Ensure command event for hello with speculativeAuthenticate is elided

JAVA-4195

Author: jyemin

driver-core/src/main/com/mongodb/internal/connection/InternalStreamConnection.java

@@ -90,6 +90,11 @@ public class InternalStreamConnection implements InternalConnection {
             "copydbsaslstart",
             "copydb"));
 
+    private static final Set<String> SECURITY_SENSITIVE_HELLO_COMMANDS = new HashSet<String>(asList(
+            "hello",
+            "ismaster",
+            "isMaster"));
+
     private static final Logger LOGGER = Loggers.getLogger("connection");
 
     private final ClusterConnectionMode clusterConnectionMode;
@@ -787,8 +792,8 @@ public void onResult(final ByteBuf result, final Throwable t) {
 
     private CommandEventSender createCommandEventSender(final CommandMessage message, final ByteBufferBsonOutput bsonOutput) {
         if (opened() && (commandListener != null || COMMAND_PROTOCOL_LOGGER.isDebugEnabled())) {
-            return new LoggingCommandEventSender(SECURITY_SENSITIVE_COMMANDS, description, commandListener, message, bsonOutput,
-                    COMMAND_PROTOCOL_LOGGER);
+            return new LoggingCommandEventSender(SECURITY_SENSITIVE_COMMANDS, SECURITY_SENSITIVE_HELLO_COMMANDS, description,
+                    commandListener, message, bsonOutput, COMMAND_PROTOCOL_LOGGER);
         } else {
             return new NoOpCommandEventSender();
         }

driver-core/src/main/com/mongodb/internal/connection/LoggingCommandEventSender.java

@@ -39,26 +39,28 @@
 class LoggingCommandEventSender implements CommandEventSender {
     private static final int MAX_COMMAND_DOCUMENT_LENGTH_TO_LOG = 1000;
 
-    private final Set<String> securitySensitiveCommands;
     private final ConnectionDescription description;
     private final CommandListener commandListener;
     private final Logger logger;
     private final long startTimeNanos;
     private final CommandMessage message;
     private final String commandName;
     private volatile BsonDocument commandDocument;
+    private final boolean redactionRequired;
 
-    LoggingCommandEventSender(final Set<String> securitySensitiveCommands, final ConnectionDescription description,
+    LoggingCommandEventSender(final Set<String> securitySensitiveCommands, final Set<String> securitySensitiveHelloCommands,
+                              final ConnectionDescription description,
                               final CommandListener commandListener, final CommandMessage message,
                               final ByteBufferBsonOutput bsonOutput, final Logger logger) {
-        this.securitySensitiveCommands = securitySensitiveCommands;
         this.description = description;
         this.commandListener = commandListener;
         this.logger = logger;
         this.startTimeNanos = System.nanoTime();
         this.message = message;
         this.commandDocument = message.getCommandDocument(bsonOutput);
         this.commandName = commandDocument.getFirstKey();
+        this.redactionRequired = securitySensitiveCommands.contains(commandName)
+                || (securitySensitiveHelloCommands.contains(commandName) && commandDocument.containsKey("speculativeAuthenticate"));
     }
 
     @Override
@@ -71,7 +73,7 @@ public void sendStartedEvent() {
         }
 
         if (eventRequired()) {
-            BsonDocument commandDocumentForEvent = (securitySensitiveCommands.contains(commandName))
+            BsonDocument commandDocumentForEvent = redactionRequired
                     ? new BsonDocument() : commandDocument;
 
             sendCommandStartedEvent(message, message.getNamespace().getDatabaseName(),
@@ -105,7 +107,7 @@ private String getTruncatedJsonCommand() {
     @Override
     public void sendFailedEvent(final Throwable t) {
         Throwable commandEventException = t;
-        if (t instanceof MongoCommandException && (securitySensitiveCommands.contains(commandName))) {
+        if (t instanceof MongoCommandException && redactionRequired) {
             commandEventException = new MongoCommandException(new BsonDocument(), description.getServerAddress());
         }
         long elapsedTimeNanos = System.nanoTime() - startTimeNanos;
@@ -136,7 +138,7 @@ public void sendSucceededEvent(final ResponseBuffers responseBuffers) {
         }
 
         if (eventRequired()) {
-            BsonDocument responseDocumentForEvent = (securitySensitiveCommands.contains(commandName))
+            BsonDocument responseDocumentForEvent = redactionRequired
                     ? new BsonDocument()
                     : responseBuffers.getResponseDocument(message.getId(), new RawBsonDocumentCodec());
             sendCommandSucceededEvent(message, commandName, responseDocumentForEvent, description,

driver-core/src/test/unit/com/mongodb/internal/connection/InternalStreamConnectionSpecification.groovy

@@ -674,7 +674,10 @@ class InternalStreamConnectionSpecification extends Specification {
                 new BsonDocument('updateUser', new BsonInt32(1)),
                 new BsonDocument('copydbgetnonce', new BsonInt32(1)),
                 new BsonDocument('copydbsaslstart', new BsonInt32(1)),
-                new BsonDocument('copydb', new BsonInt32(1))
+                new BsonDocument('copydb', new BsonInt32(1)),
+                new BsonDocument('hello', new BsonInt32(1)).append('speculativeAuthenticate', new BsonDocument()),
+                new BsonDocument('ismaster', new BsonInt32(1)).append('speculativeAuthenticate', new BsonDocument()),
+                new BsonDocument('isMaster', new BsonInt32(1)).append('speculativeAuthenticate', new BsonDocument())
         ]
     }
 
@@ -707,7 +710,10 @@ class InternalStreamConnectionSpecification extends Specification {
                 new BsonDocument('updateUser', new BsonInt32(1)),
                 new BsonDocument('copydbgetnonce', new BsonInt32(1)),
                 new BsonDocument('copydbsaslstart', new BsonInt32(1)),
-                new BsonDocument('copydb', new BsonInt32(1))
+                new BsonDocument('copydb', new BsonInt32(1)),
+                new BsonDocument('hello', new BsonInt32(1)).append('speculativeAuthenticate', new BsonDocument()),
+                new BsonDocument('ismaster', new BsonInt32(1)).append('speculativeAuthenticate', new BsonDocument()),
+                new BsonDocument('isMaster', new BsonInt32(1)).append('speculativeAuthenticate', new BsonDocument())
         ]
     }
 
@@ -894,7 +900,10 @@ class InternalStreamConnectionSpecification extends Specification {
                 new BsonDocument('updateUser', new BsonInt32(1)),
                 new BsonDocument('copydbgetnonce', new BsonInt32(1)),
                 new BsonDocument('copydbsaslstart', new BsonInt32(1)),
-                new BsonDocument('copydb', new BsonInt32(1))
+                new BsonDocument('copydb', new BsonInt32(1)),
+                new BsonDocument('hello', new BsonInt32(1)).append('speculativeAuthenticate', new BsonDocument()),
+                new BsonDocument('ismaster', new BsonInt32(1)).append('speculativeAuthenticate', new BsonDocument()),
+                new BsonDocument('isMaster', new BsonInt32(1)).append('speculativeAuthenticate', new BsonDocument())
         ]
     }
 

driver-core/src/test/unit/com/mongodb/internal/connection/LoggingCommandEventSenderSpecification.groovy

@@ -55,7 +55,8 @@ class LoggingCommandEventSenderSpecification extends Specification {
         def logger = Stub(Logger) {
             isDebugEnabled() >> debugLoggingEnabled
         }
-        def sender = new LoggingCommandEventSender([] as Set, connectionDescription, commandListener, message, bsonOutput, logger)
+        def sender = new LoggingCommandEventSender([] as Set, [] as Set, connectionDescription, commandListener, message, bsonOutput,
+                logger)
 
         when:
         sender.sendStartedEvent()
@@ -94,7 +95,8 @@ class LoggingCommandEventSenderSpecification extends Specification {
         def logger = Mock(Logger) {
             isDebugEnabled() >> true
         }
-        def sender = new LoggingCommandEventSender([] as Set, connectionDescription, commandListener, message, bsonOutput, logger)
+        def sender = new LoggingCommandEventSender([] as Set, [] as Set, connectionDescription, commandListener, message, bsonOutput,
+                logger)
         when:
         sender.sendStartedEvent()
         sender.sendSucceededEventForOneWayCommand()
@@ -140,7 +142,7 @@ class LoggingCommandEventSenderSpecification extends Specification {
         def logger = Mock(Logger) {
             isDebugEnabled() >> true
         }
-        def sender = new LoggingCommandEventSender([] as Set, connectionDescription, null, message, bsonOutput, logger)
+        def sender = new LoggingCommandEventSender([] as Set, [] as Set, connectionDescription, null, message, bsonOutput, logger)
 
         when:
         sender.sendStartedEvent()

driver-reactive-streams/src/test/functional/com/mongodb/reactivestreams/client/unified/CommandMonitoringTest.java

@@ -30,15 +30,12 @@
 import java.net.URISyntaxException;
 import java.util.Collection;
 
-import static org.junit.Assume.assumeFalse;
-
 public class CommandMonitoringTest extends UnifiedTest {
     public CommandMonitoringTest(@SuppressWarnings("unused") final String fileDescription,
                                  @SuppressWarnings("unused") final String testDescription,
                                  final String schemaVersion, @Nullable final BsonArray runOnRequirements, final BsonArray entities,
                                  final BsonArray initialData, final BsonDocument definition) {
         super(schemaVersion, runOnRequirements, entities, initialData, definition);
-        assumeFalse(testDescription.equals("hello with speculative authenticate"));
     }
 
     @Override

driver-sync/src/test/functional/com/mongodb/client/unified/CommandMonitoringTest.java

@@ -28,8 +28,6 @@
 import java.net.URISyntaxException;
 import java.util.Collection;
 
-import static org.junit.Assume.assumeFalse;
-
 public class CommandMonitoringTest extends UnifiedTest {
 
 
@@ -39,7 +37,6 @@ public CommandMonitoringTest(@SuppressWarnings("unused") final String fileDescri
                                  @Nullable final BsonArray runOnRequirements, final BsonArray entities, final BsonArray initialData,
                                  final BsonDocument definition) {
         super(schemaVersion, runOnRequirements, entities, initialData, definition);
-        assumeFalse(testDescription.equals("hello with speculative authenticate"));
     }
 
     @Override