Module: Mongo::Monitoring::Event::Secure

Included in:

CommandFailed, CommandStarted, CommandSucceeded, Protocol::Msg, Protocol::Query

Defined in:

lib/mongo/monitoring/event/secure.rb

Overview

Provides behavior to redact sensitive information from commands and replies.

Since:

• 2.1.0

Constant Summary

REDACTED_COMMANDS =

The list of commands that has the data redacted for security.

Since:

• 2.1.0

[
  'authenticate',
  'saslStart',
  'saslContinue',
  'getnonce',
  'createUser',
  'updateUser',
  'copydbgetnonce',
  'copydbsaslstart',
  'copydb'
].freeze

Instance Method Summary

• #compression_allowed?(command_name) ⇒ true, false

  Is compression allowed for a given command message.

• #redacted(command_name, document) ⇒ BSON::Document

  Redact secure information from the document if: - its command is in the sensitive commands; - its command is a hello/legacy hello command, and speculative authentication is enabled; - corresponding started event is sensitive.

• #sensitive?(command_name:, document:) ⇒ true | false

  Check whether the command is sensitive in terms of command monitoring spec.

Instance Method Details

#compression_allowed?(command_name) ⇒ true, false

Is compression allowed for a given command message.

Examples:

Determine if compression is allowed for a given command.

secure.compression_allowed?(selector)

Parameters:

• command_name (String, Symbol) —

  The command name.

Returns:

• (true, false) —

  Whether compression can be used.

Since:

• 2.5.0

# File 'lib/mongo/monitoring/event/secure.rb', line 106

def compression_allowed?(command_name)
  @compression_allowed ||= !REDACTED_COMMANDS.include?(command_name.to_s)
end

#redacted(command_name, document) ⇒ BSON::Document

Redact secure information from the document if:

- its command is in the sensitive commands;
- its command is a hello/legacy hello command, and
  speculative authentication is enabled;
- corresponding started event is sensitive.

Examples:

Get the redacted document.

secure.redacted(command_name, document)

Parameters:

• command_name (String, Symbol) —

  The command name.

• document (BSON::Document) —

  The document.

Returns:

• (BSON::Document) —

  The redacted document.

Since:

• 2.1.0

# File 'lib/mongo/monitoring/event/secure.rb', line 83

def redacted(command_name, document)
  if %w(1 true yes).include?(ENV['MONGO_RUBY_DRIVER_UNREDACT_EVENTS']&.downcase)
    document
  elsif respond_to?(:started_event) && started_event.sensitive
    return BSON::Document.new
  elsif sensitive?(command_name: command_name, document: document)
    BSON::Document.new
  else
    document
  end
end

#sensitive?(command_name:, document:) ⇒ true | false

Check whether the command is sensitive in terms of command monitoring spec. A command is detected as sensitive if it is in the list or if it is a hello/legacy hello command, and speculative authentication is enabled.

Parameters:

• command_name (String, Symbol) —

  The command name.

• document (BSON::Document) —

  The document.

Returns:

• (true | false) —

  Whether the command is sensitive.

Since:

• 2.1.0

# File 'lib/mongo/monitoring/event/secure.rb', line 52

def sensitive?(command_name:, document:)
  if REDACTED_COMMANDS.include?(command_name.to_s)
    true
  elsif %w(hello ismaster isMaster).include?(command_name.to_s) &&
    document['speculativeAuthenticate']
    then
    # According to Command Monitoring spec,for hello/legacy hello commands
    # when speculativeAuthenticate is present, their commands AND replies
    # MUST be redacted from the events.
    # See https://github.com/mongodb/specifications/blob/master/source/command-logging-and-monitoring/command-logging-and-monitoring.rst#security
    true
  else
    false
  end
end