CXX-518 don't allow sending _id with nested $ key

Author: amidvidy

src/mongo/SConscript

@@ -53,14 +53,15 @@ unittests = [
     'base/parse_number_test',
     'bson/bson_field_test',
     'bson/bson_obj_test',
-    'bson/oid_test',
     'bson/bson_validate_test',
     'bson/bsonobjbuilder_test',
-    'bson/util/builder_test',
+    'bson/oid_test',
     'bson/util/bson_extract_test',
+    'bson/util/builder_test',
     'client/connection_string_test',
     'client/dbclient_rs_test',
     'client/index_spec_test',
+    'client/insert_write_operation_test',
     'client/replica_set_monitor_test',
     'client/write_concern_test',
     'db/dbmessage_test',

src/mongo/client/insert_write_operation.cpp

@@ -17,6 +17,7 @@
 
 #include "mongo/client/insert_write_operation.h"
 
+#include "mongo/bson/bsontypes.h"
 #include "mongo/client/dbclientinterface.h"
 #include "mongo/db/namespace_string.h"
 
@@ -66,8 +67,11 @@ namespace mongo {
     }
 
     BSONObj InsertWriteOperation::_ensureId(const BSONObj& doc) {
-        if (doc.hasField("_id"))
+        BSONElement id = doc.getField("_id");
+        if (!id.eoo()) {
+            uassert(0, "value of _id element cannot contain any fields starting with $", !id.isABSONObj() || id.Obj().okForStorage());
             return doc;
+        }
 
         BSONObjBuilder bob;
         bob.append("_id", OID::gen());

src/mongo/client/insert_write_operation_test.cpp

@@ -0,0 +1,50 @@
+/*    Copyright 2015 MongoDB Inc.
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#include "mongo/client/insert_write_operation.h"
+
+#include "mongo/bson/bsonobj.h"
+#include "mongo/bson/bsonobjbuilder.h"
+#include "mongo/util/assert_util.h"
+
+#include "mongo/unittest/unittest.h"
+
+namespace {
+
+    using namespace mongo;
+
+    TEST(InsertWriteOperation, IdFieldCannotContainDollarSignTopLevel) {
+        BSONObjBuilder bob;
+        bob.append("foo", "bar");
+        BSONObjBuilder subbob(bob.subobjStart("_id"));
+        subbob.append("$bad", "nogood");
+        subbob.done();
+        ASSERT_THROWS(InsertWriteOperation w(bob.done()), UserException);
+    }
+
+    TEST(InsertWriteOperation, IdFieldCannotContainDollarSignNested) {
+        BSONObjBuilder bob;
+        bob.append("garply", "nnnnoooo");
+        BSONObjBuilder subbob(bob.subobjStart("_id"));
+        BSONObjBuilder subsubbob(subbob.subobjStart("foo"));
+        BSONObjBuilder subsubsubbob(subbob.subobjStart("baz"));
+        subsubsubbob.append("$blah", "borked");
+        subsubsubbob.done();
+        subsubbob.done();
+        subbob.done();
+        ASSERT_THROWS(InsertWriteOperation w(bob.done()), UserException);
+    }
+
+}  // namespace