[Sampler.AWS] Limit the max size read for response body getting the sampling rules to 1MB.

[normj]

Fixes #

Changes

Makes the code reading X-Ray sampling rules more defensive reading the response back from the sampling endpoint. Limits the max read for sampling rules to 1 MB. Well beyond what sampling rules max should be as long as the code is receiving valid sampling rules.

Merge requirement checklist

• CONTRIBUTING guidelines followed (license requirements, nullable enabled, static analysis, etc.)
• Unit tests added/updated
• Appropriate CHANGELOG.md files updated for non-trivial changes
• [ ] Changes in public API reviewed (if applicable)

[codecov]

Codecov Report

❌ Patch coverage is 87.75510% with 6 lines in your changes missing coverage. Please review.
✅ Project coverage is 72.96%. Comparing base (4785a16) to head (9380846).
⚠️ Report is 4 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
src/OpenTelemetry.Sampler.AWS/LimitedStream.cs	86.36%	6 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4100      +/-   ##
==========================================
+ Coverage   72.93%   72.96%   +0.03%     
==========================================
  Files         452      453       +1     
  Lines       17844    17890      +46     
==========================================
+ Hits        13014    13054      +40     
- Misses       4830     4836       +6     

Flag	Coverage Δ
unittests-Sampler.AWS	93.72% <87.75%> (-0.56%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
.../OpenTelemetry.Sampler.AWS/AWSXRaySamplerClient.cs	97.26% <100.00%> (+0.07%)	⬆️
src/OpenTelemetry.Sampler.AWS/LimitedStream.cs	86.36% <86.36%> (ø)

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

Adds a defensive cap (1MB) when reading AWS X-Ray sampling rules/targets responses to reduce risk from unexpectedly large/untrusted HTTP payloads.

Changes:

• Introduce LimitedStream stream wrapper enforcing a maximum number of bytes read.
• Update AWSXRaySamplerClient.DoRequestAsync to read via stream + LimitedStream instead of ReadAsStringAsync.
• Add unit tests for LimitedStream and update package changelog.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.

File	Description
src/OpenTelemetry.Sampler.AWS/AWSXRaySamplerClient.cs	Switch response reading to a streamed approach with a 1MB cap.
src/OpenTelemetry.Sampler.AWS/LimitedStream.cs	New stream wrapper enforcing a max-bytes-read limit.
test/OpenTelemetry.Sampler.AWS.Tests/TestLimitedStreamReader.cs	New tests validating LimitedStream behavior.
src/OpenTelemetry.Sampler.AWS/CHANGELOG.md	Document the new 1MB response-size limit behavior.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.