open-telemetry
/
opentelemetry-java-instrumentation
mirror of https://github.com/open-telemetry/opentelemetry-java-instrumentation.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Prevent http.url containing credentials in HttpClientTracer (#2707) 

* http.url must not contain credentials

* remove user info from url

* Update HttpClientTracerTest.groovy

fix inconsistency in protocol

* fix httpClient and httpServer

* Update HttpServerTracer.java

* Only scrub userinfo if present

Co-authored-by: Anuraag Agrawal <aanuraag@amazon.co.jp>
This commit is contained in:
Hangzhi 2021-05-07 14:31:26 +08:00 committed by GitHub
parent 9c7fae3b04
commit 60ee981d07
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
instrumentation-api/src/main/java/io/opentelemetry/instrumentation/api/tracer/HttpClientTracer.java
View File

@ -183,7 +183,21 @@ public abstract class HttpClientTracer<REQUEST, CARRIER, RESPONSE> extends BaseT
URI url = url(request); URI url = url(request);
if (url != null) { if (url != null) {
netPeerAttributes.setNetPeer(setter, url.getHost(), null, url.getPort()); netPeerAttributes.setNetPeer(setter, url.getHost(), null, url.getPort());
setter.setAttribute(SemanticAttributes.HTTP_URL, url.toString()); final URI sanitized;
if (url.getUserInfo() != null) {
sanitized =
new URI(
url.getScheme(),
null,
url.getHost(),
url.getPort(),
url.getPath(),
url.getQuery(),
url.getFragment());
} else {
sanitized = url;
}
setter.setAttribute(SemanticAttributes.HTTP_URL, sanitized.toString());
} }
} catch (Exception e) { } catch (Exception e) {
log.debug("Error tagging url", e); log.debug("Error tagging url", e);

1
instrumentation-api/src/test/groovy/io/opentelemetry/instrumentation/api/tracer/HttpClientTracerTest.groovy
View File

@ -101,6 +101,7 @@ class HttpClientTracerTest extends BaseTracerTest {
false | "https://host:0" | "https://host:0" | "" | null | "host" | null false | "https://host:0" | "https://host:0" | "" | null | "host" | null
false | "https://host/path" | "https://host/path" | "" | null | "host" | null false | "https://host/path" | "https://host/path" | "" | null | "host" | null
false | "http://host:99/path?query#fragment" | "http://host:99/path?query#fragment" | "" | null | "host" | 99 false | "http://host:99/path?query#fragment" | "http://host:99/path?query#fragment" | "" | null | "host" | 99
false | "https://usr:pswd@host/path" | "https://host/path" | "" | null | "host" | null
req = [url: url == null ? null : new URI(url)] req = [url: url == null ? null : new URI(url)]
} }