[SERVER-33857] Missing log redaction due to confusion with Command::redactForLogging() Created: 13/Mar/18  Updated: 29/Oct/23  Resolved: 26/Mar/18

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 3.6.3, 3.7.2
Fix Version/s: 3.4.17, 3.6.7, 3.7.4

Type: Bug Priority: Major - P3
Reporter: David Storch Assignee: Gabriel Russell (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Related
is related to SERVER-33302 Missing log redaction for a few failu... Closed
is related to SERVER-34003 passwords are not redacted from unrec... Closed
Backwards Compatibility: Minor Change
Operating System: ALL
Backport Requested:
v3.6, v3.4
Participants:

 Description   

The existing Command::redactForLogging() predates the --redactClientLogData feature. The two are unrelated. The latter was introduced in 3.4, and when enabled, strips any PII from the logs. The former, on the other hand, is always enabled, and is used to strip password data (as well as to avoid overlong write command lines).

We appear to have confused these two redaction functions, resulting in a places where redaction is missing:

https://github.com/mongodb/mongo/blob/master/src/mongo/db/service_entry_point_common.cpp#L713-L714

https://github.com/mongodb/mongo/blob/master/src/mongo/db/service_entry_point_common.cpp#L758-L762

https://github.com/mongodb/mongo/blob/master/src/mongo/db/service_entry_point_common.cpp#L766-L770

https://github.com/mongodb/mongo/blob/master/src/mongo/db/service_entry_point_common.cpp#L836-L837

Should ServiceEntryPointCommon::getRedactedCopyForLogging() also call redact(const BSONObj&)?



 Comments   
Comment by Githook User [ 23/Jul/18 ]

Author:

{'username': 'gabrielrussell', 'name': 'Gabriel Russell', 'email': 'gabriel.russell@mongodb.com'}

Message: SERVER-33857 call wrap getRedactedCopyForLogging() calls with redact()
Branch: v3.4
https://github.com/mongodb/mongo/commit/47e002d0c36d5c13a633890c3a11e51af6d8f891

Comment by Githook User [ 23/Jul/18 ]

Author:

{'name': 'Gabriel Russell', 'email': 'gabriel.russell@mongodb.com', 'username': 'gabrielrussell'}

Message: SERVER-33857 call wrap getRedactedCopyForLogging() calls with redact()
Branch: v3.6
https://github.com/mongodb/mongo/commit/56326b0733062c56f6d37d6ccaa57faa7999962d

Comment by Githook User [ 26/Mar/18 ]

Author:

{'email': 'gabriel.russell@mongodb.com', 'name': 'Gabriel Russell', 'username': 'gabrielrussell'}

Message: SERVER-33857 call wrap getRedactedCopyForLogging() calls with redact()
Branch: master
https://github.com/mongodb/mongo/commit/33f5cf3c7eb4e260b8cafa218bc99cf736dcbc63

Generated at Thu Feb 08 04:34:47 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.