Module dk.cloudcreate.essentials.components.foundation
Package dk.cloudcreate.essentials.components.foundation.mongo

Class MongoUtil

java.lang.Object
dk.cloudcreate.essentials.components.foundation.mongo.MongoUtil
public final class MongoUtil extends Object

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final int
    MAX_LENGTH
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    MongoUtil()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    static void
    checkIsValidCollectionName(String collectionName)
    Validates if the provided collection name is valid and safe to use.
    The method provided is designed as an initial layer of defense against users providing unsafe collection names, by applying naming conventions intended to reduce the risk of malicious input.
    However, Essentials components as well as checkIsValidCollectionName(String) does not offer exhaustive protection, nor does it assure the complete security of the resulting MongoDB configuration and associated Queries/Updates/etc..
    The responsibility for implementing protective measures against malicious input lies exclusively with the users/developers using the Essentials components and its supporting classes.
    Users must ensure thorough sanitization and validation of API input parameters, collection names.
    Insufficient attention to these practices may leave the application vulnerable to attacks, potentially endangering the security and integrity of the database.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

  • Constructor Details

    • MongoUtil

      public MongoUtil()

  • Method Details

    • checkIsValidCollectionName

      public static void checkIsValidCollectionName(String collectionName)
      Validates if the provided collection name is valid and safe to use.
      The method provided is designed as an initial layer of defense against users providing unsafe collection names, by applying naming conventions intended to reduce the risk of malicious input.
      However, Essentials components as well as checkIsValidCollectionName(String) does not offer exhaustive protection, nor does it assure the complete security of the resulting MongoDB configuration and associated Queries/Updates/etc..
      The responsibility for implementing protective measures against malicious input lies exclusively with the users/developers using the Essentials components and its supporting classes.
      Users must ensure thorough sanitization and validation of API input parameters, collection names.
      Insufficient attention to these practices may leave the application vulnerable to attacks, potentially endangering the security and integrity of the database.

      The method checks if the collectionName:

      • Is not null, empty, and does not consist solely of whitespace.
      • Does not start with "system." (case-insensitive check).
      • Does not start with $, or contains the null character.
      • Contains only characters valid for Mongo collection names: letters, digits, and underscores

      Parameters:
      collectionName - The collection name to validate.
      Throws:
      InvalidCollectionNameException - in case the collectionName violates the rules