SERVER-46585 Move redact to logv2

author: Henrik Edin <henrik.edin@mongodb.com> 2020-03-05 14:13:03 -0500
committer: Evergreen Agent <no-reply@evergreen.mongodb.com> 2020-03-10 19:23:52 +0000
commit: 45eab9f82a18613b877598a951dc7b95f85f2059 (patch)
tree: 45ebe031ec8de64d98fd4fc44b9ad60f2b148211 /src/mongo/logv2
parent: 3848ef2467665a7c7756eb19b42cb0f523c03535 (diff)
download: mongo-45eab9f82a18613b877598a951dc7b95f85f2059.tar.gz
7 files changed, 352 insertions, 1 deletions
diff --git a/src/mongo/logv2/SConscript b/src/mongo/logv2/SConscript
index 9772cb9c60b..6a723feea7f 100644
--- a/src/mongo/logv2/SConscript
+++ b/src/mongo/logv2/SConscript
@@ -8,6 +8,7 @@ env.CppUnitTest(
     target='log_test_v2',
     source=[
         'log_test_v2.cpp',
+        'redaction_test.cpp',
     ],
     LIBDEPS=[
         '$BUILD_DIR/mongo/base',
diff --git a/src/mongo/logv2/log.h b/src/mongo/logv2/log.h
index 32efccd43c4..5c4a2c1ab7d 100644
--- a/src/mongo/logv2/log.h
+++ b/src/mongo/logv2/log.h
@@ -47,13 +47,13 @@
 #include "mongo/base/status.h"
 #include "mongo/bson/util/builder.h"
 #include "mongo/logger/log_version_util.h"
-#include "mongo/logger/redaction.h"
 #include "mongo/logv2/log_component.h"
 #include "mongo/logv2/log_component_settings.h"
 #include "mongo/logv2/log_detail.h"
 #include "mongo/logv2/log_domain.h"
 #include "mongo/logv2/log_options.h"
 #include "mongo/logv2/log_severity.h"
+#include "mongo/logv2/redaction.h"
 #include "mongo/util/errno_util.h"
 
 #if defined(MONGO_LOG_DEFAULT_COMPONENT)
diff --git a/src/mongo/logv2/log_util.cpp b/src/mongo/logv2/log_util.cpp
index b30294e86a9..79f2abbd88a 100644
--- a/src/mongo/logv2/log_util.cpp
+++ b/src/mongo/logv2/log_util.cpp
@@ -41,6 +41,9 @@
 #include <string>
 
 namespace mongo::logv2 {
+namespace {
+AtomicWord<bool> redactionEnabled{false};
+}
 bool rotateLogs(bool renameFiles) {
     // Rotate on both logv1 and logv2 so all files that need rotation gets rotated
     LOGV2(23166, "Log rotation initiated");
@@ -61,4 +64,12 @@ bool rotateLogs(bool renameFiles) {
     }
     return resultv2.isOK() && result.empty();
 }
+
+bool shouldRedactLogs() {
+    return redactionEnabled.loadRelaxed();
+}
+
+void setShouldRedactLogs(bool enabled) {
+    redactionEnabled.store(enabled);
+}
 }  // namespace mongo::logv2
diff --git a/src/mongo/logv2/log_util.h b/src/mongo/logv2/log_util.h
index 195309cd0f0..c03d81f05f6 100644
--- a/src/mongo/logv2/log_util.h
+++ b/src/mongo/logv2/log_util.h
@@ -42,4 +42,14 @@ namespace mongo::logv2 {
  * we do should result in a file create.
  */
 bool rotateLogs(bool renameFiles);
+
+/**
+ * Returns true if system logs should be redacted.
+ */
+bool shouldRedactLogs();
+
+/**
+ * Set the 'redact' mode of the server.
+ */
+void setShouldRedactLogs(bool enabled);
 }  // namespace mongo::logv2
diff --git a/src/mongo/logv2/redaction.cpp b/src/mongo/logv2/redaction.cpp
new file mode 100644
index 00000000000..69758de7e04
--- /dev/null
+++ b/src/mongo/logv2/redaction.cpp
@@ -0,0 +1,90 @@
+/**
+ *    Copyright (C) 2018-present MongoDB, Inc.
+ *
+ *    This program is free software: you can redistribute it and/or modify
+ *    it under the terms of the Server Side Public License, version 1,
+ *    as published by MongoDB, Inc.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    Server Side Public License for more details.
+ *
+ *    You should have received a copy of the Server Side Public License
+ *    along with this program. If not, see
+ *    <http://www.mongodb.com/licensing/server-side-public-license>.
+ *
+ *    As a special exception, the copyright holders give permission to link the
+ *    code of portions of this program with the OpenSSL library under certain
+ *    conditions as described in each individual source file and distribute
+ *    linked combinations including the program with the OpenSSL library. You
+ *    must comply with the Server Side Public License in all respects for
+ *    all of the code used other than as permitted herein. If you modify file(s)
+ *    with this exception, you may extend this exception to your version of the
+ *    file(s), but you are not obligated to do so. If you do not wish to do so,
+ *    delete this exception statement from your version. If you delete this
+ *    exception statement from all source files in the program, then also delete
+ *    it in the license file.
+ */
+
+#define MONGO_LOG_DEFAULT_COMPONENT ::mongo::logger::LogComponent::kDefault
+
+#include "mongo/platform/basic.h"
+
+#include "mongo/logv2/redaction.h"
+
+#include "mongo/base/status.h"
+#include "mongo/bson/bsonobj.h"
+#include "mongo/logv2/log_util.h"
+#include "mongo/util/assert_util.h"
+
+namespace mongo {
+
+namespace {
+
+constexpr auto kRedactionDefaultMask = "###"_sd;
+
+}  // namespace
+
+BSONObj redact(const BSONObj& objectToRedact) {
+    if (!logv2::shouldRedactLogs()) {
+        return objectToRedact;
+    }
+
+    return objectToRedact.redact();
+}
+
+StringData redact(StringData stringToRedact) {
+    if (!logv2::shouldRedactLogs()) {
+        return stringToRedact;
+    }
+
+    // Return the default mask.
+    return kRedactionDefaultMask;
+}
+
+std::string redact(const Status& statusToRedact) {
+    if (!logv2::shouldRedactLogs()) {
+        return statusToRedact.toString();
+    }
+
+    // Construct a status representation without the reason()
+    StringBuilder sb;
+    sb << statusToRedact.codeString();
+    if (!statusToRedact.isOK())
+        sb << ": " << kRedactionDefaultMask;
+    return sb.str();
+}
+
+std::string redact(const DBException& exceptionToRedact) {
+    if (!logv2::shouldRedactLogs()) {
+        return exceptionToRedact.toString();
+    }
+
+    // Construct an exception representation with the what()
+    std::stringstream ss;
+    ss << exceptionToRedact.code() << " " << kRedactionDefaultMask;
+    return ss.str();
+}
+
+}  // namespace mongo
diff --git a/src/mongo/logv2/redaction.h b/src/mongo/logv2/redaction.h
new file mode 100644
index 00000000000..c1c67997ec1
--- /dev/null
+++ b/src/mongo/logv2/redaction.h
@@ -0,0 +1,85 @@
+/**
+ *    Copyright (C) 2018-present MongoDB, Inc.
+ *
+ *    This program is free software: you can redistribute it and/or modify
+ *    it under the terms of the Server Side Public License, version 1,
+ *    as published by MongoDB, Inc.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    Server Side Public License for more details.
+ *
+ *    You should have received a copy of the Server Side Public License
+ *    along with this program. If not, see
+ *    <http://www.mongodb.com/licensing/server-side-public-license>.
+ *
+ *    As a special exception, the copyright holders give permission to link the
+ *    code of portions of this program with the OpenSSL library under certain
+ *    conditions as described in each individual source file and distribute
+ *    linked combinations including the program with the OpenSSL library. You
+ *    must comply with the Server Side Public License in all respects for
+ *    all of the code used other than as permitted herein. If you modify file(s)
+ *    with this exception, you may extend this exception to your version of the
+ *    file(s), but you are not obligated to do so. If you do not wish to do so,
+ *    delete this exception statement from your version. If you delete this
+ *    exception statement from all source files in the program, then also delete
+ *    it in the license file.
+ */
+
+#pragma once
+
+#include <string>
+
+#include "mongo/base/string_data.h"
+
+/**
+ * The 'redact' methods defined below should be used to redact possibly sensitive
+ * information when operating the server in 'redact' mode.
+ *
+ * The performance impact of calling redact when not in 'redact' mode should be neglectible.
+ *
+ * The 'redact' methods are designed to be used as part of our log streams
+ * log(), LOG(), warning(), error(), severe() similar to the example below.
+ *
+ * log() << "My sensitive query is: " << query;
+ * log() << "My sensitive query is: " << redact(query);
+ */
+
+namespace mongo {
+
+class BSONObj;
+class Status;
+class DBException;
+
+/**
+ *  In 'redact' mode replace all values with '###' and keep keys intact.
+ *  In normal mode return objectToRedact.toString().
+ */
+BSONObj redact(const BSONObj& objectToRedact);
+
+/**
+ *  In 'redact mode return '###'.
+ *  In normal mode return stringToRedact.
+ */
+StringData redact(StringData stringToRedact);
+inline StringData redact(const char* stringToRedact) {
+    return redact(StringData(stringToRedact));
+}
+inline StringData redact(const std::string& stringToRedact) {
+    return redact(StringData(stringToRedact));
+}
+
+/**
+ *  In 'redact' mode keep status code and replace reason with '###'.
+ *  In normal mode return statusToRedact.toString().
+ */
+std::string redact(const Status& statusToRedact);
+
+/**
+ * In 'redact' mode keep exception type and replace causedBy with '###'.
+ * In normal mode return exceptionToRedact.toString().
+ */
+std::string redact(const DBException& exceptionToRedact);
+
+}  // namespace mongo
diff --git a/src/mongo/logv2/redaction_test.cpp b/src/mongo/logv2/redaction_test.cpp
new file mode 100644
index 00000000000..ca71e345ab5
--- /dev/null
+++ b/src/mongo/logv2/redaction_test.cpp
@@ -0,0 +1,154 @@
+/**
+ *    Copyright (C) 2018-present MongoDB, Inc.
+ *
+ *    This program is free software: you can redistribute it and/or modify
+ *    it under the terms of the Server Side Public License, version 1,
+ *    as published by MongoDB, Inc.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    Server Side Public License for more details.
+ *
+ *    You should have received a copy of the Server Side Public License
+ *    along with this program. If not, see
+ *    <http://www.mongodb.com/licensing/server-side-public-license>.
+ *
+ *    As a special exception, the copyright holders give permission to link the
+ *    code of portions of this program with the OpenSSL library under certain
+ *    conditions as described in each individual source file and distribute
+ *    linked combinations including the program with the OpenSSL library. You
+ *    must comply with the Server Side Public License in all respects for
+ *    all of the code used other than as permitted herein. If you modify file(s)
+ *    with this exception, you may extend this exception to your version of the
+ *    file(s), but you are not obligated to do so. If you do not wish to do so,
+ *    delete this exception statement from your version. If you delete this
+ *    exception statement from all source files in the program, then also delete
+ *    it in the license file.
+ */
+
+#define MONGO_LOG_DEFAULT_COMPONENT ::mongo::logger::LogComponent::kDefault
+
+#include "mongo/logv2/redaction.h"
+
+#include "mongo/db/jsobj.h"
+#include "mongo/logv2/log_util.h"
+#include "mongo/unittest/unittest.h"
+#include "mongo/util/log.h"
+
+namespace mongo {
+namespace {
+
+const std::string kRedactionDefaultMask = "###";
+const std::string kMsg = "Not initialized";
+using BSONStringPair = std::pair<BSONObj, std::string>;
+
+TEST(RedactStringTest, NoRedact) {
+    logv2::setShouldRedactLogs(false);
+
+    std::string toRedact[] = {"", "abc", "*&$@!_\\\\\\\"*&$@!_\"*&$@!_\"*&$@!_"};
+    for (auto s : toRedact) {
+        ASSERT_EQ(redact(s), s);
+    }
+}
+
+TEST(RedactStringTest, BasicStrings) {
+    logv2::setShouldRedactLogs(true);
+
+    std::string toRedact[] = {"", "abc", "*&$@!_\\\\\\\"*&$@!_\"*&$@!_\"*&$@!_"};
+    for (auto s : toRedact) {
+        ASSERT_EQ(redact(s), kRedactionDefaultMask);
+    }
+}
+
+TEST(RedactStatusTest, NoRedact) {
+    logv2::setShouldRedactLogs(false);
+    Status status(ErrorCodes::InternalError, kMsg);
+    ASSERT_EQ(redact(status), status.toString());
+}
+
+TEST(RedactStatusTest, BasicStatus) {
+    logv2::setShouldRedactLogs(true);
+    Status status(ErrorCodes::InternalError, kMsg);
+    ASSERT_EQ(redact(status), "InternalError: " + kRedactionDefaultMask);
+}
+
+TEST(RedactStatusTest, StatusOK) {
+    logv2::setShouldRedactLogs(true);
+    ASSERT_EQ(redact(Status::OK()), "OK");
+}
+
+TEST(RedactExceptionTest, NoRedact) {
+    logv2::setShouldRedactLogs(false);
+    ASSERT_THROWS_WITH_CHECK([] { uasserted(ErrorCodes::InternalError, kMsg); }(),
+                             DBException,
+                             [](const DBException& ex) { ASSERT_EQ(redact(ex), ex.toString()); });
+}
+
+TEST(RedactExceptionTest, BasicException) {
+    logv2::setShouldRedactLogs(true);
+    ASSERT_THROWS_WITH_CHECK(
+        [] { uasserted(ErrorCodes::InternalError, kMsg); }(),
+        DBException,
+        [](const DBException& ex) { ASSERT_EQ(redact(ex), "InternalError ###"); });
+}
+
+TEST(RedactBSONTest, NoRedact) {
+    logv2::setShouldRedactLogs(false);
+    BSONObj obj = BSON("a" << 1);
+    ASSERT_BSONOBJ_EQ(redact(obj), obj);
+}
+
+void testBSONCases(std::initializer_list<BSONStringPair> testCases) {
+    for (auto m : testCases) {
+        ASSERT_EQ(redact(m.first).toString(), m.second);
+    }
+}
+
+TEST(RedactBSONTest, BasicBSON) {
+    logv2::setShouldRedactLogs(true);
+    std::vector<BSONStringPair> testCases;
+
+    testBSONCases({BSONStringPair(BSONObj(), "{}"),
+                   BSONStringPair(BSON("" << 1), "{ : \"###\" }"),
+                   BSONStringPair(BSON("a" << 1), "{ a: \"###\" }"),
+                   BSONStringPair(BSON("a" << 1.0), "{ a: \"###\" }"),
+                   BSONStringPair(BSON("a"
+                                       << "a"),
+                                  "{ a: \"###\" }"),
+                   BSONStringPair(BSON("a" << 1 << "b"
+                                           << "str"),
+                                  "{ a: \"###\", b: \"###\" }"),
+                   BSONStringPair(BSON("a" << 1 << "a"
+                                           << "1"),
+                                  "{ a: \"###\", a: \"###\" }")});
+}
+/*
+TEST(RedactBSONTest, NestedBSON) {
+    logv2::setShouldRedactLogs(true);
+    std::vector<BSONStringPair> testCases;
+
+    testCases.push_back(BSONStringPair(BSON("a" << BSONObj()), "{ a: {} }"));
+    testCases.push_back(BSONStringPair(
+        BSON("a" << BSONObj(BSONObj(BSONObj(BSONObj(BSONObj(BSONObj(BSONObj(BSONObj())))))))),
+        "{ a: {} }"));
+    testCases.push_back(BSONStringPair(BSON("a" << BSON("a" << 1)), "{ a: { a: \"###\" } }"));
+    testCases.push_back(BSONStringPair(BSON("a" << BSON("a" << 1 << "b" << 1)),
+                                       "{ a: { a: \"###\", b: \"###\" } }"));
+    testBSONVector(testCases);
+}
+
+TEST(RedactBSONTest, BSONWithArrays) {
+    logv2::setShouldRedactLogs(true);
+    std::vector<BSONStringPair> testCases;
+
+    testCases.push_back(BSONStringPair(BSON("a" << BSONArray()), "{ a: [] }"));
+    testCases.push_back(
+        BSONStringPair(BSON("a" << BSON_ARRAY("abc" << 1)), "{ a: [ \"###\", \"###\" ] }"));
+    testCases.push_back(BSONStringPair(BSON("a" << BSON_ARRAY(BSON("a" << 1) << BSON("b" << 1))),
+                                       "{ a: [ { a: \"###\" }, { b: \"###\" } ] }"));
+
+    testBSONVector(testCases);
+}*/
+}  // namespace
+}  // namespace mongo
author	Henrik Edin <henrik.edin@mongodb.com>	2020-03-05 14:13:03 -0500
committer	Evergreen Agent <no-reply@evergreen.mongodb.com>	2020-03-10 19:23:52 +0000
commit	45eab9f82a18613b877598a951dc7b95f85f2059 (patch)
tree	45ebe031ec8de64d98fd4fc44b9ad60f2b148211 /src/mongo/logv2
parent	3848ef2467665a7c7756eb19b42cb0f523c03535 (diff)
download	mongo-45eab9f82a18613b877598a951dc7b95f85f2059.tar.gz