Skip to content

Ensure the correct messages are sent to the database client

Description

The client_min_messages setting specifies the message levels that are sent to the database client (not the logs). The default value of this parameter is ‘NOTICE’, which is generally accepted as the best practice for this setting.

The rest of valid values are: - DEBUG5 - DEBUG4 - DEBUG3 - DEBUG2 - DEBUG1 - LOG - NOTICE - WARNING - ERROR - FATAL - PANIC

Each level includes all the levels that follow it.

NOTE: LOG has a different rank here than in log_min_messages

Rationale

Use 'NOTICE' as a default value. Using more verbose levels might reveal sensitive information to the users, whereas less verbose values might hide valuable information.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine postgres

Default Rule

const { checkServerSetting, checkRdsVersion, OK_SKIP_VERSION } = module

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the client_min_messages log level is set correctly
 */

function validate(databaseSettings, parameters = { client_min_messages : 'notice' }) {
    const supportedVersions = ['9.5']
    const supported = checkRdsVersion(databaseSettings, supportedVersions)
    if(!supported) {
        return OK_SKIP_VERSION
    }
    const settingName = 'client_min_messages'
    const expectedValue = parameters.client_min_messages
    const success = checkServerSetting(databaseSettings, settingName, expectedValue)
    return {
        success,
    }
}

// invoke
// TODO: add parameters
validate(databaseSettings);