[SERVER-33302] Missing log redaction for a few failure paths Created: 13/Feb/18  Updated: 29/Oct/23  Resolved: 20/Feb/18

Status: Closed
Project: Core Server
Component/s: Querying
Affects Version/s: 3.6.2
Fix Version/s: 3.6.4, 3.7.3

Type: Bug Priority: Major - P3
Reporter: Ramon Fernandez Marina Assignee: David Storch
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Related
related to SERVER-33857 Missing log redaction due to confusio... Closed
is related to SERVER-34003 passwords are not redacted from unrec... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v3.6
Sprint: Query 2018-02-26
Participants:
Case:

 Description   

When using authentication and log redaction, issuing a find command the query is displayed in the log file if the user is not authorized to run the command:

Using OP_QUERY legacy find

2018-02-13T14:19:54.531-0500 I QUERY    [conn1] assertion Unauthorized: not authorized for query on test.foo ns:test.foo query:{ _id: 123.0 }

Using find command

2018-02-13T14:20:14.811-0500 I ACCESS   [conn2] Unauthorized: not authorized on test to execute command { find: "foo", filter: { _id: 123.0 }, $db: "test" }



 Comments   
Comment by Githook User [ 23/Feb/18 ]

Author:

{'email': 'david.storch@10gen.com', 'name': 'David Storch', 'username': 'dstorch'}

Message: SERVER-33302 Add missing calls to redact() in error paths.

(cherry picked from commit 6b08990f795c3521465ea096fd6e898b6fedd51b)

Conflicts:
src/mongo/db/service_entry_point_common.cpp
Branch: v3.6
https://github.com/mongodb/mongo/commit/4edbfc783b20d2890e75d33367cf7bd57a9df316

Comment by Githook User [ 20/Feb/18 ]

Author:

{'email': 'david.storch@10gen.com', 'name': 'David Storch', 'username': 'dstorch'}

Message: SERVER-33302 Add missing calls to redact() in error paths.
Branch: master
https://github.com/mongodb/mongo/commit/6b08990f795c3521465ea096fd6e898b6fedd51b

Comment by David Storch [ 20/Feb/18 ]

It appears that Command::redactForLogging() predates the --redactClientLogData feature. Confusingly, the two are unrelated. The latter was introduced in 3.4, and when enabled, strips any PII from the logs. The former, on the other hand, is always enabled, and is used to strip password data (as well as to avoid overlong write command lines).

This bug seems to be the direct result of this confusion during the implementation of --redactClientLogData, so I'll try to leave some clarifying comments.

Generated at Thu Feb 08 04:32:58 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.