Skip to content

Added logic for Url redaction #5743

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dyladan merged 17 commits into from
Jul 14, 2025
Merged

Added logic for Url redaction #5743

dyladan merged 17 commits into from
Jul 14, 2025

Conversation

@rads-1996
Copy link
Contributor

@rads-1996 rads-1996 commented Jun 4, 2025

Which problem is this PR solving?

Fixes # (5741)

Short description of the changes

This pull request provides an implementation for issue [#5741] which points to a specification which states that specific URL query string values should be redacted by default. This PR also aligns with the semantic conventions for HTTP spans which states that sensitive content provided in url.full SHOULD be scrubbed when instrumentations can identify it, in such case username and password SHOULD be redacted (https://github.com/open-telemetry/semantic-conventions/blob/main/docs/http/http-spans.md).

This implementation removes the values of query string parameters for the following keys by default:

- AWSAccessKeyId

- Signature

- sig

- X-Goog-Signature

Note: This is not an exhaustive list and is subject to change over time.

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

  • Unit tests have been added to validate the functionality for both auth credentials redaction and query string redaction.

Checklist:

  • Followed the style guidelines of this project
  • Unit tests have been added
  • Documentation has been updated

@rads-1996 rads-1996 requested a review from a team as a code owner June 4, 2025 23:49
@rads-1996 rads-1996 marked this pull request as draft June 4, 2025 23:51
cjihrig
cjihrig reviewed Jun 5, 2025
View reviewed changes
@rads-1996 rads-1996 force-pushed the rads-1996/redact-url branch from ecef4bf to 61b567c Compare June 5, 2025 23:52
@rads-1996 rads-1996 marked this pull request as ready for review June 5, 2025 23:53
@rads-1996 rads-1996 requested a review from cjihrig June 6, 2025 14:33
cjihrig
cjihrig reviewed Jun 6, 2025
View reviewed changes
@cjihrig
Copy link
Contributor

cjihrig commented Jun 6, 2025

Thanks for addressing my comments. I don't have anything else to add, but I can't sign off either.

@rads-1996
Copy link
Contributor Author

rads-1996 commented Jun 6, 2025

Thanks for addressing my comments. I don't have anything else to add, but I can't sign off either.

No problem. Thanks a lot for the comments, they were very helpful.

@rads-1996 rads-1996 force-pushed the rads-1996/redact-url branch from 61b567c to 226e7ba Compare June 10, 2025 19:54
@rads-1996 rads-1996 requested review from cjihrig and hectorhdzg June 10, 2025 20:06
hectorhdzg
hectorhdzg approved these changes Jun 10, 2025
View reviewed changes
Copy link
Member

@hectorhdzg hectorhdzg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rads-1996
Copy link
Contributor Author

rads-1996 commented Jun 11, 2025

The certificates have been regenerated through another PR. Once that gets merged, the tests should pass on this PR.

@codecov
Copy link

codecov bot commented Jun 13, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 95.01%. Comparing base (99dde77) to head (9144c04).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #5743   +/-   ##
=======================================
  Coverage   95.01%   95.01%           
=======================================
  Files         303      303           
  Lines        7946     7946           
  Branches     1607     1607           
=======================================
  Hits         7550     7550           
  Misses        396      396
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@rads-1996 rads-1996 force-pushed the rads-1996/redact-url branch from 82c5b65 to 7523d99 Compare June 16, 2025 15:46
@rads-1996 rads-1996 requested a review from hectorhdzg June 16, 2025 16:40
dyladan
dyladan requested changes Jun 18, 2025
View reviewed changes
Copy link
Member

@dyladan dyladan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like the behavior here is not configurable. Given that the spec is in development, I think we should allow for users to disable or modify this in some way if they don't want it. I suggest we provide a configuration like redactedQueryParams and have the default value be the list of keys here. This would allow the user to override the list with one of their own if they want to add or remove redacted fields.

@rads-1996
Copy link
Contributor Author

rads-1996 commented Jun 18, 2025
edited
Loading

It looks like the behavior here is not configurable. Given that the spec is in development, I think we should allow for users to disable or modify this in some way if they don't want it. I suggest we provide a configuration like redactedQueryParams and have the default value be the list of keys here. This would allow the user to override the list with one of their own if they want to add or remove redacted fields.

Makes sense. I will add this configuration.

@dyladan I have a question related to this configuration -
Do we only want to give the user capability to add more query strings if needed, along with the default strings provided in the specification. Or should we also provide the capability to -

  • Remove some of the default query strings
  • Overwrite the default values completely

@rads-1996 rads-1996 requested a review from dyladan June 19, 2025 14:08
@rads-1996 rads-1996 requested a review from pichlermarc June 24, 2025 22:12
@rads-1996 rads-1996 force-pushed the rads-1996/redact-url branch from 79d9587 to 6249303 Compare June 24, 2025 23:51
@rads-1996
Copy link
Contributor Author

rads-1996 commented Jun 24, 2025

@pichlermarc, @dyladan for now I have implemented the logic, which allows users to add values but the default set provided in the specification will always be redacted. Please take a look at the changes and advise if the logic needs to be revised or if we should proceed with this approach.

@dyladan
Copy link
Member

dyladan commented Jun 25, 2025

Please try to avoid changing history with rebase and force push. It prevents previous comments from being properly linked to the code in the PR

@rads-1996 rads-1996 force-pushed the rads-1996/redact-url branch from 3fef69b to 73171e5 Compare July 1, 2025 17:51
@rads-1996
Copy link
Contributor Author

rads-1996 commented Jul 1, 2025

@dyladan Apologies, I completely forgot about the comment for not rebasing. For this change, I did a rebase.

@rads-1996
Copy link
Contributor Author

rads-1996 commented Jul 1, 2025

I think the behavior of redactedQueryParams is potentially confusing

  • redactedQueryParams == undefined -> use default list (good)
  • redactedQueryParams == ['my-attr'] -> use list passed by user (good)
  • redactedQueryParams == [] -> use default list (confusing) - in this case I'd expect no params to be redacted, since the list of redacted params is empty

I think I would expect the empty list to have the effect of disabling redaction if I was the user. What do you think?

Yes, sounds good to me. I have added support for this configuration. Could you please take another look at it when you get a chance.

@rads-1996 rads-1996 requested a review from dyladan July 7, 2025 14:44
dyladan
dyladan reviewed Jul 8, 2025
View reviewed changes
Copy link
Member

@dyladan dyladan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is on the right path. Left some comments but overall it looks ok

@rads-1996 rads-1996 requested a review from dyladan July 9, 2025 00:44
@dyladan dyladan added this pull request to the merge queue Jul 14, 2025
Merged via the queue into open-telemetry:main with commit cb42f7d Jul 14, 2025
25 checks passed
@opentelemetrybot
Copy link
Contributor

opentelemetrybot commented Jul 14, 2025

Thank you for your contribution @rads-1996! 🎉 We would like to hear from you about your experience contributing to OpenTelemetry by taking a few minutes to fill out this survey.

@rads-1996 rads-1996 deleted the rads-1996/redact-url branch July 14, 2025 20:16
martinkuba pushed a commit to martinkuba/opentelemetry-js that referenced this pull request Jul 17, 2025
@rads-1996 @martinkuba
Added logic for Url redaction (open-telemetry#5743)
6971821
@rads-1996 rads-1996 mentioned this pull request Aug 4, 2025
Closed
This was referenced Sep 2, 2025
Merged
Merged
@trentm trentm mentioned this pull request Oct 29, 2025
Closed
@cjihrig cjihrig mentioned this pull request Oct 29, 2025
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dyladan dyladan dyladan approved these changes

@pichlermarc pichlermarc pichlermarc approved these changes

@cjihrig cjihrig Awaiting requested review from cjihrig

@hectorhdzg hectorhdzg Awaiting requested review from hectorhdzg

+1 more reviewer

@JacksonWeber JacksonWeber JacksonWeber left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@rads-1996 @cjihrig @dyladan @opentelemetrybot @pichlermarc @hectorhdzg @JacksonWeber