PYTHON-952 - Redact command and reply documents for sensitive commands

Author: behackett

pymongo/monitoring.py

@@ -149,6 +149,13 @@ def _handle_exception():
  finally:
  del einfo
 
+# Note - to avoid bugs from forgetting which if these is all lowercase and
+# which are camelCase, and at the same time avoid having to add a test for
+# every command, use all lowercase here and test against command_name.lower().
+_SENSITIVE_COMMANDS = set(
+ ["authenticate", "saslstart", "saslcontinue", "getnonce", "createuser",
+ "updateuser", "copydbgetnonce", "copydbsaslstart", "copydb"])
+
 
 class _CommandEvent(object):
  """Base class for command events."""
@@ -201,7 +208,10 @@ def __init__(self, command, database_name, *args):
  # Command name must be first key.
  command_name = next(iter(command))
  super(CommandStartedEvent, self).__init__(command_name, *args)
- self.__cmd = command
+ if command_name.lower() in _SENSITIVE_COMMANDS:
+ self.__cmd = {}
+ else:
+ self.__cmd = command
  self.__db = database_name
 
  @property
@@ -229,10 +239,15 @@ class CommandSucceededEvent(_CommandEvent):
  """
  __slots__ = ("__duration_micros", "__reply")
 
- def __init__(self, duration, reply, *args):
- super(CommandSucceededEvent, self).__init__(*args)
+ def __init__(self, duration, reply, command_name,
+ request_id, connection_id, operation_id):
+ super(CommandSucceededEvent, self).__init__(
+ command_name, request_id, connection_id, operation_id)
  self.__duration_micros = _to_micros(duration)
- self.__reply = reply
+ if command_name.lower() in _SENSITIVE_COMMANDS:
+ self.__reply = {}
+ else:
+ self.__reply = reply
 
  @property
  def duration_micros(self):

test/test_monitoring.py

@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+import datetime
 import sys
 import time
 import warnings
@@ -1229,6 +1230,34 @@ def test_first_batch_helper(self):
  self.assertEqual(started.request_id, succeeded.request_id)
  self.assertEqual(started.connection_id, succeeded.connection_id)
 
+ def test_sensitive_commands(self):
+ listeners = self.client._event_listeners
+
+ self.listener.results.clear()
+ cmd = SON([("getnonce", 1)])
+ listeners.publish_command_start(
+ cmd, "pymongo_test", 12345, self.client.address)
+ delta = datetime.timedelta(milliseconds=100)
+ listeners.publish_command_success(
+ delta, {'nonce': 'e474f4561c5eb40b', 'ok': 1.0},
+ "getnonce", 12345, self.client.address)
+ results = self.listener.results
+ started = results['started'][0]
+ succeeded = results['succeeded'][0]
+ self.assertEqual(0, len(results['failed']))
+ self.assertIsInstance(started, monitoring.CommandStartedEvent)
+ self.assertEqual({}, started.command)
+ self.assertEqual('pymongo_test', started.database_name)
+ self.assertEqual('getnonce', started.command_name)
+ self.assertIsInstance(started.request_id, int)
+ self.assertEqual(self.client.address, started.connection_id)
+ self.assertIsInstance(succeeded, monitoring.CommandSucceededEvent)
+ self.assertEqual(succeeded.duration_micros, 100000)
+ self.assertEqual(started.command_name, succeeded.command_name)
+ self.assertEqual(started.request_id, succeeded.request_id)
+ self.assertEqual(started.connection_id, succeeded.connection_id)
+ self.assertEqual({}, succeeded.reply)
+
 
 class TestGlobalListener(unittest.TestCase):