Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-33857

Missing log redaction due to confusion with Command::redactForLogging()

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • 3.6.3, 3.7.2
    • 3.4.17, 3.6.7, 3.7.4
    • Security
    • None
    • Minor Change
    • ALL
    • v3.6, v3.4

    Description

      The existing Command::redactForLogging() predates the --redactClientLogData feature. The two are unrelated. The latter was introduced in 3.4, and when enabled, strips any PII from the logs. The former, on the other hand, is always enabled, and is used to strip password data (as well as to avoid overlong write command lines).

      We appear to have confused these two redaction functions, resulting in a places where redaction is missing:

      https://github.com/mongodb/mongo/blob/master/src/mongo/db/service_entry_point_common.cpp#L713-L714

      https://github.com/mongodb/mongo/blob/master/src/mongo/db/service_entry_point_common.cpp#L758-L762

      https://github.com/mongodb/mongo/blob/master/src/mongo/db/service_entry_point_common.cpp#L766-L770

      https://github.com/mongodb/mongo/blob/master/src/mongo/db/service_entry_point_common.cpp#L836-L837

      Should ServiceEntryPointCommon::getRedactedCopyForLogging() also call redact(const BSONObj&)?

      Attachments

        Issue Links

          Activity

            People

              gabriel.russell@mongodb.com Gabriel Russell (Inactive)
              david.storch@mongodb.com David Storch
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: