this pull request Jun 23, 2024
Open
This was referenced Jun 24, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hasezoey hasezoey Awaiting requested review from hasezoey

@AbdelrahmanHafez AbdelrahmanHafez Awaiting requested review from AbdelrahmanHafez

1 more reviewer

@sderrow sderrow sderrow left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Filter is mutated in place by Query modifiers

3 participants

@vkarpov15 @sderrow