[SERVER-63588] IDL applies redaction to incoming ServerParameter strings. Created: 11/Feb/22  Updated: 29/Oct/23  Resolved: 10/Mar/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 6.0.0-rc0

Type: Bug Priority: Major - P3
Reporter: Billy Donahue Assignee: Billy Donahue
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by SERVER-63628 IDL override_set generates unnecessar... Closed
is depended on by SERVER-63627 Avoid self-registration in ServerPara... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Service Arch 2022-2-21, Service Arch 2022-03-07, Service Arch 2022-03-21
Participants:
Story Points: 5

 Description   

(This assessment was incorrect. Added a test and simplified to make this clearer)

The ServerParameter::set(string) overload generated by IDL redacts the incoming string.

https://github.com/10gen/mongo/blob/7f30babba00b8bea2df2f1d62d3b29f3bf1f14fa/buildscripts/idl/idl/generator.py#L2311

(discovered during SERVER-57609)



 Comments   
Comment by Githook User [ 10/Mar/22 ]

Author:

{'name': 'Billy Donahue', 'email': 'billy.donahue@mongodb.com', 'username': 'BillyDonahue'}

Message: SERVER-63588 ServerParameter: test for redact, remove self-registration
Branch: master
https://github.com/mongodb/mongo/commit/7c5ff6c91299f45dff93e07b13c097ec846ce040

Comment by Billy Donahue [ 22/Feb/22 ]

Actually I was wrong about the behavior here. The redact parameter of the coerceToString only applies to the Status it generates on failure, not its payload. I didn't see this until I wrote a test for it, so we can commit the test to make sure it stays true. But some other improvements came out of the investigation. SERVER-63627, SERVER-63628.

Comment by Billy Donahue [ 11/Feb/22 ]

        if not cls.override_set:
            with self._block('Status %s::set(const BSONElement& newValueElement) {' % (cls.name),
                             '}'):
                self._writer.write_line('auto swValue = coerceToString(newValueElement, %s);' %
                                        ('true' if param.redact else 'false'))
                with self._predicate('!swValue.isOK()'):
                    self._writer.write_line('return swValue.getStatus();')
                self._writer.write_line('return setFromString(swValue.getValue());')
            self.write_empty_line()

I believe the coerce statement should just always say false for the redact parameter.

    auto swValue = coerceToString(newValueElement, false);

redaction is an output operation, not an input operation.

Generated at Thu Feb 08 05:58:09 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.