SERVER-24521 Log redaction 'redact' functions

6 files changed, 316 insertions, 0 deletions

diff --git a/src/mongo/logger/SConscript b/src/mongo/logger/SConscript
index 4554deb8dee..e9bd048f1d6 100644
--- a/src/mongo/logger/SConscript
+++ b/src/mongo/logger/SConscript
@@ -26,3 +26,10 @@ env.CppUnitTest('rotatable_file_writer_test',
 env.CppUnitTest(target='parse_log_component_settings_test',
                 source='parse_log_component_settings_test.cpp',
                 LIBDEPS=['$BUILD_DIR/mongo/base', 'parse_log_component_settings'])
+
+env.CppUnitTest(target='redaction_test',
+                source='redaction_test.cpp',
+                LIBDEPS=[
+                    '$BUILD_DIR/mongo/base',
+                ]
+)
diff --git a/src/mongo/logger/component_message_log_domain.cpp b/src/mongo/logger/component_message_log_domain.cpp
index 9d1b41e9472..9f2964ad38e 100644
--- a/src/mongo/logger/component_message_log_domain.cpp
+++ b/src/mongo/logger/component_message_log_domain.cpp
@@ -79,5 +79,9 @@ void ComponentMessageLogDomain::clearMinimumLoggedSeverity(LogComponent componen
     _settings.clearMinimumLoggedSeverity(component);
 }
 
+void ComponentMessageLogDomain::setShouldRedactLogs(bool shouldRedact) {
+    _shouldRedact.store(shouldRedact);
+}
+
 }  // namespace logger
 }  // namespace mongo
diff --git a/src/mongo/logger/component_message_log_domain.h b/src/mongo/logger/component_message_log_domain.h
index 49e55e4c160..15f9301e695 100644
--- a/src/mongo/logger/component_message_log_domain.h
+++ b/src/mongo/logger/component_message_log_domain.h
@@ -79,8 +79,21 @@ public:
      */
     void clearMinimumLoggedSeverity(LogComponent component);
 
+    /**
+     * Returns true if system logs should be redacted.
+     */
+    bool shouldRedactLogs() {
+        return _shouldRedact.loadRelaxed();
+    }
+
+    /**
+     * Set the 'redact' mode of the server.
+     */
+    void setShouldRedactLogs(bool shouldRedact);
+
 private:
     LogComponentSettings _settings;
+    AtomicBool _shouldRedact{false};
 };
 
 }  // namespace logger
diff --git a/src/mongo/logger/redaction.cpp b/src/mongo/logger/redaction.cpp
new file mode 100644
index 00000000000..c66d50fdb83
--- /dev/null
+++ b/src/mongo/logger/redaction.cpp
@@ -0,0 +1,85 @@
+/*    Copyright 2016 MongoDB Inc.
+ *
+ *    This program is free software: you can redistribute it and/or  modify
+ *    it under the terms of the GNU Affero General Public License, version 3,
+ *    as published by the Free Software Foundation.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    GNU Affero General Public License for more details.
+ *
+ *    You should have received a copy of the GNU Affero General Public License
+ *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ *    As a special exception, the copyright holders give permission to link the
+ *    code of portions of this program with the OpenSSL library under certain
+ *    conditions as described in each individual source file and distribute
+ *    linked combinations including the program with the OpenSSL library. You
+ *    must comply with the GNU Affero General Public License in all respects
+ *    for all of the code used other than as permitted herein. If you modify
+ *    file(s) with this exception, you may extend this exception to your
+ *    version of the file(s), but you are not obligated to do so. If you do not
+ *    wish to do so, delete this exception statement from your version. If you
+ *    delete this exception statement from all source files in the program,
+ *    then also delete it in the license file.
+ */
+
+#define MONGO_LOG_DEFAULT_COMPONENT ::mongo::logger::LogComponent::kDefault
+
+#include "mongo/platform/basic.h"
+
+#include "mongo/logger/redaction.h"
+
+#include "mongo/base/status.h"
+#include "mongo/bson/bsonobj.h"
+#include "mongo/bson/mutable/document.h"
+#include "mongo/util/assert_util.h"
+#include "mongo/util/log.h"
+
+namespace mongo {
+
+std::string redact(const BSONObj& objectToRedact) {
+    if (!logger::globalLogDomain()->shouldRedactLogs()) {
+        return objectToRedact.toString(false);
+    }
+
+    return objectToRedact.toString(true);
+}
+
+std::string redact(const std::string& stringToRedact) {
+    if (!logger::globalLogDomain()->shouldRedactLogs()) {
+        return stringToRedact;
+    }
+
+    // Return the default mask.
+    return kRedactionDefaultMask;
+}
+
+std::string redact(const Status& statusToRedact) {
+    if (!logger::globalLogDomain()->shouldRedactLogs()) {
+        return statusToRedact.toString();
+    }
+
+    // Construct a status representation without the reason()
+    StringBuilder sb;
+    sb << statusToRedact.codeString();
+    if (!statusToRedact.isOK())
+        sb << ": " << kRedactionDefaultMask;
+    if (statusToRedact.location() != 0)
+        sb << " @ " << statusToRedact.location();
+    return sb.str();
+}
+
+std::string redact(const DBException& exceptionToRedact) {
+    if (!logger::globalLogDomain()->shouldRedactLogs()) {
+        return exceptionToRedact.toString();
+    }
+
+    // Construct an exception representation with the what()
+    std::stringstream ss;
+    ss << exceptionToRedact.getCode() << " " << kRedactionDefaultMask;
+    return ss.str();
+}
+
+}  // namespace mongo
diff --git a/src/mongo/logger/redaction.h b/src/mongo/logger/redaction.h
new file mode 100644
index 00000000000..b5706b2bed6
--- /dev/null
+++ b/src/mongo/logger/redaction.h
@@ -0,0 +1,77 @@
+/*    Copyright 2016 MongoDB Inc.
+ *
+ *    This program is free software: you can redistribute it and/or  modify
+ *    it under the terms of the GNU Affero General Public License, version 3,
+ *    as published by the Free Software Foundation.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    GNU Affero General Public License for more details.
+ *
+ *    You should have received a copy of the GNU Affero General Public License
+ *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ *    As a special exception, the copyright holders give permission to link the
+ *    code of portions of this program with the OpenSSL library under certain
+ *    conditions as described in each individual source file and distribute
+ *    linked combinations including the program with the OpenSSL library. You
+ *    must comply with the GNU Affero General Public License in all respects
+ *    for all of the code used other than as permitted herein. If you modify
+ *    file(s) with this exception, you may extend this exception to your
+ *    version of the file(s), but you are not obligated to do so. If you do not
+ *    wish to do so, delete this exception statement from your version. If you
+ *    delete this exception statement from all source files in the program,
+ *    then also delete it in the license file.
+ */
+
+#pragma once
+
+#include <string>
+
+/**
+ * The 'redact' methods defined below should be used to redact possibly sensitive
+ * information when operating the server in 'redact' mode.
+ *
+ * The performance impact of calling redact when not in 'redact' mode should be neglectible.
+ *
+ * The 'redact' methods are designed to be used as part of our log streams
+ * log(), LOG(), warning(), error(), severe() similar to the example below.
+ *
+ * log() << "My sensitive query is: " << query;
+ * log() << "My sensitive query is: " << redact(query);
+ */
+
+namespace mongo {
+
+class BSONObj;
+class Status;
+class DBException;
+
+const std::string kRedactionDefaultMask = "###";
+
+/**
+ *  In 'redact' mode replace all values with '###' and keep keys intact.
+ *  In normal mode return objectToRedact.toString().
+ */
+std::string redact(const BSONObj& objectToRedact);
+
+/**
+ *  In 'redact mode return '###'.
+ *  In normal mode return stringToRedact.
+ */
+std::string redact(const std::string& stringToRedact);
+
+/**
+ *  In 'redact' mode keep status code and replace reason with '###'.
+ *  In normal mode return statusToRedact.toString().
+ */
+std::string redact(const Status& statusToRedact);
+
+/**
+ * In 'redact' mode keep exception type and replace causedBy with '###'.
+ * In normal mode return exceptionToRedact.toString().
+ */
+std::string redact(const DBException& exceptionToRedact);
+
+}  // namespace mongo
diff --git a/src/mongo/logger/redaction_test.cpp b/src/mongo/logger/redaction_test.cpp
new file mode 100644
index 00000000000..46c140eefb8
--- /dev/null
+++ b/src/mongo/logger/redaction_test.cpp
@@ -0,0 +1,130 @@
+/**
+ *  Copyright (C) 2015 MongoDB Inc.
+ */
+
+#define MONGO_LOG_DEFAULT_COMPONENT ::mongo::logger::LogComponent::kDefault
+
+#include "mongo/logger/redaction.h"
+#include "mongo/db/jsobj.h"
+#include "mongo/unittest/unittest.h"
+#include "mongo/util/log.h"
+
+namespace mongo {
+namespace {
+
+const std::string kRedactionDefaultMask = "###";
+const std::string kMsg = "Not initialized";
+using BSONStringPair = std::pair<BSONObj, std::string>;
+
+TEST(RedactStringTest, NoRedact) {
+    logger::globalLogDomain()->setShouldRedactLogs(false);
+
+    std::string toRedact[] = {"", "abc", "*&$@!_\\\\\\\"*&$@!_\"*&$@!_\"*&$@!_"};
+    for (auto s : toRedact) {
+        ASSERT_EQ(redact(s), s);
+    }
+}
+
+TEST(RedactStringTest, BasicStrings) {
+    logger::globalLogDomain()->setShouldRedactLogs(true);
+
+    std::string toRedact[] = {"", "abc", "*&$@!_\\\\\\\"*&$@!_\"*&$@!_\"*&$@!_"};
+    for (auto s : toRedact) {
+        ASSERT_EQ(redact(s), kRedactionDefaultMask);
+    }
+}
+
+TEST(RedactStatusTest, NoRedact) {
+    logger::globalLogDomain()->setShouldRedactLogs(false);
+    Status status(ErrorCodes::InternalError, kMsg);
+    ASSERT_EQ(redact(status), status.toString());
+}
+
+TEST(RedactStatusTest, BasicStatus) {
+    logger::globalLogDomain()->setShouldRedactLogs(true);
+    Status status(ErrorCodes::InternalError, kMsg);
+    ASSERT_EQ(redact(status), "InternalError: " + kRedactionDefaultMask);
+}
+
+TEST(RedactStatusTest, StatusWithLocation) {
+    logger::globalLogDomain()->setShouldRedactLogs(true);
+    Status status(ErrorCodes::InternalError, kMsg, 777);
+    ASSERT_EQ(redact(status), "InternalError: " + kRedactionDefaultMask + " @ 777");
+}
+
+TEST(RedactStatusTest, StatusOK) {
+    logger::globalLogDomain()->setShouldRedactLogs(true);
+    ASSERT_EQ(redact(Status::OK()), "OK");
+}
+
+TEST(RedactExceptionTest, NoRedact) {
+    logger::globalLogDomain()->setShouldRedactLogs(false);
+    DBException ex(kMsg, ErrorCodes::InternalError);
+    ASSERT_EQ(redact(ex), ex.toString());
+}
+
+TEST(RedactExceptionTest, BasicException) {
+    logger::globalLogDomain()->setShouldRedactLogs(true);
+    DBException ex(kMsg, ErrorCodes::InternalError);
+    ASSERT_EQ(redact(ex), "1 ###");
+}
+
+TEST(RedactBSONTest, NoRedact) {
+    logger::globalLogDomain()->setShouldRedactLogs(false);
+    BSONObj obj = BSON("a" << 1);
+    ASSERT_EQ(redact(obj), obj.toString());
+}
+
+void testBSONCases(std::initializer_list<BSONStringPair> testCases) {
+    for (auto m : testCases) {
+        ASSERT_EQ(redact(m.first), m.second);
+    }
+}
+
+TEST(RedactBSONTest, BasicBSON) {
+    logger::globalLogDomain()->setShouldRedactLogs(true);
+    std::vector<BSONStringPair> testCases;
+
+    testBSONCases({BSONStringPair(BSONObj(), "{}"),
+                   BSONStringPair(BSON("" << 1), "{ : \"###\" }"),
+                   BSONStringPair(BSON("a" << 1), "{ a: \"###\" }"),
+                   BSONStringPair(BSON("a" << 1.0), "{ a: \"###\" }"),
+                   BSONStringPair(BSON("a"
+                                       << "a"),
+                                  "{ a: \"###\" }"),
+                   BSONStringPair(BSON("a" << 1 << "b"
+                                           << "str"),
+                                  "{ a: \"###\", b: \"###\" }"),
+                   BSONStringPair(BSON("a" << 1 << "a"
+                                           << "1"),
+                                  "{ a: \"###\", a: \"###\" }")});
+}
+/*
+TEST(RedactBSONTest, NestedBSON) {
+    logger::globalLogDomain()->setShouldRedactLogs(true);
+    std::vector<BSONStringPair> testCases;
+
+    testCases.push_back(BSONStringPair(BSON("a" << BSONObj()), "{ a: {} }"));
+    testCases.push_back(BSONStringPair(
+        BSON("a" << BSONObj(BSONObj(BSONObj(BSONObj(BSONObj(BSONObj(BSONObj(BSONObj())))))))),
+        "{ a: {} }"));
+    testCases.push_back(BSONStringPair(BSON("a" << BSON("a" << 1)), "{ a: { a: \"###\" } }"));
+    testCases.push_back(BSONStringPair(BSON("a" << BSON("a" << 1 << "b" << 1)),
+                                       "{ a: { a: \"###\", b: \"###\" } }"));
+    testBSONVector(testCases);
+}
+
+TEST(RedactBSONTest, BSONWithArrays) {
+    logger::globalLogDomain()->setShouldRedactLogs(true);
+    std::vector<BSONStringPair> testCases;
+
+    testCases.push_back(BSONStringPair(BSON("a" << BSONArray()), "{ a: [] }"));
+    testCases.push_back(
+        BSONStringPair(BSON("a" << BSON_ARRAY("abc" << 1)), "{ a: [ \"###\", \"###\" ] }"));
+    testCases.push_back(BSONStringPair(BSON("a" << BSON_ARRAY(BSON("a" << 1) << BSON("b" << 1))),
+                                       "{ a: [ { a: \"###\" }, { b: \"###\" } ] }"));
+
+    testBSONVector(testCases);
+}*/
+}  // namespace
+}  // namespace mongo