Merge pull request #686 from mongodb/SPEC-319

SPEC-319: Redact sensitive events

Author: durran

lib/mongo/monitoring/event.rb

@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require 'mongo/monitoring/event/secure'
 require 'mongo/monitoring/event/command_started'
 require 'mongo/monitoring/event/command_succeeded'
 require 'mongo/monitoring/event/command_failed'

lib/mongo/monitoring/event/command_started.rb

@@ -20,6 +20,7 @@ module Event
       #
       # @since 2.1.0
       class CommandStarted
+        include Secure
 
         # @return [ Server::Address ] address The server address.
         attr_reader :address
@@ -57,7 +58,7 @@ def initialize(command_name, database_name, address, request_id, operation_id, c
           @address = address
           @request_id = request_id
           @operation_id = operation_id
-          @command = command
+          @command = redacted(command_name, command)
         end
 
         # Create the event from a wire protocol message payload.

lib/mongo/monitoring/event/command_succeeded.rb

@@ -20,6 +20,7 @@ module Event
       #
       # @since 2.1.0
       class CommandSucceeded
+        include Secure
 
         # @return [ Server::Address ] address The server address.
         attr_reader :address
@@ -61,7 +62,7 @@ def initialize(command_name, database_name, address, request_id, operation_id, r
           @address = address
           @request_id = request_id
           @operation_id = operation_id
-          @reply = reply
+          @reply = redacted(command_name, reply)
           @duration = duration
         end
 

lib/mongo/monitoring/event/secure.rb

@@ -0,0 +1,58 @@
+# Copyright (C) 2015 MongoDB, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the 'License');
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an 'AS IS' BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module Mongo
+  class Monitoring
+    module Event
+
+      # Provides behaviour to redact sensitive information from commands and
+      # replies.
+      #
+      # @since 2.1.0
+      module Secure
+
+        # The list of commands that has the data redacted for security.
+        #
+        # @since 2.1.0
+        REDACTED_COMMANDS = [
+          'authenticate',
+          'saslStart',
+          'saslContinue',
+          'getnonce',
+          'createUser',
+          'updateUser',
+          'copydbgetnonce',
+          'copydbsaslstart',
+          'copydb'
+        ].freeze
+
+        # Redact secure information from the document if it's command is in the
+        # list.
+        #
+        # @example Get the redacted document.
+        #   secure.redacted(command_name, document)
+        #
+        # @param [ String, Symbol ] command_name The command name.
+        # @param [ BSON::Document ] document The document.
+        #
+        # @return [ BSON::Document ] The redacted document.
+        #
+        # @since 2.1.0
+        def redacted(command_name, document)
+          REDACTED_COMMANDS.include?(command_name.to_s) ? BSON::Document.new : document
+        end
+      end
+    end
+  end
+end

spec/mongo/monitoring/event/command_started_spec.rb

@@ -0,0 +1,26 @@
+require 'spec_helper'
+
+describe Mongo::Monitoring::Event::CommandStarted do
+
+  describe '#initialize' do
+
+    let(:address) do
+      Mongo::Address.new('127.0.0.1:27017')
+    end
+
+    let(:command) do
+      BSON::Document.new(test: 'value')
+    end
+
+    context 'when the command should be redacted' do
+
+      let(:event) do
+        described_class.new('copydb', 'admin', address, 1, 2, command)
+      end
+
+      it 'sets the command to an empty document' do
+        expect(event.command).to be_empty
+      end
+    end
+  end
+end

spec/mongo/monitoring/event/command_succeeded_spec.rb

@@ -0,0 +1,26 @@
+require 'spec_helper'
+
+describe Mongo::Monitoring::Event::CommandSucceeded do
+
+  describe '#initialize' do
+
+    let(:address) do
+      Mongo::Address.new('127.0.0.1:27017')
+    end
+
+    let(:reply) do
+      BSON::Document.new(test: 'value')
+    end
+
+    context 'when the reply should be redacted' do
+
+      let(:event) do
+        described_class.new('copydb', 'admin', address, 1, 2, reply, 0.5)
+      end
+
+      it 'sets the reply to an empty document' do
+        expect(event.reply).to be_empty
+      end
+    end
+  end
+end

spec/mongo/monitoring/event/secure_spec.rb

@@ -0,0 +1,57 @@
+require 'spec_helper'
+
+describe Mongo::Monitoring::Event::Secure do
+
+  let(:document) do
+    BSON::Document.new(test: 'value')
+  end
+
+  let(:klass) do
+    Class.new do
+      include Mongo::Monitoring::Event::Secure
+    end
+  end
+
+  describe '#redacted' do
+
+    let(:secure) do
+      klass.new
+    end
+
+    context 'when the command must be redacted' do
+
+      context 'when the command name is a string' do
+
+        let(:redacted) do
+          secure.redacted('saslStart', document)
+        end
+
+        it 'returns an empty document' do
+          expect(redacted).to be_empty
+        end
+      end
+
+      context 'when the command name is a symbol' do
+
+        let(:redacted) do
+          secure.redacted(:saslStart, document)
+        end
+
+        it 'returns an empty document' do
+          expect(redacted).to be_empty
+        end
+      end
+    end
+
+    context 'when the command is not in the redacted list' do
+
+      let(:redacted) do
+        secure.redacted(:find, document)
+      end
+
+      it 'returns the document' do
+        expect(redacted).to eq(document)
+      end
+    end
+  end
+end