You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The following error was captured from application logs. L14 appears to include the data of the actual query that failed. Although it was not the case in this instance, this data could potentially include secrets that do not belong in application logs.
The task is to ensure that secrets are not leaked into logs via MongoDB client errors like this. Perhaps there is a way to control the verbosity of errors generated by the client, otherwise it may be that the Bedrock error handling needs to redact some details from the logging.
have we considered sanitizing error messages for buffers then?
I'm assuming the sensitive information is this:
signature: {\n hash: <Buffer 99 1d cd 41 81 c6 bd b7 00 41 8c e9 c7 08 03 c9 76 1e af b3>,\n keyId: Long { bsontype: 'Long', low: 3, high_: 1618716039 }\n }\n }\n}",
This also seems to be library specific, bedrock-kms doesn't want key material logged, bedrock-account doesn't want password and email info logged, etc.
The following error was captured from application logs. L14 appears to include the data of the actual query that failed. Although it was not the case in this instance, this data could potentially include secrets that do not belong in application logs.
The task is to ensure that secrets are not leaked into logs via MongoDB client errors like this. Perhaps there is a way to control the verbosity of errors generated by the client, otherwise it may be that the Bedrock error handling needs to redact some details from the logging.
https://gist.github.com/mattcollier/a899544dadc7f60dbea505db331d1cc4#file-verbose-error-json-L14
Here is the overly verbose text from L14.
"inspect": "MongoError: Encountered non-retryable error during query :: caused by :: Couldn't get a connection within the time limit\n at MessageStream.messageHandler (/home/node/app/node_modules/mongodb/lib/cmap/connection.js:272:20)\n at MessageStream.emit (events.js:375:28)\n at MessageStream.emit (domain.js:470:12)\n at processIncomingData (/home/node/app/node_modules/mongodb/lib/cmap/message_stream.js:144:12)\n at MessageStream._write (/home/node/app/node_modules/mongodb/lib/cmap/message_stream.js:42:5)\n at writeOrBuffer (internal/streams/writable.js:358:12)\n at MessageStream.Writable.write (internal/streams/writable.js:303:10)\n at TLSSocket.ondata (internal/streams/readable.js:726:22)\n at TLSSocket.emit (events.js:375:28)\n at TLSSocket.emit (domain.js:470:12) {\n ok: 0,\n code: 202,\n codeName: 'NetworkInterfaceExceededTimeLimit',\n operationTime: Timestamp { _bsontype: 'Timestamp', low_: 4, high_: 1633366357 },\n '$clusterTime': {\n clusterTime: Timestamp { _bsontype: 'Timestamp', low_: 4, high_: 1633366357 },\n signature: {\n hash: <Buffer 99 1d cd 41 81 c6 bd b7 00 41 8c e9 c7 08 03 c9 76 1e af b3>,\n keyId: Long { _bsontype: 'Long', low_: 3, high_: 1618716039 }\n }\n }\n}",
The text was updated successfully, but these errors were encountered: