Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OTLP exporters should not percent decode the key when parsing HEADERS env vars #5623

Open
pellared opened this issue Jul 16, 2024 · 3 comments
Open

OTLP exporters should not percent decode the key when parsing HEADERS env vars #5623

pellared opened this issue Jul 16, 2024 · 3 comments
Assignees
@zhihali
Labels
bug Something isn't working contribfest Issue good for KubeCon contribfest good first issue Good for newcomers help wanted Extra attention is needed pkg:exporter:otlp Related to the OTLP exporter package

Comments

@pellared
Copy link
Member

The OTLP exporters SHOULD NOT percent decode the header keys when parsing OTEL_EXPORTER_OTLP_HEADERS, OTEL_EXPORTER_OTLP_TRACES_HEADERS, OTEL_EXPORTER_OTLP_METRICS_HEADERS, OTEL_EXPORTER_OTLP_LOGS_HEADERS env vars. Moreover, only valid header keys should be parsed.

Current behavior:

opentelemetry-go/exporters/otlp/otlptrace/otlptracegrpc/internal/envconfig/envconfig.go

Lines 166 to 170 in 29bdfd2

name, err := url.PathUnescape(n)
if err != nil {
global.Error(err, "escape header key", "key", n)
continue
}

The specification says https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md#specifying-headers-via-environment-variables:

The OTEL_EXPORTER_OTLP_HEADERS, OTEL_EXPORTER_OTLP_TRACES_HEADERS, OTEL_EXPORTER_OTLP_METRICS_HEADERS, OTEL_EXPORTER_OTLP_LOGS_HEADERS environment variables will contain a list of key value pairs, and these are expected to be represented in a format matching to the W3C Baggage, except that additional semi-colon delimited metadata is not supported, i.e.: key1=value1,key2=value2. All attribute values MUST be considered strings.

From W3C Baggage spec https://www.w3.org/TR/baggage/#key:

A token which identifies a value in the baggage. token is defined in RFC7230, Section 3.2.6. Leading and trailing whitespaces (OWS) are allowed and are not considered to be a part of the key.

NOTE
Though the baggage header is a [UTF-8] encoded [UNICODE] string, key is limited to the ASCII code points allowed by the definition of token in [RFC7230]. This is due to the implementation details of stable implementations prior to the writing of this specification.

There is nothing about percent encoding. Only the values are supposed to be percent decoded.

Notice that the implementation should also make sure that only valid key characters are used.
@pellared pellared added bug Something isn't working pkg:exporter:otlp Related to the OTLP exporter package labels Jul 16, 2024
@github-project-automation github-project-automation bot moved this to Needs triage in Go: Triage Jul 16, 2024
@pellared pellared changed the title OTLP exporters should not percent decode the key when parsing header env vars OTLP exporters should not percent decode the key when parsing HEADERS env vars Jul 16, 2024
@pellared pellared moved this from Needs triage to Low priority in Go: Triage Jul 31, 2024
@pellared pellared added help wanted Extra attention is needed good first issue Good for newcomers labels Jul 31, 2024
@zhihali
Copy link
Contributor

zhihali commented Aug 10, 2024

I will open a PR for it...

This was referenced Aug 11, 2024
Closed
Merged
@zhihali zhihali mentioned this issue Aug 20, 2024
Closed
@zhihali
Copy link
Contributor

zhihali commented Aug 20, 2024

the OTLPlog should be updated as well, I have raised an issue related #5722, and will implement a fix soon

MrAlias added a commit that referenced this issue Aug 21, 2024
@zhihali @dmathieu
@pellared @hanyuancheung @MrAlias
Bugfix: OTLP exporters should not percent decode the key when parsing…
83ae9bd 
… HEADERS env vars (#5705)

Bugfix #5623

As stated in the issue, we need to avoid parsing the key and instead
implement a validation check for it. I've added some unit tests to
verify this fix.

However, I noticed a comment at the top of this file:
```
// Code created by gotmpl. DO NOT MODIFY.
// source: internal/shared/otlp/envconfig/envconfig.go.tmpl
```
It seems that `internal/shared/otlp/envconfig/envconfig.go.tmpl` is the
source template for this file. Since this template matches
`exporters/otlp/otlptrace/otlptracegrpc/internal/envconfig/envconfig.go`,
I updated the template to maintain consistency. I’m not entirely sure if
this approach is correct, so please confirm if this is the right course
of action.

---------

Co-authored-by: Fools <[email protected]>
Co-authored-by: Damien Mathieu <[email protected]>
Co-authored-by: Robert Pająk <[email protected]>
Co-authored-by: Chester Cheung <[email protected]>
Co-authored-by: Tyler Yahn <[email protected]>
@pellared
Copy link
Member Author

pellared commented Sep 5, 2024
edited
Loading

@zhihali, this is for all OTLP exporters. I see that OTLP trace and metric exporters are already fixed. Therefore, only OTLP log exporters need bugfixes.

@zhihali zhihali mentioned this issue Sep 6, 2024
Draft
@MrAlias MrAlias added the contribfest Issue good for KubeCon contribfest label Nov 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zhihali zhihali

Labels
bug Something isn't working contribfest Issue good for KubeCon contribfest good first issue Good for newcomers help wanted Extra attention is needed pkg:exporter:otlp Related to the OTLP exporter package
Projects
Go: Triage
Status: Low priority
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bug 5623 zhihali/opentelemetry-go
3 participants
@pellared @MrAlias @zhihali