-
Type:
Bug
-
Resolution: Works as Designed
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
-
Environment:OS: CentOS Linux release 7.9.2009 (Core)
mongosh: 1.8.0
-
Not Needed
Problem Statement/Rationale
What is going wrong? What action would you like the Engineering team to take?
I was running a query against a collection with ~10M documents and accidentally included a toArray() call to my cursor (leftover from testing). toArray() caused a heap dump as the machine could not load all 10M documents into memory. To my surprise, mongosh printed out my password in plaintext in the heap dump.
In this particular case, mongosh is invoked from a bash script. I am not sure if this is specifically a mongosh issue or an issue that arises due to mongosh being invoked from a bash script.
Please be sure to attach relevant logs with any sensitive data redacted.
How to retrieve logs for: Compass; Shell
<--- Last few GCs ---> [6885:0x617fbb0] 2598760 ms: Mark-sweep 4047.8 (4136.4) -> 4034.9 (4138.6) MB, 2045.4 / 0.0 ms (average mu = 0.092, current mu = 0.020) task scavenge might not succeed [6885:0x617fbb0] 2600947 ms: Mark-sweep 4048.5 (4139.6) -> 4035.3 (4139.3) MB, 2104.8 / 3.0 ms (average mu = 0.065, current mu = 0.038) task scavenge might not succeed <--- JS stacktrace ---> FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory 1: 0xb7f280 node::Abort() [mongosh mongodb+srv://<credentials>@redacted-srv.com/database?authSource=%24external&authMechanism=PLAIN&maxPoolSize=1&srvMaxHosts=1&readPreference=secondaryPreferred&tls=true] 2: 0xa89702 [mongosh mongodb+srv://<credentials>@redacted-srv.com/database?authSource=%24external&authMechanism=PLAIN&maxPoolSize=1&srvMaxHosts=1&readPreference=secondaryPreferred&tls=true] 3: 0xd57de0 v8::Utils::ReportOOMFailure(v8::internal::Isolate*, char const*, bool) [mongosh mongodb+srv://<credentials>@redacted-srv.com/database?authSource=%24external&authMechanism=PLAIN&maxPoolSize=1&srvMaxHosts=1&readPreference=secondaryPreferred&tls=true] 4: 0xd58187 v8::internal::V8::FatalProcessOutOfMemory(v8::internal::Isolate*, char const*, bool) [mongosh mongodb+srv://<credentials>@redacted-srv.com/database?authSource=%24external&authMechanism=PLAIN&maxPoolSize=1&srvMaxHosts=1&readPreference=secondaryPreferred&tls=true] 5: 0xf0f305 [mongosh mongodb+srv://<credentials>@redacted-srv.com/database?authSource=%24external&authMechanism=PLAIN&maxPoolSize=1&srvMaxHosts=1&readPreference=secondaryPreferred&tls=true] 6: 0xf0fde6 [mongosh mongodb+srv://<credentials>@redacted-srv.com/database?authSource=%24external&authMechanism=PLAIN&maxPoolSize=1&srvMaxHosts=1&readPreference=secondaryPreferred&tls=true] 7: 0xf1e30e [mongosh mongodb+srv://<credentials>@redacted-srv.com/database?authSource=%24external&authMechanism=PLAIN&maxPoolSize=1&srvMaxHosts=1&readPreference=secondaryPreferred&tls=true] 8: 0xf1ed50 v8::internal::Heap::CollectGarbage(v8::internal::AllocationSpace, v8::internal::GarbageCollectionReason, v8::GCCallbackFlags) [mongosh mongodb+srv://<credentials>@redacted-srv.com/database?authSource=%24external&authMechanism=PLAIN&maxPoolSize=1&srvMaxHosts=1&readPreference=secondaryPreferred&tls=true] 9: 0xf21cae v8::internal::Heap::AllocateRawWithRetryOrFailSlowPath(int, v8::internal::AllocationType, v8::internal::AllocationOrigin, v8::internal::AllocationAlignment) [mongosh mongodb+srv://<credentials>@redacted-srv.com/database?authSource=%24external&authMechanism=PLAIN&maxPoolSize=1&srvMaxHosts=1&readPreference=secondaryPreferred&tls=true] 10: 0xee347a v8::internal::Factory::NewFillerObject(int, bool, v8::internal::AllocationType, v8::internal::AllocationOrigin) [mongosh mongodb+srv://<credentials>@redacted-srv.com/database?authSource=%24external&authMechanism=PLAIN&maxPoolSize=1&srvMaxHosts=1&readPreference=secondaryPreferred&tls=true] 11: 0x125eda6 v8::internal::Runtime_AllocateInYoungGeneration(int, unsigned long*, v8::internal::Isolate*) [mongosh mongodb+srv://<credentials>@redacted-srv.com/database?authSource=%24external&authMechanism=PLAIN&maxPoolSize=1&srvMaxHosts=1&readPreference=secondaryPreferred&tls=true] 12: 0x1646419 [mongosh mongodb+srv://<credentials>@redacted-srv.com/database?authSource=%24external&authMechanism=PLAIN&maxPoolSize=1&srvMaxHosts=1&readPreference=secondaryPreferred&tls=true] /redacted/script: line 235: 6885 Aborted (core dumped) /usr/bin/mongosh mongodb+srv://redacted-srv.com/database?authSource=\$external\&authMechanism=PLAIN\&maxPoolSize=1\&srvMaxHosts=1\&readPreference=secondaryPreferred --tls --username '<redacted plaintext username>' --password '<redacted plaintext password>'
Steps to Reproduce
How could an engineer replicate the issue you’re reporting?
Attempt to find a large amount of documents that will not fit into memory when toArray() is called on a cursor, e.g. db.data.find().toArray().
Expected Results
What do you expect to happen?
Password should not be output in plaintext, similar to how the <credentials> in other lines of the logs look.
Actual Results
What do you observe is happening?
Password is output in plaintext (see <redacted plaintext password>).
Additional Notes
Any additional information that may be useful to include.