[SERVER-32112] Create log redaction fuzzer Created: 29/Nov/17  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Logging, Testing Infrastructure
Affects Version/s: None
Fix Version/s: None

Type: New Feature Priority: Major - P3
Reporter: Judah Schvimer Assignee: Backlog - Server Tooling and Methods (STM) (Inactive)
Resolution: Unresolved Votes: 0
Labels: stm
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Assigned Teams:
Server Tooling & Methods
Participants:

 Description   

Currently log redaction is only caught in code review and in a manual review at the end of each release. One automated way to look for unredacted strings would be to put a canary string like 'XXXXXXXXX' in places that we expect to be redacted and make sure that we don't see it in the logs.



 Comments   
Comment by Steven Vannelli [ 10/May/22 ]

Moving this ticket to the Backlog and removing the "Backlog" fixVersion as per our latest policy for using fixVersions.

Comment by Andrew Morrow (Inactive) [ 19/Dec/17 ]

I think it is a cool idea, and may well be the right tool. I think it had been mentioned at one point when Jason and I were proposing implementing redaction via data-tainting, either at the language level or via tooling. We don't have any experience with it though, or know how to teach it what we want it to do.

Comment by Max Hirschhorn [ 19/Dec/17 ]

acm, would you consider DataFlowSanitizer too heavy-weight for this purpose? I'd be curious if we could somehow tag the memory that comes out of the storage engine in such a way that log() would fail on it.

One question that also came up during our triage meeting earlier today was whether Server engineers would benefit from being able to write a C++ unit test to affirm that the redact() function is being used in the log messages written by a particular function. (For example, by using a mongo::RamLog while running the test.) My impression is that Judah's request of trying to automate places where we're currently failing to redact contents of a log message is more useful.

CC pasette

Generated at Thu Feb 08 04:29:14 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.