[SERVER-16364] Audit code should not redact the contents of CRUD operations Created: 01/Dec/14 Updated: 12/Aug/19 Resolved: 09/Aug/19 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.6.0 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Andy Schwerin | Assignee: | Spencer Jackson |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Operating System: | ALL | ||||||||||||||||
| Sprint: | Security 2019-08-12 | ||||||||||||||||
| Participants: | |||||||||||||||||
| Description |
|
As of 2.6.0, when commands authorization checks get logged for write command (insert, update, delete), if the command contains multiple actions (several inserts, say), the audit code only logs the number of actions, not the actions themselves. This was a side-effect of |
| Comments |
| Comment by Spencer Jackson [ 09/Aug/19 ] |
|
This behaviour was observed again in |
| Comment by Andy Schwerin [ 01/Dec/14 ] |
|
This was the relevant commit: https://github.com/mongodb/mongo/commit/a6867c67c3fd2d3d3be3d13cba7840e3acedb575. The author was leveraging the fact that OpDebug::report calls redactForLogging, and the impact on the redaction in the audit code was a side effect. |