Details
-
Task
-
Resolution: Fixed
-
Major - P3
-
None
-
None
-
None
-
Fully Compatible
-
Security 2023-04-03
Description
Mark plans as “sensitive” if they are a QE operation or QE state collection by checking if OpDebug::shouldOmitDiagnosticInformation == true. Filter these sensitive plans from the output of $planCacheStats.
This can be done by adding a "securityLevel" field to plans, set it to sensitive if it is in the categories listed above, and then filter these plans out. See https://github.com/markbenvenuto/mongo/commit/88cb47e5d3144e0f75a2d526ed6bc5392bdd5867 for very rough POC of where to change in the query code.
Now plans are not cached unless there are multiple index choices that can be used. For QE testing, we are going to have to write queries that are a mix of plaintext and encrypted fields in the same query.
See existing plan cache tests: jstests/noPassthrough/plan_cache_stats_agg_source.js for some ideas of how to trigger caching of QE queries (https://github.com/mongodb/mongo/blob/b185d04364c298e701943a1e800c4036ce8df6e7/jstests/noPassthrough/plan_cache_stats_agg_source.js#L1-L58)
Attachments
Issue Links
- is duplicated by
-
SERVER-74603 Filter out plans with QE operations from $planCacheStats
-
- Closed
-