I am wondering if this mongoDB driver for golang is susceptible to an injection attack:
https://github.com/mongodb/mongo-go-driver
Not able to find it documented, or glean it from the internal workings of the package.
It uses bson.D and bson.M internal map types for filtering, so it should be fairly easy to scrub the params and secure, just wondering if anyone knows for sure:
https://pkg.go.dev/go.mongodb.org/mongo-driver#v1.2.1/bson?tab=doc
For example, can we safely do something like this?
filter := bson.D{{"token", token}}
result := []struct {
AccountID string `bson:"account_id"`
Token string `bson:"token"`
}{}
// coll is *mondo.Collection
cur, err := d.coll.Find(ctx, filter)
err = cur.All(ctx, &result);
Thank you!
Related
According to the documentation, I need to use the multi option to update multiple documents at once on some operations (example).
My project is in Go. Although, when i read through the driver documentation, I can't find any multi option. Here is the structure presenting the available options (official go driver code) :
type UpdateOptions struct {
ArrayFilters *ArrayFilters
BypassDocumentValidation *bool
Collation *Collation
Comment interface{}
Hint interface{}
Upsert *bool
Let interface{}
}
How can still use it in my go project ?
See the documentation on update many:
You can update multiple documents in a collection by using the UpdateMany() method.
Example from documentation:
coll := client.Database("sample_airbnb").Collection("listingsAndReviews")
filter := bson.D{{"address.market", "Sydney"}}
update := bson.D{{"$mul", bson.D{{"price", 1.15}}}}
result, err := coll.UpdateMany(context.TODO(), filter, update)
if err != nil {
panic(err)
}
In Golang I read a value from a database.
findOptions := options.FindOneOptions{}
findOptions.SetSort(bson.D{{"foo", -1}})
var valueFromDatabase *mongo.SingleResult
valueFromDatabase = clients.MongoClient.Database("foo").Collection("foo").FindOne(context.TODO(), bson.M{})
Is it possible to get a specific position, much like you would in an array?
Not working sample code, how it should fetch the values:
valueFromDatabase.NestedObject.Array[0].Value
Background is. A generic approach should be used so that the solution works independently of the structure of the BSON document. Which fields are to be read out is known from a slice.
The following approach was tried: The conversion to a json destroys the Mongo encryption.
I'm new to GoLang and MongoDB technologies. I created several documents in a collection and when it is displayed in a single collection, it shows;
I need to select only the _id from all the documents in the collection similarly to SQL SELECT _id FROM Docs
I didn't find a method to solve this problem using GoLang. But I tried select all the documents and filter the _id from all
collection, err := db.GetDBCollectionUnzip("docs")
var res model.ResponseResult
findOptions := options.Find()
findOptions.SetLimit(2)
var results []*map[string]interface{}
cur, err := collection.Find(context.TODO(), bson.D{{}}, findOptions)
Since the document content is large, it seems to be a time consuming approach. I hope a guidance for this matter. Thank you in advance.
Finally I was able to find the solution. This may be helpful for anyone who is interested.
findOptions := options.Find().SetProjection(bson.M{"_id": 1})
findOptions.SetLimit(2)
cur, err := collection.Find(context.TODO(), bson.D{{}}, findOptions)
I went through the documentation to insert multiple records into postgres using the package pg https://pkg.go.dev/github.com/go-pg/pg/v10#example-DB.Model-BulkInsert .
db := modelDB()
book1 := &Book{
Title: "new book 1",
}
book2 := &Book{
Title: "new book 2",
}
_, err := db.Model(book1, book2).Insert()
if err != nil {
panic(err)
}
fmt.Println(book1, book2)
Honestly i dont like this solution since it does not allow me to pass an array of books. Cause the use case i have is that i wont know the number of books i need to insert.
Should i be using transactions here cause i might have to insert more than 20 record at once. If yes, please help as am not finding good examples for this one.
PS: Must use pg library.
Just put your book, in array of slices, and insert it, go-pg support insert batch
Rarely I see a EOF error from mgo in my logs. Searching about this issue I came across this discussion where it is suggested that it would be safe to put a session.Refresh() at the start of the loop to handle this issue other issues like socket error, timeout etc.
However I couldn't find if my loop should be like this where the collection (*mgo.Collection) is re-assigned after each Refresh():
session := // create mgo session
var collection *mgo.Collection
for{
session.Refresh()
collection := session.DB("dbname").C("collectionName")
....
}
OR like below where collection is assigned once outside the loop:
session := // create mgo session
collection := session.DB("dbname").C("collectionName")
for{
session.Refresh()
....
}
Posting this since I am not able to simulate this issue at will