[SqlClient] Skip N from unicode strings when sanitizing queries

[martincostello]

Resolves #3659.

Changes

Skip leading N in values of the form N'foo' to avoid sanitized queries containing N? values.

Merge requirement checklist

• CONTRIBUTING guidelines followed (license requirements, nullable enabled, static analysis, etc.)
• Unit tests added/updated
• Appropriate CHANGELOG.md files updated for non-trivial changes
• Changes in public API reviewed (if applicable)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.62%. Comparing base (b8afc38) to head (d6d0e17).
⚠️ Report is 2 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3662      +/-   ##
==========================================
+ Coverage   71.55%   71.62%   +0.06%     
==========================================
  Files         455      455              
  Lines       17639    17642       +3     
==========================================
+ Hits        12622    12636      +14     
+ Misses       5017     5006      -11     

Flag	Coverage Δ
unittests-Contrib.Shared.Tests	89.05% <100.00%> (+0.04%)	⬆️
unittests-Exporter.Geneva	53.97% <ø> (+0.32%)	⬆️
unittests-Exporter.InfluxDB	95.14% <ø> (ø)
unittests-Exporter.Instana	74.86% <ø> (ø)
unittests-Exporter.OneCollector	94.62% <ø> (ø)
unittests-Extensions	90.65% <ø> (ø)
unittests-Extensions.Enrichment	100.00% <ø> (ø)
unittests-Extensions.Enrichment.AspNetCore	86.27% <ø> (ø)
unittests-Extensions.Enrichment.Http	94.33% <ø> (ø)
unittests-Instrumentation.AWS	83.42% <ø> (ø)
unittests-Instrumentation.AspNet	77.92% <ø> (-0.23%)	⬇️
unittests-Instrumentation.AspNetCore	71.69% <ø> (ø)
unittests-Instrumentation.Cassandra	23.52% <ø> (ø)
unittests-Instrumentation.ConfluentKafka	14.10% <ø> (ø)
unittests-Instrumentation.ElasticsearchClient	80.12% <ø> (ø)
unittests-Instrumentation.EntityFrameworkCore	80.80% <ø> (ø)
unittests-Instrumentation.EventCounters	77.27% <ø> (ø)
unittests-Instrumentation.GrpcCore	91.42% <ø> (ø)
unittests-Instrumentation.GrpcNetClient	79.61% <ø> (ø)
unittests-Instrumentation.Hangfire	86.05% <ø> (ø)
unittests-Instrumentation.Http	74.22% <ø> (ø)
unittests-Instrumentation.Owin	88.62% <ø> (ø)
unittests-Instrumentation.Process	100.00% <ø> (ø)
unittests-Instrumentation.Quartz	78.76% <ø> (ø)
unittests-Instrumentation.Runtime	100.00% <ø> (ø)
unittests-Instrumentation.ServiceFabricRemoting	34.54% <ø> (ø)
unittests-Instrumentation.SqlClient	87.19% <ø> (ø)
unittests-Instrumentation.StackExchangeRedis	71.80% <ø> (ø)
unittests-Instrumentation.Wcf	79.57% <ø> (ø)
unittests-OpAmp.Client	80.16% <ø> (ø)
unittests-PersistentStorage	76.58% <ø> (-1.68%)	⬇️
unittests-Resources.AWS	74.42% <ø> (ø)
unittests-Resources.Azure	85.31% <ø> (ø)
unittests-Resources.Container	67.34% <ø> (ø)
unittests-Resources.Gcp	71.42% <ø> (ø)
unittests-Resources.Host	71.85% <ø> (ø)
unittests-Resources.OperatingSystem	76.98% <ø> (ø)
unittests-Resources.Process	100.00% <ø> (ø)
unittests-Resources.ProcessRuntime	79.59% <ø> (ø)
unittests-Sampler.AWS	94.30% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
src/Shared/SqlProcessor.cs	99.15% <100.00%> (+<0.01%)	⬆️

... and 4 files with indirect coverage changes

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

This pull request fixes SQL query sanitization to properly handle Unicode string literals in T-SQL. Previously, when sanitizing queries containing Unicode strings of the form N'text', the leading N prefix was retained, resulting in N? instead of ?. This change ensures the Unicode prefix is removed during sanitization.

Key Changes:

• Added detection logic to identify Unicode string literals (prefixed with N)
• Implemented buffer position adjustment to remove the Unicode prefix when sanitizing
• Updated test case expectations to reflect correct sanitization behavior without the N prefix

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
src/Shared/SqlProcessor.cs	Added Unicode prefix detection and buffer position adjustment in string literal sanitization logic
test/OpenTelemetry.Contrib.Shared.Tests/SqlProcessorAdditionalTestCases.json	Updated existing test case expectation and added new test case for Unicode string literals
src/OpenTelemetry.Instrumentation.SqlClient/CHANGELOG.md	Documented the Unicode string literal sanitization improvement
src/OpenTelemetry.Instrumentation.EntityFrameworkCore/CHANGELOG.md	Documented the Unicode string literal sanitization improvement

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.