RUBY-1021 Use SensitiveOptions class to redact option fields when printing

estolfo · estolfo · commit a10066a84e9b · 2015-09-08T15:12:56.000-04:00
diff --git a/lib/mongo/client.rb b/lib/mongo/client.rb
@@ -292,14 +292,14 @@ def list_databases
     private
 
     def create_from_addresses(addresses, opts = {})
-      @options = Database::DEFAULT_OPTIONS.merge(opts).freeze
+      @options = Options::SensitiveOptions.new.merge(Database::DEFAULT_OPTIONS.merge(opts)).freeze
       @cluster = Cluster.new(addresses, @monitoring, options)
       @database = Database.new(self, options[:database], options)
     end
 
     def create_from_uri(connection_string, opts = {})
       uri = URI.new(connection_string, opts)
-      @options = Database::DEFAULT_OPTIONS.merge(uri.client_options.merge(opts)).freeze
+      @options = Options::SensitiveOptions.new.merge(Database::DEFAULT_OPTIONS.merge(uri.client_options.merge(opts))).freeze
       @cluster = Cluster.new(uri.servers, @monitoring, options)
       @database = Database.new(self, options[:database], options)
     end
diff --git a/lib/mongo/options.rb b/lib/mongo/options.rb
@@ -13,3 +13,4 @@
 # limitations under the License.
 
 require 'mongo/options/mapper'
+require 'mongo/options/sensitive_options'
diff --git a/lib/mongo/options/sensitive_options.rb b/lib/mongo/options/sensitive_options.rb
@@ -0,0 +1,37 @@
+# Copyright (C) 2015 MongoDB, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module Mongo
+  module Options
+
+    SENSITIVE_OPTIONS = [:password, :pwd]
+    REDACTED_STRING = '<REDACTED>'
+
+    class SensitiveOptions < BSON::Document
+
+      def inspect
+        '{' + reduce('') do |string, (k, v)|
+          string << "#{k}=>#{redact(k,v)}"
+        end + '}'
+      end
+
+      private
+
+      def redact(k, v)
+        return REDACTED_STRING if SENSITIVE_OPTIONS.include?(k.to_sym)
+        v.inspect
+      end
+    end
+  end
+end
diff --git a/lib/mongo/server/connection.rb b/lib/mongo/server/connection.rb
@@ -183,7 +183,7 @@ def deliver(messages)
       def setup_authentication!
         if options[:user]
           default_mechanism = @server.features.scram_sha_1_enabled? ? :scram : :mongodb_cr
-          user = Auth::User.new({ :auth_mech => default_mechanism }.merge(options))
+          user = Auth::User.new(Options::SensitiveOptions.new(:auth_mech => default_mechanism).merge(options))
           @authenticator = Auth.get(user)
         end
       end

Original file line number	Diff line number	Diff line change
`@@ -13,3 +13,4 @@`
`13`	`13`	`# limitations under the License.`
`14`	`14`
`15`	`15`	`require 'mongo/options/mapper'`
	`16`	`+require 'mongo/options/sensitive_options'`