MONGOSH-294 - Database credentials not redacted from session logs or command history (#288)

* Database credentials not redacted from session logs or command history

* redact connect event

* redact for runCommand

Author: aherlihy

packages/history/src/history.spec.ts

@@ -19,12 +19,12 @@ describe('changeHistory', () => {
     it('removes URI having Mongo from history', () => {
       const i = ['m = new Mongo(\'mongodb://anna:[email protected]:27017/test\')', 'db.shipwrecks.findOne()', 'use ships'];
       changeHistory(i);
-      expect(i).to.deep.equal(['m = new Mongo(\'mongodb://<credentials>@127.0.0.1:27017/test\')'].concat(history));
+      expect(i).to.deep.equal(history);
     });
     it('removes URI having Mongo from history for srv', () => {
       const i = ['m = new Mongo(\'mongodb+srv://admin:[email protected]/admin\')', 'db.shipwrecks.findOne()', 'use ships'];
       changeHistory(i);
-      expect(i).to.deep.equal(['m = new Mongo(\'mongodb+srv://admin:[email protected]/admin\')'].concat(history));
+      expect(i).to.deep.equal(history);
     });
 
     it('leaves history as is if command is not sensitive', () => {
@@ -57,6 +57,12 @@ describe('changeHistory', () => {
       expect(i).to.deep.equal(history);
     });
 
+    it('removes sensitive raw commands from history', () => {
+      const i = ['db.runCommand({createUser: "reportUser256", pwd: "pwd", roles: {] })', 'db.shipwrecks.findOne()', 'use ships'];
+      changeHistory(i, true);
+      expect(i).to.deep.equal(history);
+    });
+
     it('leaves history as is if command is not sensitive', () => {
       const i = ['db.shipwrecks.find({quasou: "depth unknown"})', 'db.shipwrecks.findOne()', 'use ships'];
       const cloned = Array.from(i);

packages/history/src/history.ts

@@ -1,28 +1,28 @@
 import redactInfo from 'mongodb-redact';
-import redactPwd from './redact-pwd';
+
+export const HIDDEN_COMMANDS = 'createUser|auth|updateUser|changeUserPassword|connect|Mongo';
 
 /**
- * Modifies command history array based on sensitive information.
+ * Modifies the history based on sensitive information.
  * If redact option is passed, also redacts sensitive info.
  *
- * @param {array} History - Array of commands, where the first command is the
- * most recent.
- *
- * @param {boolean} Redact - Option to redact sensitive info.
+ * @param {String} history - Command string.
+ * @param {boolean} redact - Option to redact sensitive info.
  */
 export function changeHistory(history: string[], redact = false): void {
-  const hiddenCommands =
-    RegExp('createUser|auth|updateUser|changeUserPassword|connect', 'g');
+  const hiddenCommands = new RegExp(HIDDEN_COMMANDS, 'g');
 
   if (hiddenCommands.test(history[0])) {
     history.shift();
-    return;
-  }
-  if (/Mongo\(([^+)]+)\)/g.test(history[0])) {
-    history[0] = history[0].replace(/Mongo\(([^+)]+)\)/g, (substr) => redactPwd(substr));
-    return;
+  } else {
+    history[0] = removeCommand(history[0], redact);
   }
+}
 
-  if (redact) history[0] = redactInfo(history[0]);
+export function removeCommand(history: string, redact = false): string {
+  if (redact) {
+    return redactInfo(history);
+  }
+  return history;
 }
 

packages/history/src/index.ts

@@ -1,3 +1,3 @@
-export * from './history';
+import { changeHistory, removeCommand, HIDDEN_COMMANDS } from './history';
 import retractPassword from './redact-pwd';
-export { retractPassword };
+export { retractPassword, changeHistory, removeCommand, HIDDEN_COMMANDS };

packages/java-shell/package-lock.json

@@ -37,6 +37,7 @@
     "@mongosh/errors": "^0.1.0",
     "@mongosh/history": "^0.1.0",
     "@mongosh/i18n": "^0.1.0",
-    "@mongosh/service-provider-core": "^0.1.0"
+    "@mongosh/service-provider-core": "^0.1.0",
+    "mongodb-redact": "^0.2.0"
   }
 }

packages/shell-api/package-lock.json

@@ -24,6 +24,7 @@ import {
 } from './index';
 import { MongoshInvalidInputError, MongoshRuntimeError } from '@mongosh/errors';
 import Bulk from './bulk';
+import { HIDDEN_COMMANDS } from '@mongosh/history';
 
 @shellApiClassDefault
 @hasAsyncChild
@@ -1228,7 +1229,11 @@ export default class Collection extends ShellApiClass {
       throw new MongoshInvalidInputError('The "commandName" argument cannot be passed as an option to "runCommand".');
     }
 
-    this._emitCollectionApiCall('runCommand', { commandName });
+
+    const hiddenCommands = new RegExp(HIDDEN_COMMANDS);
+    if (!hiddenCommands.test(commandName)) {
+      this._emitCollectionApiCall('runCommand', { commandName });
+    }
     return await this._mongo._serviceProvider.runCommand(
       this._database._name,
       {

packages/shell-api/package.json

@@ -24,6 +24,7 @@ import {
 } from '@mongosh/service-provider-core';
 import { AggregationCursor, CommandResult } from './index';
 import { MongoshInvalidInputError, MongoshRuntimeError, MongoshUnimplementedError } from '@mongosh/errors';
+import { HIDDEN_COMMANDS } from '@mongosh/history';
 
 @shellApiClassDefault
 @hasAsyncChild
@@ -135,7 +136,10 @@ export default class Database extends ShellApiClass {
   @returnsPromise
   async runCommand(cmd: any): Promise<any> {
     assertArgsDefined(cmd);
-    this._emitDatabaseApiCall('runCommand', { cmd });
+    const hiddenCommands = new RegExp(HIDDEN_COMMANDS);
+    if (!Object.keys(cmd).some(k => hiddenCommands.test(k))) {
+      this._emitDatabaseApiCall('runCommand', { cmd });
+    }
     return this._mongo._serviceProvider.runCommand(this._name, cmd);
   }
 
@@ -150,7 +154,10 @@ export default class Database extends ShellApiClass {
   @serverVersions(['3.4.0', ServerVersions.latest])
   adminCommand(cmd: any): Promise<any> {
     assertArgsDefined(cmd);
-    this._emitDatabaseApiCall( 'adminCommand', { cmd });
+    const hiddenCommands = new RegExp(HIDDEN_COMMANDS);
+    if (!Object.keys(cmd).some(k => hiddenCommands.test(k))) {
+      this._emitDatabaseApiCall('adminCommand', { cmd });
+    }
     return this._mongo._serviceProvider.runCommand(ADMIN_DB, cmd);
   }
 

packages/shell-api/src/collection.ts

@@ -17,6 +17,7 @@ import { MongoshInvalidInputError } from '@mongosh/errors';
 import AsyncWriter from '@mongosh/async-rewriter';
 import { toIgnore } from './decorators';
 import NoDatabase from './no-db';
+import redactInfo from 'mongodb-redact';
 
 /**
  * Anything to do with the internal shell state is stored here.
@@ -57,7 +58,10 @@ export default class ShellInternalState {
   async fetchConnectionInfo(): Promise<void> {
     if (!this.cliOptions.nodb) {
       this.connectionInfo = await this.currentDb._mongo._serviceProvider.getConnectionInfo();
-      this.messageBus.emit('mongosh:connect', this.connectionInfo.extraInfo);
+      this.messageBus.emit('mongosh:connect', {
+        ...this.connectionInfo.extraInfo,
+        uri: redactInfo(this.connectionInfo.extraInfo.uri)
+      });
     }
   }
 

packages/shell-api/src/database.ts

@@ -27,6 +27,7 @@
   },
   "dependencies": {
     "@mongosh/async-rewriter": "^0.1.0",
+    "@mongosh/history": "^0.1.0",
     "@mongosh/service-provider-core": "^0.1.0",
     "@mongosh/shell-api": "^0.1.0"
   },