Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent http.url containing credentials in HttpClientTracer #2707

Merged
merged 7 commits into from
May 7, 2021
Merged

Prevent http.url containing credentials in HttpClientTracer #2707

merged 7 commits into from
May 7, 2021

Conversation

Hangzhi
Copy link
Contributor

@Hangzhi Hangzhi commented Apr 3, 2021

Fixes this #2674

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Apr 3, 2021
edited
Loading

CLA Signed

The committers are authorized under a signed CLA.

@Hangzhi Hangzhi requested a review from anuraaga April 6, 2021 07:32
@Hangzhi
Update HttpClientTracerTest.groovy
56736f8 
fix inconsistency in protocol
mateuszrzeszutek
mateuszrzeszutek reviewed Apr 6, 2021
View reviewed changes
Copy link
Member

@mateuszrzeszutek mateuszrzeszutek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We also have a few more usages of this attribute: HttpAttributesExtractor from the instrumenter API (should #url() return URI? I think it should), the HttpServerTracer, apache-camel and aws-lambda instrumentations.

Can you fix all of them? Thanks!

...entation-api/src/main/java/io/opentelemetry/instrumentation/api/tracer/HttpClientTracer.java Outdated Show resolved Hide resolved
trask
trask reviewed Apr 20, 2021
View reviewed changes
...entation-api/src/main/java/io/opentelemetry/instrumentation/api/tracer/HttpClientTracer.java Outdated
Comment on lines 186 to 196
setter.setAttribute(
SemanticAttributes.HTTP_URL,
new URI(
url.getScheme(),
null,
url.getHost(),
url.getPort(),
url.getPath(),
url.getQuery(),
url.getFragment())
.toString());
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hi @Hangzhi! I think it would be a worthwhile optimization here to only create a new URI object when the existing URI has user-info

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Hangzhi, are you willing to address this comment?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the help @Hangzhi I've gone ahead and applied this suggestion to the PR

@Hangzhi Hangzhi requested a review from laurit as a code owner May 7, 2021 03:41
@anuraaga anuraaga changed the title Prevent http.url containing credentials Prevent http.url containing credentials in HttpClientTracer May 7, 2021
@trask trask merged commit 60ee981 into open-telemetry:main May 7, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@trask trask trask left review comments

@mateuszrzeszutek mateuszrzeszutek mateuszrzeszutek left review comments

@anuraaga anuraaga anuraaga approved these changes

@iNikem iNikem iNikem approved these changes

@jkwatson jkwatson Awaiting requested review from jkwatson

@pavolloffay pavolloffay Awaiting requested review from pavolloffay

@tylerbenson tylerbenson Awaiting requested review from tylerbenson

@laurit laurit Awaiting requested review from laurit

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Hangzhi @anuraaga @trask @iNikem @mateuszrzeszutek