[SERVER-16620] escape double quotes \" when printing strings to log Created: 21/Dec/14  Updated: 06/Dec/22  Resolved: 09/Nov/20

Status: Closed
Project: Core Server
Component/s: Logging, Usability
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor - P4
Reporter: Thomas Rueckstiess Assignee: Backlog - Security Team
Resolution: Done Votes: 4
Labels: move-sec
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-14739 Escape control characters in log mess... Closed
is related to CDRIVER-2824 Client metadata is invalid JSON Closed
is related to SERVER-16618 Log file should print extended json c... Backlog
Assigned Teams:
Server Security
Participants:

 Description   

A query like this:

db.foo.find({a: "\"i'm a quoted text\""})

is printed to the log file like so:

2014-12-21T15:43:14.894+1100 I QUERY    [conn5] query test.foo query: { a: ""i'm a quoted text"" } planSummary: EOF ...

The inner quotes are not escaped. This makes parsing this string with json/javascript parsers impossible.

Instead, it should be printed like so:

2014-12-21T15:43:14.894+1100 I QUERY    [conn5] query test.foo query: { a: "\"i'm a quoted text\"" } planSummary: EOF ...



 Comments   
Comment by Spencer Jackson [ 09/Nov/20 ]

This issue has been resolved with structured logging, which was released in 4.4.

Comment by Victor Hooi [ 21/Jul/15 ]

I just hit this issue as well:

3.0.4:

2015-07-21T13:49:50.641+1000 I COMMAND  [conn3] command cats.$cmd command: insert { insert: "mycats", documents: [ { _id: ObjectId('55adc15ec6f1d50f10afa54d'), name: "a"b" } ], orde
red: true } keyUpdates:0 writeConflicts:0 numYields:0 reslen:40 locks:{ Global: { acquireCount: { r: 2, w: 2 } }, MMAPV1Journal: { acquireCount: { w: 8 }, acquireWaitCount: { w: 1 }
, timeAcquiringMicros: { w: 23 } }, Database: { acquireCount: { w: 1, W: 1 } }, Collection: { acquireCount: { W: 1 } }, Metadata: { acquireCount: { W: 4 } } } 320ms

2015-07-21T13:50:21.742+1000 I QUERY    [conn3] query cats.mycats query: { name: "a"b" } planSummary: COLLSCAN ntoreturn:0 ntoskip:0 nscanned:0 nscannedObjects:1 keyUpdates:0 write$onflicts:0 numYields:0 nreturned:1 reslen:56 locks:{ Global: { acquireCount: { r: 2 } }, MMAPV1Journal: { acquireCount: { r: 1 } }, Database: { acquireCount: { r: 1 } }, Collection$ { acquireCount: { R: 1 } } } 0ms

2.4.14:
In this case, escape characters also don't work in the 2.4.x shell - I needed to use ' (single quotes) as the outer to get a double quote in, backslash for escape seems to be broken

Tue Jul 21 14:10:34.412 [conn3] query cats.mycats query: { name: "a"b" } ntoreturn:0 ntoskip:0 nscanned:1 keyUpdates:0 locks(micros) r:87 nreturned:1 reslen:56 0ms

Also, I believe this is related to SERVER-14739, which covers newline escape characters.

Generated at Thu Feb 08 03:41:41 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.