Prevent http.url containing credentials in HttpClientTracer (#2707)
* http.url must not contain credentials * remove user info from url * Update HttpClientTracerTest.groovy fix inconsistency in protocol * fix httpClient and httpServer * Update HttpServerTracer.java * Only scrub userinfo if present Co-authored-by: Anuraag Agrawal <aanuraag@amazon.co.jp>
This commit is contained in:
Hangzhi
GitHub
parent
9c7fae3b04
commit
60ee981d07
|
|
@ -183,7 +183,21 @@ public abstract class HttpClientTracer<REQUEST, CARRIER, RESPONSE> extends BaseT
|
|||
URI url = url(request);
|
||||
if (url != null) {
|
||||
netPeerAttributes.setNetPeer(setter, url.getHost(), null, url.getPort());
|
||||
setter.setAttribute(SemanticAttributes.HTTP_URL, url.toString());
|
||||
final URI sanitized;
|
||||
if (url.getUserInfo() != null) {
|
||||
sanitized =
|
||||
new URI(
|
||||
url.getScheme(),
|
||||
null,
|
||||
url.getHost(),
|
||||
url.getPort(),
|
||||
url.getPath(),
|
||||
url.getQuery(),
|
||||
url.getFragment());
|
||||
} else {
|
||||
sanitized = url;
|
||||
}
|
||||
setter.setAttribute(SemanticAttributes.HTTP_URL, sanitized.toString());
|
||||
}
|
||||
} catch (Exception e) {
|
||||
log.debug("Error tagging url", e);
|
||||
|
|
|
|||
|
|
@ -101,6 +101,7 @@ class HttpClientTracerTest extends BaseTracerTest {
|
|||
false | "https://host:0" | "https://host:0" | "" | null | "host" | null
|
||||
false | "https://host/path" | "https://host/path" | "" | null | "host" | null
|
||||
false | "http://host:99/path?query#fragment" | "http://host:99/path?query#fragment" | "" | null | "host" | 99
|
||||
false | "https://usr:pswd@host/path" | "https://host/path" | "" | null | "host" | null
|
||||
|
||||
req = [url: url == null ? null : new URI(url)]
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue