Merge pull request #687 from estolfo/RUBY-1021-sensitive-opts

RUBY-1021 Use Redacted options class to redact option fields when printing

Author: estolfo

lib/mongo.rb

@@ -15,6 +15,7 @@
 require 'forwardable'
 require 'bson'
 require 'openssl'
+require 'mongo/options'
 require 'mongo/loggable'
 require 'mongo/monitoring'
 require 'mongo/logger'
@@ -32,7 +33,6 @@
 require 'mongo/dbref'
 require 'mongo/grid'
 require 'mongo/index'
-require 'mongo/options'
 require 'mongo/protocol'
 require 'mongo/server'
 require 'mongo/server_selector'

lib/mongo/client.rb

@@ -153,7 +153,7 @@ def hash
     #   logs at the default 250 characters.
     #
     # @since 2.0.0
-    def initialize(addresses_or_uri, options = {})
+    def initialize(addresses_or_uri, options = Options::Redacted.new)
       @monitoring = Monitoring.new(options)
       if addresses_or_uri.is_a?(::String)
         create_from_uri(addresses_or_uri, options)
@@ -185,7 +185,7 @@ def inspect
     #
     # @since 2.0.0
     def read_preference
-      @read_preference ||= ServerSelector.get((options[:read] || {}).merge(options))
+      @read_preference ||= ServerSelector.get(Options::Redacted.new(options[:read] || {}).merge(options))
     end
 
     # Use the database with the provided name. This will switch the current
@@ -215,9 +215,9 @@ def use(name)
     # @return [ Mongo::Client ] A new client instance.
     #
     # @since 2.0.0
-    def with(new_options = {})
+    def with(new_options = Options::Redacted.new)
       clone.tap do |client|
-        opts = new_options || {}
+        opts = Options::Redacted.new(new_options) || Options::Redacted.new
         client.options.update(opts)
         Database.create(client)
         # We can't use the same cluster if some options that would affect it
@@ -291,15 +291,15 @@ def list_databases
 
     private
 
-    def create_from_addresses(addresses, opts = {})
-      @options = Database::DEFAULT_OPTIONS.merge(opts).freeze
+    def create_from_addresses(addresses, opts = Options::Redacted.new)
+      @options = Options::Redacted.new(Database::DEFAULT_OPTIONS.merge(opts)).freeze
       @cluster = Cluster.new(addresses, @monitoring, options)
       @database = Database.new(self, options[:database], options)
     end
 
-    def create_from_uri(connection_string, opts = {})
+    def create_from_uri(connection_string, opts = Options::Redacted.new)
       uri = URI.new(connection_string, opts)
-      @options = Database::DEFAULT_OPTIONS.merge(uri.client_options.merge(opts)).freeze
+      @options = Options::Redacted.new(Database::DEFAULT_OPTIONS.merge(uri.client_options.merge(opts))).freeze
       @cluster = Cluster.new(uri.servers, @monitoring, options)
       @database = Database.new(self, options[:database], options)
     end
@@ -314,7 +314,7 @@ def initialize_copy(original)
 
     def cluster_modifying?(new_options)
       cluster_options = new_options.reject do |name|
-        CRUD_OPTIONS.include?(name)
+        CRUD_OPTIONS.include?(name.to_sym)
       end
       cluster_options.any? do |name, value|
         options[name] != value

lib/mongo/cluster.rb

@@ -88,7 +88,7 @@ def add(host)
     # @param [ Hash ] options The options.
     #
     # @since 2.0.0
-    def initialize(seeds, monitoring, options = {})
+    def initialize(seeds, monitoring, options = Options::Redacted.new)
       @addresses = []
       @servers = []
       @monitoring = monitoring
@@ -125,7 +125,7 @@ def inspect
     #
     # @since 2.0.0
     def next_primary
-      ServerSelector.get({ mode: :primary }.merge(options)).select_server(self)
+      ServerSelector.get(ServerSelector::PRIMARY.merge(options)).select_server(self)
     end
 
     # Elect a primary server from the description that has just changed to a

lib/mongo/collection/view/readable.rb

@@ -298,7 +298,8 @@ def projection(document = nil)
         # @since 2.0.0
         def read(value = nil)
           return default_read if value.nil?
-          configure(:read, value.is_a?(Hash) ? ServerSelector.get(value) : value)
+          selector = value.is_a?(Hash) ? ServerSelector.get(client.options.merge(value)) : value
+          configure(:read, selector)
         end
 
         # Set whether to return only the indexed field or fields.

lib/mongo/database.rb

@@ -36,7 +36,7 @@ class Database
     # The default database options.
     #
     # @since 2.0.0
-    DEFAULT_OPTIONS = { :database => ADMIN }.freeze
+    DEFAULT_OPTIONS = Options::Redacted.new(:database => ADMIN).freeze
 
     # Database name field constant.
     #
@@ -148,7 +148,7 @@ def collections
     #
     # @return [ Hash ] The result of the command execution.
     def command(operation, opts = {})
-      preference = opts[:read] ? ServerSelector.get(opts[:read].merge(options)) : read_preference
+      preference = opts[:read] ? ServerSelector.get(client.options.merge(opts[:read])) : read_preference
       server = preference.select_server(cluster)
       Operation::Command.new({
         :selector => operation,

lib/mongo/grid/fs_bucket.rb

@@ -19,6 +19,7 @@ module Grid
     #
     # @since 2.0.0
     class FSBucket
+      extend Forwardable
 
       # The default root prefix.
       #
@@ -55,6 +56,12 @@ class FSBucket
       # @since 2.1.0
       attr_reader :options
 
+      # Get client from the database.
+      #
+      # @since 2.1.0
+      def_delegators :database,
+                     :client
+
       # Find files collection documents matching a given selector.
       #
       # @example Find files collection documents by a filename.
@@ -395,7 +402,7 @@ def upload_from_stream(filename, io, opts = {})
       # @since 2.1.0
       def read_preference
         @read_preference ||= @options[:read] ?
-            ServerSelector.get((@options[:read] || {}).merge(database.options)) :
+            ServerSelector.get(Options::Redacted.new((@options[:read] || {}).merge(client.options))) :
             database.read_preference
       end
 

lib/mongo/grid/stream/read.rb

@@ -134,7 +134,7 @@ def closed?
           # @since 2.1.0
           def read_preference
             @read_preference ||= @options[:read] ?
-                ServerSelector.get((@options[:read] || {}).merge(fs.options)) :
+                ServerSelector.get(Options::Redacted.new((@options[:read] || {}).merge(fs.options))) :
                 fs.read_preference
           end
 

lib/mongo/options.rb

@@ -13,3 +13,4 @@
 # limitations under the License.
 
 require 'mongo/options/mapper'
+require 'mongo/options/redacted'

lib/mongo/options/redacted.rb

@@ -0,0 +1,156 @@
+# Copyright (C) 2015 MongoDB, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module Mongo
+  module Options
+
+    # Class for wrapping options that could be sensitive.
+    # When printed, the sensitive values will be redacted.
+    #
+    # @since 2.1.0
+    class Redacted < BSON::Document
+
+      # The options whose values will be redacted.
+      #
+      # @since 2.1.0
+      SENSITIVE_OPTIONS = [ :password,
+                            :pwd ].freeze
+
+      # The replacement string used in place of the value for sensitive keys.
+      #
+      # @since 2.1.0
+      STRING_REPLACEMENT = '<REDACTED>'.freeze
+
+      # Get a string representation of the options.
+      #
+      # @return [ String ] The string representation of the options.
+      #
+      # @since 2.1.0
+      def inspect
+        redacted_string(:inspect)
+      end
+
+      # Get a string representation of the options.
+      #
+      # @return [ String ] The string representation of the options.
+      #
+      # @since 2.1.0
+      def to_s
+        redacted_string(:to_s)
+      end
+
+      # Whether these options contain a given key.
+      #
+      # @example Determine if the options contain a given key.
+      #   options.has_key?(:name)
+      #
+      # @param [ String, Symbol ] key The key to check for existence.
+      #
+      # @return [ true, false ] If the options contain the given key.
+      #
+      # @since 2.1.0
+      def has_key?(key)
+        super(convert_key(key))
+      end
+      alias_method :key?, :has_key?
+
+      # Returns a new options object consisting of pairs for which the block returns false.
+      #
+      # @example Get a new options object with pairs for which the block returns false.
+      #   new_options = options.reject { |k, v| k == 'database' }
+      #
+      # @yieldparam [ String, Object ] The key as a string and its value.
+      #
+      # @return [ Options::Redacted ] A new options object.
+      #
+      # @since 2.1.0
+      def reject(&block)
+        new_options = dup
+        new_options.reject!(&block) || new_options
+      end
+
+      # Only keeps pairs for which the block returns false.
+      #
+      # @example Remove pairs from this object for which the block returns true.
+      #   options.reject! { |k, v| k == 'database' }
+      #
+      # @yieldparam [ String, Object ] The key as a string and its value.
+      #
+      # @return [ Options::Redacted, nil ] This object or nil if no changes were made.
+      #
+      # @since 2.1.0
+      def reject!
+        if block_given?
+          n_keys = keys.size
+          keys.each do |key|
+            delete(key) if yield(key, self[key])
+          end
+          n_keys == keys.size ? nil : self
+        else
+          to_enum
+        end
+      end
+
+      # Returns a new options object consisting of pairs for which the block returns true.
+      #
+      # @example Get a new options object with pairs for which the block returns true.
+      #   ssl_options = options.select { |k, v| k =~ /ssl/ }
+      #
+      # @yieldparam [ String, Object ] The key as a string and its value.
+      #
+      # @return [ Options::Redacted ] A new options object.
+      #
+      # @since 2.1.0
+      def select(&block)
+        new_options = dup
+        new_options.select!(&block) || new_options
+      end
+
+      # Only keeps pairs for which the block returns true.
+      #
+      # @example Remove pairs from this object for which the block does not return true.
+      #   options.select! { |k, v| k =~ /ssl/ }
+      #
+      # @yieldparam [ String, Object ] The key as a string and its value.
+      #
+      # @return [ Options::Redacted, nil ] This object or nil if no changes were made.
+      #
+      # @since 2.1.0
+      def select!
+        if block_given?
+          n_keys = keys.size
+          keys.each do |key|
+            delete(key) unless yield(key, self[key])
+          end
+          n_keys == keys.size ? nil : self
+        else
+          to_enum
+        end
+      end
+
+      private
+
+      def redacted_string(method)
+        '{' + reduce([]) do |list, (k, v)|
+          list << "#{k.send(method)}=>#{redact(k, v, method)}"
+        end.join(', ') + '}'
+      end
+
+      def redact(k, v, method)
+        return STRING_REPLACEMENT if SENSITIVE_OPTIONS.include?(k.to_sym)
+        v.send(method)
+      end
+    end
+  end
+end

lib/mongo/server/connection.rb

@@ -183,7 +183,7 @@ def deliver(messages)
       def setup_authentication!
         if options[:user]
           default_mechanism = @server.features.scram_sha_1_enabled? ? :scram : :mongodb_cr
-          user = Auth::User.new({ :auth_mech => default_mechanism }.merge(options))
+          user = Auth::User.new(Options::Redacted.new(:auth_mech => default_mechanism).merge(options))
           @authenticator = Auth.get(user)
         end
       end

lib/mongo/server_selector.rb

@@ -38,6 +38,11 @@ module ServerSelector
     # @since 2.0.0
     SERVER_SELECTION_TIMEOUT = 30.freeze
 
+    # Primary read preference.
+    #
+    # @since 2.1.0
+    PRIMARY = Options::Redacted.new(mode: :primary).freeze
+
     # Hash lookup for the selector classes based off the symbols
     #   provided in configuration.
     #

lib/mongo/server_selector/selectable.rb

@@ -61,10 +61,10 @@ def ==(other)
       #
       # @since 2.0.0
       def initialize(options = {})
+        @options = (options || {}).freeze
         tag_sets = options[:tag_sets] || []
         validate_tag_sets!(tag_sets)
-        @tag_sets = tag_sets
-        @options = options
+        @tag_sets = tag_sets.freeze
       end
 
       # Select a server from eligible candidates.

lib/mongo/uri.rb

@@ -268,7 +268,7 @@ def split_creds_hosts(string)
 
     def parse_db_opts!(string)
       auth_db, d, uri_opts = string.partition(URI_OPTS_DELIM)
-      @uri_options = parse_uri_options!(uri_opts)
+      @uri_options = Options::Redacted.new(parse_uri_options!(uri_opts))
       @database = parse_database!(auth_db)
     end