[CDRIVER-4000] Add test for security-sensitive command monitoring event redaction Created: 17/May/21  Updated: 28/Oct/23  Resolved: 05/Jul/21

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: None
Fix Version/s: 1.18.0

Type: Improvement Priority: Critical - P2
Reporter: Backlog - Core Eng Program Management Team Assignee: Andreas Braun
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by PHPC-1869 Redact sensitive commands from comman... Closed
Issue split
Related
related to CDRIVER-3797 Redact sensitive commands from comman... Closed
related to CDRIVER-4038 Test redaction of replies to security... Closed
Quarter: FY22Q2

 Description   

DRIVERS Ticket Description
Script Target - If you can read this text, the script has failed


 Comments   
Comment by Githook User [ 06/Jul/21 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: CDRIVER-4000 Remove undefined macro (#817)

Fix backport of CDRIVER-4000 to r1.17 branch.
Branch: r1.17
https://github.com/mongodb/mongo-c-driver/commit/dfab64ee6f9ea2223460224caf2e4aecf212c49c

Comment by Githook User [ 05/Jul/21 ]

Author:

{'name': 'Andreas Braun', 'email': 'alcaeus@users.noreply.github.com', 'username': 'alcaeus'}

Message: CDRIVER-4000 Test redaction of sensitive commands (#814)

  • Sync command monitoring spec tests

This brings the spec tests up to date with mongodb/specifications#84ac002b

  • Add support for 1.5 unified test format schema

This adds support for the "observeSensitiveCommands" monitoring option, as well as the new "auth" runOnRequirement.

  • Redact sensitive commands for APM
  • Test redaction of replies for sensitive commands
  • Force redaction of replies for sensitive commands

Previously, the driver would not redact the reply to a hello command with speculative authentication unless the reply also was sensitive. As this makes the test completely useless, we've decided to always require redaction of replies when the command was redacted.

  • Document is_redacted and force_redaction arguments to APM initialisers
Comment by Githook User [ 05/Jul/21 ]

Author:

{'name': 'Andreas Braun', 'email': 'alcaeus@users.noreply.github.com', 'username': 'alcaeus'}

Message: CDRIVER-4000 Test redaction of sensitive commands (#814)

  • Sync command monitoring spec tests

This brings the spec tests up to date with mongodb/specifications#84ac002b

  • Add support for 1.5 unified test format schema

This adds support for the "observeSensitiveCommands" monitoring option, as well as the new "auth" runOnRequirement.

  • Redact sensitive commands for APM
  • Test redaction of replies for sensitive commands
  • Force redaction of replies for sensitive commands

Previously, the driver would not redact the reply to a hello command with speculative authentication unless the reply also was sensitive. As this makes the test completely useless, we've decided to always require redaction of replies when the command was redacted.

  • Document is_redacted and force_redaction arguments to APM initialisers
Comment by Andreas Braun [ 02/Jul/21 ]

https://github.com/mongodb/mongo-c-driver/pull/814

Generated at Wed Feb 07 21:19:38 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.