Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: sanitize attributes inputs #2881

Merged
merged 5 commits into from
Apr 13, 2022
Merged

Conversation

legendecas
Copy link
Member

Which problem is this PR solving?

Fixes #2713

Short description of the changes

  • Sanitize all attributes inputs, including Link in Span constructor, and Event in Span.addEvent.

Type of change

  • Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

  • Tracer.startSpan with invliad Link attributes.
  • Span.addEvent with invalid attributes.

Checklist:

  • Followed the style guidelines of this project
  • Unit tests have been added
  • Documentation has been updated

@legendecas legendecas requested a review from a team April 4, 2022 08:51
@codecov
Copy link

codecov bot commented Apr 4, 2022

Codecov Report

Merging #2881 (bb24d38) into main (14bd6f9) will decrease coverage by 0.02%.
The diff coverage is 94.44%.

@@            Coverage Diff             @@
##             main    #2881      +/-   ##
==========================================
- Coverage   93.33%   93.30%   -0.03%     
==========================================
  Files         165      165              
  Lines        5594     5605      +11     
  Branches     1176     1178       +2     
==========================================
+ Hits         5221     5230       +9     
- Misses        373      375       +2     
Impacted Files Coverage Δ
...metry-core/src/trace/sampler/ParentBasedSampler.ts 83.87% <ø> (ø)
...ges/opentelemetry-exporter-zipkin/src/transform.ts 100.00% <ø> (ø)
packages/opentelemetry-resources/src/Resource.ts 100.00% <ø> (ø)
...ckages/opentelemetry-core/src/common/attributes.ts 93.33% <88.23%> (-3.97%) ⬇️
packages/opentelemetry-sdk-trace-base/src/Span.ts 99.18% <100.00%> (+<0.01%) ⬆️
...ackages/opentelemetry-sdk-trace-base/src/Tracer.ts 98.43% <100.00%> (+0.05%) ⬆️
...ackages/opentelemetry-shim-opentracing/src/shim.ts 94.25% <100.00%> (ø)

CHANGELOG.md Outdated
@@ -10,6 +10,8 @@ All notable changes to this project will be documented in this file.

### :bug: (Bug Fix)

* [#2881](https://github.com/open-telemetry/opentelemetry-js/pull/2881) fix: sanitize attributes inputs ([@legendecas](https://githuc.com/legendecas))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

githuc :)

Suggested change
* [#2881](https://github.com/open-telemetry/opentelemetry-js/pull/2881) fix: sanitize attributes inputs ([@legendecas](https://githuc.com/legendecas))
* [#2881](https://github.com/open-telemetry/opentelemetry-js/pull/2881) fix: sanitize attributes inputs ([@legendecas](https://github.com/legendecas))

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we should consider a less elaborate changelog format?

This might be good enough? Maybe name/handle is even optional?

* Change explanation here #000 @dyladan 

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd agree the current form is kinda verbose :) I'd be happy to shorten the entries.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dyladan updated :)

@morigs
Copy link
Contributor

morigs commented Apr 4, 2022

As far as I understand, the invalid attributes will be dropped silently. Perhaps this should be documented somewhere, because this can cause a lot of confusion imo. Or perhaps it's possible to log an attribute's dropping event?

@legendecas
Copy link
Member Author

legendecas commented Apr 4, 2022

As far as I understand, the invalid attributes will be dropped silently. Perhaps this should be documented somewhere, because this can cause a lot of confusion imo. Or perhaps it's possible to log an attribute's dropping event?

We're already dropping invalid attributes at Tracer.startSpan already: https://github.com/open-telemetry/opentelemetry-js/blob/main/packages/opentelemetry-sdk-trace-base/src/Tracer.ts#L96. However, when setting attributes with Span.setAttribute or Span.setAttributes, the dropped attribute is been logged: https://github.com/open-telemetry/opentelemetry-js/blob/main/packages/opentelemetry-sdk-trace-base/src/Span.ts#L99.

I'm fine with adding more diagnostics.

@morigs
Copy link
Contributor

morigs commented Apr 4, 2022

Yeah, this is exactly what I mean. IMO it's a good idea)

}
}

return out;
}

export function isAttributeValue(val: unknown): val is SpanAttributeValue {
export function isAttributeKey(key: unknown): key is string {
return typeof key === 'string' && key.length > 0;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor perf and minification improvements by reordering
return key && typeof === 'string';

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't find there is any big perf difference between the two flavors: https://jsbench.me/30l1ntj53a/1

TBO, I think checking the length is more explicit and easier to read.

Copy link
Member

@vmarchaud vmarchaud left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

apart from nit lgtm

packages/opentelemetry-core/src/common/attributes.ts Outdated Show resolved Hide resolved
@vmarchaud vmarchaud requested review from MSNev and dyladan April 11, 2022 12:24
Copy link
Member

@dyladan dyladan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry I thought I already approved this. LGTM

@vmarchaud vmarchaud merged commit 83355af into open-telemetry:main Apr 13, 2022
@legendecas legendecas deleted the attributes branch April 13, 2022 14:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
6 participants