From f9728c3ac3db979af37ef1f73b834fc10caf6577 Mon Sep 17 00:00:00 2001
From: Pasin Suriyentrakorn <pasin@couchbase.com>
Date: Wed, 13 May 2026 11:32:16 -0700
Subject: [PATCH] CBL-8291: Reject replication filter requests on unexpected
 errors

* Changed ReplicationCollection filter callback to return false (reject) rather than true (allow) when encountering unexpected error conditions.

* Updated comments and log messages.
---
 .../lite/internal/ReplicationCollection.java  | 26 ++++++++++++++-----
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/common/main/java/com/couchbase/lite/internal/ReplicationCollection.java b/common/main/java/com/couchbase/lite/internal/ReplicationCollection.java
index e65a6ceec..c3686c517 100644
--- a/common/main/java/com/couchbase/lite/internal/ReplicationCollection.java
+++ b/common/main/java/com/couchbase/lite/internal/ReplicationCollection.java
@@ -116,19 +116,31 @@ static boolean filterCallback(
             revID,
             collToken,
             coll);
+
+        // This should never happen. If it does, abort and return false for security reasons.
         if (coll == null) {
-            Log.w(LOG_DOMAIN, "Request to filter unrecognized collection: " + scope + "." + name);
-            return true;
+            Log.w(LOG_DOMAIN,
+                    "Rejecting filter request for unrecognized collection %s.%s, returning false",
+                    scope, name);
+            return false;
         }
 
         final C4Filter filter = (isPush) ? coll.c4PushFilter : coll.c4PullFilter;
-        if (filter == null) { return true; }
 
-        // This shouldn't happen.
-        // If it does, we have no idea what is going on and shouldn't get in the way.
+        // This should never happen. If it does, abort and return false for security reasons.
+        if (filter == null) {
+            Log.w(LOG_DOMAIN,
+                    "Rejecting filter request, %s filter could not be found, returning false",
+                    isPush ? "push" : "pull");
+            return false;
+        }
+
+        // This should never happen. If it does, abort and return false for security reasons.
         if ((docID == null) || (revID == null)) {
-            Log.w(LOG_DOMAIN, "Ignoring filter request for null %s/%s", docID, revID);
-            return true;
+            Log.w(LOG_DOMAIN,
+                    "Rejecting filter request with null docID or revID: %s/%s, returning false",
+                    docID, revID);
+            return false;
         }
 
         final ClientTask<Boolean> task = new ClientTask<>(() -> filter.test(docID, revID, body, flags));