Skip to content

Commit 3c6d9a8

Browse files
CDRIVER-4104: Filter out events that have been redacted when observeSensitiveComands is false (#844)
* Filter out events that have been redacted when observeSensitiveComands is false * Cleaning up around the detection of sensitive hellos * Note `mongoc_apm_is_sensitive_command_message` * Fix inverted is_hello check
1 parent 4f856e4 commit 3c6d9a8

File tree

4 files changed

+740
-52
lines changed

4 files changed

+740
-52
lines changed

src/libmongoc/src/mongoc/mongoc-apm-private.h

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -205,12 +205,16 @@ mongoc_apm_command_failed_init (mongoc_apm_command_failed_t *event,
205205
void
206206
mongoc_apm_command_failed_cleanup (mongoc_apm_command_failed_t *event);
207207

208+
/**
209+
* @brief Determine whether the given command-related message is a "sensitive
210+
* command."
211+
*
212+
* @param command_name The name of the command being checked
213+
* @param body The body of the command request, reply, or failure.
214+
*/
208215
bool
209-
mongoc_apm_is_sensitive_command (const char *command_name,
210-
const bson_t *command);
211-
212-
bool
213-
mongoc_apm_is_sensitive_reply (const char *command_name, const bson_t *reply);
216+
mongoc_apm_is_sensitive_command_message (const char *command_name,
217+
const bson_t *body);
214218

215219
BSON_END_DECLS
216220

src/libmongoc/src/mongoc/mongoc-apm.c

Lines changed: 31 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -110,7 +110,7 @@ mongoc_apm_command_started_init (mongoc_apm_command_started_t *event,
110110
event->command_owned = false;
111111
}
112112

113-
if (mongoc_apm_is_sensitive_command (command_name, command)) {
113+
if (mongoc_apm_is_sensitive_command_message (command_name, command)) {
114114
if (!event->command_owned) {
115115
event->command = bson_copy (event->command);
116116
event->command_owned = true;
@@ -209,7 +209,8 @@ mongoc_apm_command_succeeded_init (mongoc_apm_command_succeeded_t *event,
209209
{
210210
BSON_ASSERT (reply);
211211

212-
if (force_redaction || mongoc_apm_is_sensitive_reply (command_name, reply)) {
212+
if (force_redaction ||
213+
mongoc_apm_is_sensitive_command_message (command_name, reply)) {
213214
event->reply = bson_copy (reply);
214215
event->reply_owned = true;
215216

@@ -269,7 +270,8 @@ mongoc_apm_command_failed_init (mongoc_apm_command_failed_t *event,
269270
{
270271
BSON_ASSERT (reply);
271272

272-
if (force_redaction || mongoc_apm_is_sensitive_reply (command_name, reply)) {
273+
if (force_redaction ||
274+
mongoc_apm_is_sensitive_command_message (command_name, reply)) {
273275
event->reply = bson_copy (reply);
274276
event->reply_owned = true;
275277

@@ -940,22 +942,38 @@ _mongoc_apm_is_sensitive_command_name (const char *command_name)
940942
0 == strcasecmp (command_name, "copydb");
941943
}
942944

943-
bool
944-
mongoc_apm_is_sensitive_command (const char *command_name,
945-
const bson_t *command)
945+
static bool
946+
_mongoc_apm_is_sensitive_hello_message (const char *command_name,
947+
const bson_t *body)
946948
{
947-
BSON_ASSERT (command);
949+
const bool is_hello =
950+
(0 == strcasecmp (command_name, "hello") ||
951+
0 == strcasecmp (command_name, HANDSHAKE_CMD_LEGACY_HELLO));
948952

949-
if (_mongoc_apm_is_sensitive_command_name (command_name)) {
950-
return true;
953+
if (!is_hello) {
954+
return false;
951955
}
952-
953-
if (0 != strcasecmp (command_name, "hello") &&
954-
0 != strcasecmp (command_name, HANDSHAKE_CMD_LEGACY_HELLO)) {
956+
if (bson_empty (body)) {
957+
/* An empty message body means that it has been redacted */
958+
return true;
959+
} else if (bson_has_field (body, "speculativeAuthenticate")) {
960+
/* "hello" messages are only sensitive if they contain
961+
* 'speculativeAuthenticate' */
962+
return true;
963+
} else {
964+
/* Other "hello" messages are okay */
955965
return false;
956966
}
967+
}
968+
969+
bool
970+
mongoc_apm_is_sensitive_command_message (const char *command_name,
971+
const bson_t *body)
972+
{
973+
BSON_ASSERT (body);
957974

958-
return bson_has_field (command, "speculativeAuthenticate");
975+
return _mongoc_apm_is_sensitive_command_name (command_name) ||
976+
_mongoc_apm_is_sensitive_hello_message (command_name, body);
959977
}
960978

961979
void
@@ -967,22 +985,6 @@ mongoc_apm_redact_command (bson_t *command)
967985
bson_reinit (command);
968986
}
969987

970-
bool
971-
mongoc_apm_is_sensitive_reply (const char *command_name, const bson_t *reply)
972-
{
973-
BSON_ASSERT (reply);
974-
975-
if (_mongoc_apm_is_sensitive_command_name (command_name)) {
976-
return true;
977-
}
978-
979-
if (0 != strcasecmp (command_name, "hello") &&
980-
0 != strcasecmp (command_name, HANDSHAKE_CMD_LEGACY_HELLO)) {
981-
return false;
982-
}
983-
984-
return bson_has_field (reply, "speculativeAuthenticate");
985-
}
986988

987989
void
988990
mongoc_apm_redact_reply (bson_t *reply)

0 commit comments

Comments
 (0)