MongoDB reproduce (#101)

Harsh9485 · web-flow · commit 573fbb0f1fdc · 2025-07-29T15:46:34.000-05:00
* mongoDB reproduce

* fix typos

* fix conflicts

* Update CRE ID
diff --git a/rules/cre-2025-0115/mongodb.yaml b/rules/cre-2025-0115/mongodb.yaml
@@ -0,0 +1,44 @@
+rules:
+  - metadata:
+      kind: prequel
+      id: KQhfhAmpyqD9mUx1DGJoho
+      version: "0.1.0"
+    cre:
+      id: CRE-2025-0115
+      severity: 1
+      title: MongoDB client disconnects and socket exceptions under load
+      category: mongodb-resource-exhaustion
+      author: Prequel
+      description: |
+        - Under high client load or resource exhaustion (e.g., 1 CPU, 500MB RAM), MongoDB can begin to log a large number of socket disconnections and broken pipe errors.
+        - This results in frequent connection churn, interrupted operations, and possible failed writes.
+      cause: |
+        - Client connections are dropped because of resource exhaustion (e.g., memory pressure or CPU starvation).
+        - The MongoDB server cannot respond in time, causing broken pipes and socket disconnects.
+      impact: |
+        - Lost client operations.
+        - Potential data integrity issues if writes are interrupted.
+        - Increased latency due to reconnections.
+      tags:
+        - cpu-memory-exhaustion
+      mitigation: |
+        - Add more CPU and memory resources.
+        - Introduce connection pooling and rate limiting on the client side.
+        - Optimize MongoDB queries and schema to reduce pressure.
+        - Monitor and alert on connection and socket exception patterns.
+      references:
+        - https://www.mongodb.com/docs/manual/reference/log-messages/
+      reports: 3
+      version: "0.1.0"
+      applications:
+        - name: "mongodb"
+          version: "8.0"
+    rule:
+      set:
+        event:
+          source: mongodb
+        match:
+          - regex: "Slow query"
+        negate:
+          - "shutting down"
+          - "server shutdown"
diff --git a/rules/cre-2025-0115/test.log b/rules/cre-2025-0115/test.log
@@ -0,0 +1,44 @@
+2025-07-01T16:34:43.657864191Z {"t":{"$date":"2025-07-01T16:34:43.657+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.21.0.3:36546","isLoadBalanced":false,"uuid":{"uuid":{"$uuid":"7ad8805e-72c9-4122-9333-0a5533efaf6d"}},"connectionId":242,"connectionCount":242}}
+2025-07-01T16:34:43.658144278Z {"t":{"$date":"2025-07-01T16:34:43.658+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.21.0.3:36552","isLoadBalanced":false,"uuid":{"uuid":{"$uuid":"30a65793-2aad-4a9f-b4f5-e66089768a3a"}},"connectionId":243,"connectionCount":243}}
+2025-07-01T16:34:43.659081954Z {"t":{"$date":"2025-07-01T16:34:43.659+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.21.0.3:36562","isLoadBalanced":false,"uuid":{"uuid":{"$uuid":"58b3b7d7-773b-450f-a593-7e04dcb41cec"}},"connectionId":244,"connectionCount":244}}
+2025-07-01T16:34:43.659423006Z {"t":{"$date":"2025-07-01T16:34:43.659+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.21.0.3:36578","isLoadBalanced":false,"uuid":{"uuid":{"$uuid":"8ee4ab20-6741-493f-928b-0ea70b005e00"}},"connectionId":245,"connectionCount":245}}
+2025-07-01T16:34:43.659773689Z {"t":{"$date":"2025-07-01T16:34:43.659+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.21.0.3:36588","isLoadBalanced":false,"uuid":{"uuid":{"$uuid":"501b805b-5a50-4c8e-a385-a91aed37be27"}},"connectionId":246,"connectionCount":246}}
+2025-07-01T16:34:43.659856954Z {"t":{"$date":"2025-07-01T16:34:43.659+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.21.0.3:36592","isLoadBalanced":false,"uuid":{"uuid":{"$uuid":"3d281795-0be0-4767-ac3f-33f8b1108ec7"}},"connectionId":247,"connectionCount":247}}
+2025-07-01T16:34:43.660997737Z {"t":{"$date":"2025-07-01T16:34:43.660+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.21.0.3:36600","isLoadBalanced":false,"uuid":{"uuid":{"$uuid":"9164d422-d5b9-4f41-975b-039a5f343cfd"}},"connectionId":248,"connectionCount":248}}
+2025-07-01T16:34:43.661025180Z {"t":{"$date":"2025-07-01T16:34:43.660+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.21.0.3:36604","isLoadBalanced":false,"uuid":{"uuid":{"$uuid":"86ec811c-6629-46d6-ad4d-f3adb9cfb947"}},"connectionId":249,"connectionCount":249}}
+2025-07-01T16:34:43.661031258Z {"t":{"$date":"2025-07-01T16:34:43.660+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.21.0.3:36606","isLoadBalanced":false,"uuid":{"uuid":{"$uuid":"c872d4fd-c826-4472-8cdb-053591649091"}},"connectionId":250,"connectionCount":250}}
+2025-07-01T16:34:43.661503344Z {"t":{"$date":"2025-07-01T16:34:43.661+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.21.0.3:36612","isLoadBalanced":false,"uuid":{"uuid":{"$uuid":"bbaba183-e32f-4e57-a4f0-173b414f3805"}},"connectionId":251,"connectionCount":251}}
+2025-07-01T16:34:43.661670042Z {"t":{"$date":"2025-07-01T16:34:43.661+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.21.0.3:36620","isLoadBalanced":false,"uuid":{"uuid":{"$uuid":"73accd8a-0795-4531-ab45-fa7385c70791"}},"connectionId":252,"connectionCount":252}}
+2025-07-01T16:34:43.662629991Z {"t":{"$date":"2025-07-01T16:34:43.662+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.21.0.3:36634","isLoadBalanced":false,"uuid":{"uuid":{"$uuid":"85841c06-b5e2-4ee3-9c71-6adc90caff2b"}},"connectionId":253,"connectionCount":253}}
+2025-07-01T16:34:43.662656521Z {"t":{"$date":"2025-07-01T16:34:43.662+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.21.0.3:36650","isLoadBalanced":false,"uuid":{"uuid":{"$uuid":"d54c2339-277d-4d93-8767-8881f3456db1"}},"connectionId":254,"connectionCount":254}}
+2025-07-01T16:34:43.751387098Z {"t":{"$date":"2025-07-01T16:34:43.651+00:00"},"s":"I",  "c":"ACCESS",   "id":5286306, "ctx":"conn153","msg":"Successfully authenticated","attr":{"client":"172.21.0.3:35746","isSpeculative":true,"isClusterMember":false,"mechanism":"SCRAM-SHA-256","user":"admin","db":"admin","result":0,"metrics":{"conversation_duration":{"micros":1598393,"summary":{"0":{"step":1,"step_total":2,"duration_micros":49},"1":{"step":2,"step_total":2,"duration_micros":33}}}},"extraInfo":{}}}
+2025-07-01T16:34:43.751997705Z {"t":{"$date":"2025-07-01T16:34:43.751+00:00"},"s":"I",  "c":"ACCESS",   "id":5286306, "ctx":"conn234","msg":"Successfully authenticated","attr":{"client":"172.21.0.3:36466","isSpeculative":true,"isClusterMember":false,"mechanism":"SCRAM-SHA-256","user":"admin","db":"admin","result":0,"metrics":{"conversation_duration":{"micros":196913,"summary":{"0":{"step":1,"step_total":2,"duration_micros":130},"1":{"step":2,"step_total":2,"duration_micros":26}}}},"extraInfo":{}}}
+2025-07-01T16:34:43.752027192Z {"t":{"$date":"2025-07-01T16:34:43.751+00:00"},"s":"I",  "c":"NETWORK",  "id":6788700, "ctx":"conn210","msg":"Received first command on ingress connection since session start or auth handshake","attr":{"elapsedMillis":799}}
+2025-07-01T16:34:43.752117762Z {"t":{"$date":"2025-07-01T16:34:43.751+00:00"},"s":"I",  "c":"NETWORK",  "id":6788700, "ctx":"conn227","msg":"Received first command on ingress connection since session start or auth handshake","attr":{"elapsedMillis":281}}
+2025-07-01T16:34:43.752124698Z {"t":{"$date":"2025-07-01T16:34:43.752+00:00"},"s":"I",  "c":"NETWORK",  "id":6788700, "ctx":"conn125","msg":"Received first command on ingress connection since session start or auth handshake","attr":{"elapsedMillis":699}}
+2025-07-01T16:34:43.752186109Z {"t":{"$date":"2025-07-01T16:34:43.752+00:00"},"s":"I",  "c":"NETWORK",  "id":6788700, "ctx":"conn213","msg":"Received first command on ingress connection since session start or auth handshake","attr":{"elapsedMillis":497}}
+2025-07-01T16:34:43.753275213Z {"t":{"$date":"2025-07-01T16:34:43.753+00:00"},"s":"I",  "c":"ACCESS",   "id":5286306, "ctx":"conn233","msg":"Successfully authenticated","attr":{"client":"172.21.0.3:36456","isSpeculative":true,"isClusterMember":false,"mechanism":"SCRAM-SHA-256","user":"admin","db":"admin","result":0,"metrics":{"conversation_duration":{"micros":100184,"summary":{"0":{"step":1,"step_total":2,"duration_micros":42},"1":{"step":2,"step_total":2,"duration_micros":22}}}},"extraInfo":{}}}
+2025-07-01T16:34:43.755215943Z {"t":{"$date":"2025-07-01T16:34:43.755+00:00"},"s":"I",  "c":"NETWORK",  "id":6788700, "ctx":"conn233","msg":"Received first command on ingress connection since session start or auth handshake","attr":{"elapsedMillis":1}}
+2025-07-01T16:34:43.755361193Z {"t":{"$date":"2025-07-01T16:34:43.755+00:00"},"s":"I",  "c":"NETWORK",  "id":51800,   "ctx":"conn243","msg":"client metadata","attr":{"remote":"172.21.0.3:36552","client":"conn243","negotiatedCompressors":[],"doc":{"driver":{"name":"nodejs|Mongoose","version":"5.9.2|7.8.7"},"platform":"Node.js v18.20.8, LE","os":{"name":"linux","architecture":"x64","version":"5.15.146.1-microsoft-standard-WSL2","type":"Linux"}}}}
+2025-07-01T16:34:43.755428363Z {"t":{"$date":"2025-07-01T16:34:43.755+00:00"},"s":"I",  "c":"ACCESS",   "id":6788604, "ctx":"conn243","msg":"Auth metrics report","attr":{"metric":"acquireUser","micros":0}}
+2025-07-01T16:34:43.755610378Z {"t":{"$date":"2025-07-01T16:34:43.753+00:00"},"s":"I",  "c":"NETWORK",  "id":51800,   "ctx":"conn251","msg":"client metadata","attr":{"remote":"172.21.0.3:36612","client":"conn251","negotiatedCompressors":[],"doc":{"driver":{"name":"nodejs|Mongoose","version":"5.9.2|7.8.7"},"platform":"Node.js v18.20.8, LE","os":{"name":"linux","architecture":"x64","version":"5.15.146.1-microsoft-standard-WSL2","type":"Linux"}}}}
+2025-07-01T16:34:43.756411210Z {"t":{"$date":"2025-07-01T16:34:43.756+00:00"},"s":"I",  "c":"NETWORK",  "id":6788700, "ctx":"conn234","msg":"Received first command on ingress connection since session start or auth handshake","attr":{"elapsedMillis":4}}
+2025-07-01T16:34:43.757445159Z {"t":{"$date":"2025-07-01T16:34:43.757+00:00"},"s":"I",  "c":"NETWORK",  "id":51800,   "ctx":"conn238","msg":"client metadata","attr":{"remote":"172.21.0.3:36504","client":"conn238","negotiatedCompressors":[],"doc":{"driver":{"name":"nodejs|Mongoose","version":"5.9.2|7.8.7"},"platform":"Node.js v18.20.8, LE","os":{"name":"linux","architecture":"x64","version":"5.15.146.1-microsoft-standard-WSL2","type":"Linux"}}}}
+2025-07-01T16:34:43.757491529Z {"t":{"$date":"2025-07-01T16:34:43.757+00:00"},"s":"I",  "c":"ACCESS",   "id":6788604, "ctx":"conn238","msg":"Auth metrics report","attr":{"metric":"acquireUser","micros":0}}
+2025-07-01T16:34:43.851921393Z {"t":{"$date":"2025-07-01T16:34:43.851+00:00"},"s":"I",  "c":"COMMAND",  "id":51803,   "ctx":"conn24","msg":"Slow query","attr":{"type":"command","isFromUserConnection":true,"ns":"mydb.users","collectionType":"normal","command":{"insert":"users","documents":[{"name":"User-1","email":"user1@example.com","_id":{"$oid":"68640e2361e14447453254a9"},"__v":0}],"ordered":true,"lsid":{"id":{"$uuid":"3db98024-3daa-4d47-a58e-dd30d1f600ee"}},"$db":"mydb"},"ninserted":1,"keysInserted":1,"numYields":0,"reslen":45,"locks":{"ReplicationStateTransition":{"acquireCount":{"w":1}},"Global":{"acquireCount":{"w":1}},"Database":{"acquireCount":{"w":1}},"Collection":{"acquireCount":{"w":1}}},"flowControl":{"acquireCount":1},"storage":{"data":{"txnBytesDirty":266}},"cpuNanos":218200,"remote":"172.21.0.3:34608","protocol":"op_msg","queues":{"ingress":{"admissions":1},"execution":{"admissions":2}},"workingMillis":100,"durationMillis":100}}
+2025-07-01T16:34:43.853003406Z {"t":{"$date":"2025-07-01T16:34:43.753+00:00"},"s":"I",  "c":"ACCESS",   "id":5286306, "ctx":"conn197","msg":"Successfully authenticated","attr":{"client":"172.21.0.3:36128","isSpeculative":true,"isClusterMember":false,"mechanism":"SCRAM-SHA-256","user":"admin","db":"admin","result":0,"metrics":{"conversation_duration":{"micros":1398636,"summary":{"0":{"step":1,"step_total":2,"duration_micros":48},"1":{"step":2,"step_total":2,"duration_micros":9}}}},"extraInfo":{}}}
+2025-07-01T16:34:43.854737661Z {"t":{"$date":"2025-07-01T16:34:43.854+00:00"},"s":"I",  "c":"NETWORK",  "id":51800,   "ctx":"conn248","msg":"client metadata","attr":{"remote":"172.21.0.3:36600","client":"conn248","negotiatedCompressors":[],"doc":{"driver":{"name":"nodejs|Mongoose","version":"5.9.2|7.8.7"},"platform":"Node.js v18.20.8, LE","os":{"name":"linux","architecture":"x64","version":"5.15.146.1-microsoft-standard-WSL2","type":"Linux"}}}}
+2025-07-01T16:34:43.854795184Z {"t":{"$date":"2025-07-01T16:34:43.854+00:00"},"s":"I",  "c":"ACCESS",   "id":6788604, "ctx":"conn248","msg":"Auth metrics report","attr":{"metric":"acquireUser","micros":0}}
+2025-07-01T16:34:43.854800623Z {"t":{"$date":"2025-07-01T16:34:43.854+00:00"},"s":"I",  "c":"NETWORK",  "id":51800,   "ctx":"conn235","msg":"client metadata","attr":{"remote":"172.21.0.3:36470","client":"conn235","negotiatedCompressors":[],"doc":{"driver":{"name":"nodejs|Mongoose","version":"5.9.2|7.8.7"},"platform":"Node.js v18.20.8, LE","os":{"name":"linux","architecture":"x64","version":"5.15.146.1-microsoft-standard-WSL2","type":"Linux"}}}}
+2025-07-01T16:34:43.854805953Z {"t":{"$date":"2025-07-01T16:34:43.854+00:00"},"s":"I",  "c":"ACCESS",   "id":6788604, "ctx":"conn235","msg":"Auth metrics report","attr":{"metric":"acquireUser","micros":0}}
+2025-07-01T16:34:43.854809522Z {"t":{"$date":"2025-07-01T16:34:43.854+00:00"},"s":"I",  "c":"NETWORK",  "id":51800,   "ctx":"conn253","msg":"client metadata","attr":{"remote":"172.21.0.3:36634","client":"conn253","negotiatedCompressors":[],"doc":{"driver":{"name":"nodejs|Mongoose","version":"5.9.2|7.8.7"},"platform":"Node.js v18.20.8, LE","os":{"name":"linux","architecture":"x64","version":"5.15.146.1-microsoft-standard-WSL2","type":"Linux"}}}}
+2025-07-01T16:34:43.854814286Z {"t":{"$date":"2025-07-01T16:34:43.854+00:00"},"s":"I",  "c":"ACCESS",   "id":6788604, "ctx":"conn253","msg":"Auth metrics report","attr":{"metric":"acquireUser","micros":0}}
+2025-07-01T16:34:43.854912377Z {"t":{"$date":"2025-07-01T16:34:43.854+00:00"},"s":"I",  "c":"NETWORK",  "id":51800,   "ctx":"conn244","msg":"client metadata","attr":{"remote":"172.21.0.3:36562","client":"conn244","negotiatedCompressors":[],"doc":{"driver":{"name":"nodejs|Mongoose","version":"5.9.2|7.8.7"},"platform":"Node.js v18.20.8, LE","os":{"name":"linux","architecture":"x64","version":"5.15.146.1-microsoft-standard-WSL2","type":"Linux"}}}}
+2025-07-01T16:34:43.854927198Z {"t":{"$date":"2025-07-01T16:34:43.854+00:00"},"s":"I",  "c":"ACCESS",   "id":6788604, "ctx":"conn244","msg":"Auth metrics report","attr":{"metric":"acquireUser","micros":0}}
+2025-07-01T16:34:43.856020003Z {"t":{"$date":"2025-07-01T16:34:43.855+00:00"},"s":"I",  "c":"NETWORK",  "id":51800,   "ctx":"conn245","msg":"client metadata","attr":{"remote":"172.21.0.3:36578","client":"conn245","negotiatedCompressors":[],"doc":{"driver":{"name":"nodejs|Mongoose","version":"5.9.2|7.8.7"},"platform":"Node.js v18.20.8, LE","os":{"name":"linux","architecture":"x64","version":"5.15.146.1-microsoft-standard-WSL2","type":"Linux"}}}}
+2025-07-01T16:34:43.856061546Z {"t":{"$date":"2025-07-01T16:34:43.855+00:00"},"s":"I",  "c":"ACCESS",   "id":6788604, "ctx":"conn245","msg":"Auth metrics report","attr":{"metric":"acquireUser","micros":0}}
+2025-07-01T16:34:43.856090559Z {"t":{"$date":"2025-07-01T16:34:43.855+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.21.0.3:36656","isLoadBalanced":false,"uuid":{"uuid":{"$uuid":"750bf3e4-3e01-43d9-b17f-57d3fc9f5f2e"}},"connectionId":255,"connectionCount":255}}
+2025-07-01T16:34:49.990100508Z {"t":{"$date":"2025-07-01T16:34:49.990+00:00"},"s":"I",  "c":"ACCESS",   "id":6788604, "ctx":"conn275","msg":"Auth metrics report","attr":{"metric":"acquireUser","micros":0}}
+2025-07-01T16:34:49.990209910Z {"t":{"$date":"2025-07-01T16:34:49.990+00:00"},"s":"I",  "c":"NETWORK",  "id":22943,   "ctx":"listener","msg":"Connection accepted","attr":{"remote":"172.21.0.3:36908","isLoadBalanced":false,"uuid":{"uuid":{"$uuid":"1fa946f8-fe92-4648-bc78-385176b3bfa5"}},"connectionId":282,"connectionCount":282}}
+2025-07-01T16:34:49.994075886Z {"t":{"$date":"2025-07-01T16:34:49.993+00:00"},"s":"I",  "c":"ACCESS",   "id":5286306, "ctx":"conn279","msg":"Successfully authenticated","attr":{"client":"172.21.0.3:36880","isSpeculative":true,"isClusterMember":false,"mechanism":"SCRAM-SHA-256","user":"admin","db":"admin","result":0,"metrics":{"conversation_duration":{"micros":4913,"summary":{"0":{"step":1,"step_total":2,"duration_micros":40},"1":{"step":2,"step_total":2,"duration_micros":28}}}},"extraInfo":{}}}
+
diff --git a/rules/tags/categories.yaml b/rules/tags/categories.yaml
@@ -162,6 +162,17 @@ categories:
       Failures in systems that manage access control, identity, or permissions.
       This includes tools like SpiceDB, OPA, or Auth0 where schema, policy, or
       integration issues can block authentication or authorization flows.
+
+  - name: mongodb-resource-exhaustion
+    displayName: MongoDB Resource Exhaustion
+    description: MongoDB node becomes unresponsive due to memory or CPU exhaustion under high load
+  - name: performance-degradation
+    displayName: Performance Degradation
+    description: Problems where slow queries, timeouts, or degraded throughput occur under stress or resource limitations
+  - name: database-availability-problem
+    displayName: Database Availability Problems
+    description: Failures that cause MongoDB or similar systems to become unavailable due to crashes or overwhelming traffic
+
   - name: SpiceDB-datastore-failure
     displayName: SpiceDB Datastore Failure
     description: Failures in the datastore used by SpiceDB, which can lead to authentication or authorization issues.
diff --git a/rules/tags/tags.yaml b/rules/tags/tags.yaml
@@ -162,6 +162,9 @@ tags:
   - name: service
     displayName: Service
     description: Failures at the service or API layer of an application.
+  - name: cpu-memory-exhaustion
+    displayName: CPU/Memory Exhaustion
+    description: Scenarios where MongoDB becomes unresponsive or crashes due to overwhelming CPU or memory usage.
   - name: signature
     displayName: Signature
     description: Problems with signing or verifying cryptographic signatures.
