CBG-4767 2: Make AuditIDDocumentRead tolerant to invalid SyncData in _raw endpoint (#7653)

Co-authored-by: Copilot <[email protected]>

Author: bbrks

base/logger_audit.go

@@ -115,6 +115,12 @@ func (f AuditFields) merge(ctx context.Context, overwrites AuditFields) AuditFie
 	return f
 }
 
+// AuditEventIsEnabled checks if the given audit event ID is enabled for the current context.
+// This may be used to avoid the cost of some data processing/gathering ahead of an audit event.
+func AuditEventIsEnabled(ctx context.Context, id AuditID) bool {
+	return auditLogger.Load().shouldLog(id, ctx)
+}
+
 // Audit creates and logs an audit event for the given ID and a set of additional data associated with the request.
 func Audit(ctx context.Context, id AuditID, additionalData AuditFields) {
 	var fields AuditFields

rest/admin_api.go

@@ -1471,17 +1471,20 @@ func (h *handler) handleGetRawDoc() error {
 	base.Audit(h.ctx(), base.AuditIDDocumentMetadataRead, base.AuditFields{
 		base.AuditFieldDocID: docID,
 	})
-	if includeDoc {
-		// try to extract a revision from the sync data
+	if includeDoc && base.AuditEventIsEnabled(h.ctx(), base.AuditIDDocumentRead) {
+		// best-effort attempt to extract a revision from the raw sync data
 		docCurrentRev := "unknown"
 		if syncData, ok := xattrValues[base.SyncXattrName]; ok {
 			var sdRev struct {
 				Rev channels.RevAndVersion `json:"rev"`
 			}
 			if err := json.Unmarshal(syncData, &sdRev); err != nil {
-				return base.HTTPErrorf(http.StatusInternalServerError, "couldn't unmarshal rev from SyncData for doc %q: %s", base.UD(docID), err)
+				// syncData is not normally generally redacted, but in this case we know it's malformed in some way and want the raw data in the log message.
+				// This data may contain channel names, etc. which _are_ classed as UserData, so tag the whole thing.
+				base.WarnfCtx(h.ctx(), "couldn't unmarshal doc %q SyncData xattr value %q: %s", base.UD(docID), base.UD(syncData), err)
+			} else {
+				docCurrentRev = sdRev.Rev.RevTreeID
 			}
-			docCurrentRev = sdRev.Rev.RevTreeID
 		}
 		base.Audit(h.ctx(), base.AuditIDDocumentRead, base.AuditFields{
 			base.AuditFieldDocID:      docID,

rest/api_test.go

@@ -1855,12 +1855,20 @@ func TestChanCacheActiveRevsStat(t *testing.T) {
 
 }
 
-func TestGetRawDocumentError(t *testing.T) {
+func TestGetRawDocumentErrors(t *testing.T) {
 	rt := NewRestTester(t, nil)
 	defer rt.Close()
 
-	response := rt.SendAdminRequest("GET", "/{{.keyspace}}/_raw/doc", ``)
+	// not found
+	response := rt.SendAdminRequest(http.MethodGet, "/{{.keyspace}}/_raw/"+t.Name(), ``)
 	assert.Equal(t, http.StatusNotFound, response.Code)
+
+	// invalid sync data
+	_, err := rt.GetSingleDataStore().WriteWithXattrs(t.Context(), t.Name()+"invalsyncdata", 0, 0, []byte(`{"doc":"body"}`),
+		map[string][]byte{base.SyncXattrName: []byte(`"invalid sync data"`)}, nil, nil)
+	require.NoError(t, err)
+	response = rt.SendAdminRequest(http.MethodGet, "/{{.keyspace}}/_raw/"+t.Name()+"invalsyncdata", ``)
+	assert.Equal(t, http.StatusOK, response.Code)
 }
 
 func TestWebhookProperties(t *testing.T) {