Redact query string values for http client spans

[jeanbisutti]

See https://github.com/open-telemetry/semantic-conventions/blob/main/docs/http/http-spans.md

[jeanbisutti]

This test was (probably inadvertly) removed in #9925.

The test is added again with new test cases.

[laurit]

semantic conventions define the same redactions for url.query in http server spans

[trask]

I think it's ok to scope this PR to http client spans since that's the primary issue in Java at least (update the title, the config option is already scoped to http clients)

[jeanbisutti]

semantic conventions define the same redactions for url.query in http server spans

I have created #13292

[laurit]

I think this method could still be static

[jeanbisutti]

An instance variable is used here:

opentelemetry-java-instrumentation/instrumentation-api/src/main/java/io/opentelemetry/instrumentation/api/semconv/http/HttpClientAttributesExtractor.java

Line 122 in bfe189b

if (redactQueryParameters) {

[laurit]

does not correctly work with https://service.com?AWSAccessKeyId=AKIAIOSFODNN7&a

[jeanbisutti]

In this case, the resulting string will be https://service.com?AWSAccessKeyId=AKIAIOSFODNN7&. The parsing is waiting for a = before adding new characters.

The parsing was developed with the asumption that the parameter values don't use a reserved character for the percent encoding: https://en.wikipedia.org/wiki/Percent-encoding

For the Signature parameter, the AWS documentation provides an example with the Signature value "URL-Encoded to make it suitable for placement in the query string. ": see Creating a signature part in https://docs.aws.amazon.com/AmazonS3/latest/API/RESTAuthentication.html No encoding is mentioned for AWSAccessKeyId. So, it may be safe to suppose that AWSAccessKeyId value does not contain &.

I have created open-telemetry/semantic-conventions#1916 to clarify. @trask @laurit Waiting for a clarification, is-it a blocker for this PR?

[laurit]

You have misunderstood this. query?some=query&a&b is request with 3 parameters some, a and b Have a look at https://url.spec.whatwg.org/#urlencoded-parsing Ideally the redaction process should should redact just the values for parameters like AWSAccessKeyId and leave rest of the url as it is, even if it includes sequences that are a bit weird like &a or &&&.

[jeanbisutti]

@laurit I was not aware of that. I have added a commit to manage several "weird" cases. cc @trask

[laurit]

I'd rename this variable since it also contains non redacted parameters

[laurit]

maybe move the comment to previous line to avoid weird wrapping?

[laurit]

maybe

  private static String redactQueryParameters(String url) {
    int questionMarkIndex = url.indexOf('?');
    if (questionMarkIndex == -1 || !containsParamToRedact(url)) {
      return url;
    }

    StringBuilder buffer = new StringBuilder();

    // To build a parameter name until we reach the '=' character
    // If the parameter name is a one to redact, we will redact the value
    StringBuilder currentParamName = new StringBuilder();

    for (int i = questionMarkIndex + 1; i < url.length(); i++) {
      char currentChar = url.charAt(i);

      if (currentChar == '=') {
        buffer.append('=');
        if (PARAMS_TO_REDACT.contains(currentParamName.toString())) {
          buffer.append("REDACTED");
          // skip over parameter value
          for (; i + 1 < url.length(); i++) {
            char c = url.charAt(i + 1);
            if (c == '&' || c == '#') {
              break;
            }
          }
        }
      } else if (currentChar == '&') { // New parameter delimiter
        buffer.append(currentChar);
        // To avoid creating a new StringBuilder for each new parameter
        currentParamName.setLength(0);
      } else if (currentChar == '#') { // Reference delimiter
        buffer.append(url.substring(i));
        break;
      } else {
        currentParamName.append(currentChar);
        buffer.append(currentChar);
      }
    }

    return url.substring(0, questionMarkIndex) + "?" + buffer;
  }

is easier to follow