Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some MongoDB client errors are leaking query details. #76

Open
mattcollier opened this issue Oct 4, 2021 · 1 comment
Open

Some MongoDB client errors are leaking query details. #76

mattcollier opened this issue Oct 4, 2021 · 1 comment
Labels
Priority 2 Important but not critical

Comments

@mattcollier
Copy link
Contributor

mattcollier commented Oct 4, 2021
edited
Loading

The following error was captured from application logs. L14 appears to include the data of the actual query that failed. Although it was not the case in this instance, this data could potentially include secrets that do not belong in application logs.

The task is to ensure that secrets are not leaked into logs via MongoDB client errors like this. Perhaps there is a way to control the verbosity of errors generated by the client, otherwise it may be that the Bedrock error handling needs to redact some details from the logging.

https://gist.github.com/mattcollier/a899544dadc7f60dbea505db331d1cc4#file-verbose-error-json-L14

Here is the overly verbose text from L14.

"inspect": "MongoError: Encountered non-retryable error during query :: caused by :: Couldn't get a connection within the time limit\n at MessageStream.messageHandler (/home/node/app/node_modules/mongodb/lib/cmap/connection.js:272:20)\n at MessageStream.emit (events.js:375:28)\n at MessageStream.emit (domain.js:470:12)\n at processIncomingData (/home/node/app/node_modules/mongodb/lib/cmap/message_stream.js:144:12)\n at MessageStream._write (/home/node/app/node_modules/mongodb/lib/cmap/message_stream.js:42:5)\n at writeOrBuffer (internal/streams/writable.js:358:12)\n at MessageStream.Writable.write (internal/streams/writable.js:303:10)\n at TLSSocket.ondata (internal/streams/readable.js:726:22)\n at TLSSocket.emit (events.js:375:28)\n at TLSSocket.emit (domain.js:470:12) {\n ok: 0,\n code: 202,\n codeName: 'NetworkInterfaceExceededTimeLimit',\n operationTime: Timestamp { _bsontype: 'Timestamp', low_: 4, high_: 1633366357 },\n '$clusterTime': {\n clusterTime: Timestamp { _bsontype: 'Timestamp', low_: 4, high_: 1633366357 },\n signature: {\n hash: <Buffer 99 1d cd 41 81 c6 bd b7 00 41 8c e9 c7 08 03 c9 76 1e af b3>,\n keyId: Long { _bsontype: 'Long', low_: 3, high_: 1618716039 }\n }\n }\n}",
@dmitrizagidulin dmitrizagidulin added the Priority 1 Critical label Nov 24, 2021
@dlongley dlongley added Priority 2 Important but not critical and removed Priority 1 Critical labels Mar 17, 2022
@aljones15
Copy link
Contributor

aljones15 commented Aug 31, 2022
edited
Loading

have we considered sanitizing error messages for buffers then?

I'm assuming the sensitive information is this:

signature: {\n hash: <Buffer 99 1d cd 41 81 c6 bd b7 00 41 8c e9 c7 08 03 c9 76 1e af b3>,\n keyId: Long { bsontype: 'Long', low: 3, high_: 1618716039 }\n }\n }\n}",

This also seems to be library specific, bedrock-kms doesn't want key material logged, bedrock-account doesn't want password and email info logged, etc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority 2 Important but not critical
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dlongley @aljones15 @mattcollier @dmitrizagidulin