[SERVER-41634] Audit log entry for insertMany only includes 1 document Created: 11/Jun/19  Updated: 27/Oct/23  Resolved: 31/Jul/19

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 4.0.9
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: barak gilboa Assignee: Spencer Jackson
Resolution: Gone away Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-16364 Audit code should not redact the cont... Closed
is related to SERVER-36606 Remove size limits on BSON audit events Closed
Operating System: ALL
Steps To Reproduce:

mlaunch init --dir clusters/main --replicaset --nodes 1 --auditDestination file --auditFormat JSON --auditPath clusters/main/replset/rs1/audit.log --auth --setParameter auditAuthorizationSuccess=true

Shell (after authenticating):

MongoDB Enterprise replset:PRIMARY> use test
MongoDB Enterprise replset:PRIMARY> db.test.insertMany([{a:1},{b:1},{c:1}])
{
	"acknowledged" : true,
	"insertedIds" : [
		ObjectId("5d002216c8ebbc12a504aa55"),
		ObjectId("5d002216c8ebbc12a504aa56"),
		ObjectId("5d002216c8ebbc12a504aa57")
	]
}

Audit file:

{ "atype" : "authCheck", "ts" : { "$date" : "2019-06-11T14:50:14.698-0700" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 60741 }, "users" : [ { "user" : "user", "db" : "admin" } ], "roles" : [ { "role" : "clusterAdmin", "db" : "admin" }, { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" }, { "role" : "dbAdminAnyDatabase", "db" : "admin" } ], "param" : { "command" : "insert", "ns" : "test.test", "args" : { "insert" : "test", "ordered" : true, "lsid" : { "id" : { "$binary" : "JOeKlQjLRK2vRQd7NJDGOQ==", "$type" : "04" } }, "$clusterTime" : { "clusterTime" : { "$timestamp" : { "t" : 1560289808, "i" : 1 } }, "signature" : { "hash" : { "$binary" : "4iDsdOVis5RHcK+h5LxWYNvwNyM=", "$type" : "00" }, "keyId" : { "$numberLong" : "6701392778519117825" } } }, "$db" : "test", "documents" : [ { "_id" : { "$oid" : "5d002216c8ebbc12a504aa55" }, "a" : 1 } ] } }, "result" : 0 }
{ "atype" : "authCheck", "ts" : { "$date" : "2019-06-11T14:50:14.708-0700" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 60741 }, "users" : [ { "user" : "user", "db" : "admin" } ], "roles" : [ { "role" : "clusterAdmin", "db" : "admin" }, { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" }, { "role" : "dbAdminAnyDatabase", "db" : "admin" } ], "param" : { "command" : "replSetGetStatus", "ns" : "admin", "args" : { "replSetGetStatus" : 1, "forShell" : 1, "$clusterTime" : { "clusterTime" : { "$timestamp" : { "t" : 1560289814, "i" : 3 } }, "signature" : { "hash" : { "$binary" : "2+6hVAhdrssDlPVa7GI8o6rHub4=", "$type" : "00" }, "keyId" : { "$numberLong" : "6701392778519117825" } } }, "$db" : "admin" } }, "result" : 0 }

Which only contains:

"documents" : [ { "_id" : { "$oid" : "5d002216c8ebbc12a504aa55" }, "a" : 1 } ]

Sprint: Security 2019-07-01, Security 2019-07-15, Security 2019-07-29, Security 2019-08-12
Participants:

 Description   

insertMany native audit doesn't provide the list of elements inserted

the audit only shows the first element inserted in the list, it doesn't show the count of the elements in the list as well

 This occurs on MongoDB atlas and the On-prem as well.



 Comments   
Comment by Spencer Jackson [ 31/Jul/19 ]

Excellent, I'm glad you obtained the results you expected. I'm going to close out this ticket. Please feel free to comment or open new ones if other questions arise.

Comment by Lior Shetrit [ 30/Jul/19 ]

We checked this on v4.2.0-rc4 by running this query:

db.cars.insertMany([
... { name: "honda" , speed: 100 },
... { name: "mercedes" , speed: 120 },
... { name: "audi" , speed: 150 }
... ])

And we got this native audit:

{ "atype" : "authCheck", "ts" : { "$date" : "2019-07-30T12:18:03.020+0300" }, "local" : { "ip" : "127.0.0.1", "port" : 27017 }, "remote" : { "ip" : "127.0.0.1", "port" : 35988 }, "users" : [], "roles" : [], "param" : { "command" : "insert", "ns" : "test.cars", "args" : { "insert" : "cars", "ordered" : true, "lsid" : { "id" : { "$binary" : "5ngMoS0cR+aKEEPqUqculw==", "$type" : "04" } }, "$db" : "test", "documents" : [ { "_id" : { "$oid" : "5d400b4b8b53167117ddca7a" }, "name" : "honda", "speed" : 100 }, { "_id" : { "$oid" : "5d400b4b8b53167117ddca7b" }, "name" : "mercedes", "speed" : 120 }, { "_id" : { "$oid" : "5d400b4b8b53167117ddca7c" }, "name" : "audi", "speed" : 150 } ] } }, "result" : 0 }

Using insert command instead of insertMany gives the same exact native audit.

Thanks for fixing this.

Comment by Danny Hatcher (Inactive) [ 29/Jul/19 ]

Have you had a chance to reproduce this?

Comment by barak gilboa [ 25/Jun/19 ]

yes, we will get to it in the upcoming weeks.

Comment by Spencer Jackson [ 21/Jun/19 ]

Hello barak.gilboa@imperva.com! Thanks for reporting this. This appears to be a limitation from 2.6, documented in SERVER-16364. Since then, work in SERVER-36606 on the command dispatch and auditing layers may have addressed your concern. This fix will be available in 4.2, but is unlikely to be backported because of change to output.

Can I ask if you're able to reproduce this on the latest 4.2 release candidate?

Comment by Eric Sedor [ 11/Jun/19 ]

Thanks barak.gilboa@imperva.com; I am passing this on to an appropriate team for consideration. You can watch this ticket for updates.

Generated at Thu Feb 08 04:58:16 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.