Merged
Conversation
added 9 commits
June 7, 2021 12:53
Restored aiohttp test due to overwritten test Readded aiohttp url credential test Addressed yarl not found in tornado client in some tests
Readded removed dependency Added dependency for docker test Fixed linting errors Placed yarl dependency and moved common function into utils
Rearranged location of required install Fixed dependency location and linting
resolve pylint Fixed linting and changed return type to str
ocelotl
suggested changes
Jun 8, 2021
ocelotl
approved these changes
Jun 9, 2021
opentelemetry-instrumentation/src/opentelemetry/instrumentation/utils.py
Outdated
Show resolved
Hide resolved
lzchen
reviewed
Jun 9, 2021
| func = getattr(obj, attr, None) | ||
| if func and isinstance(func, ObjectProxy) and hasattr(func, "__wrapped__"): | ||
| setattr(obj, attr, func.__wrapped__) | ||
|
|
Contributor
Author
There was a problem hiding this comment.
Only thought I had was that it is most similar to the other utility function http_status_to_status_code in the same file and the library you linked is only used by web server instrumentations. However, it might make more logical sense to separate it from the opentelemetry-instrumentation itself. What would you suggest? @lzchen
Contributor
There was a problem hiding this comment.
I believe the library would be used for all http related instrumentations, it just so happens the logic contained is only used in server instrumentations.
Contributor
Author
There was a problem hiding this comment.
Sounds good 👍 Just updated with the last remaining suggestions.
lzchen
approved these changes
Jun 10, 2021
Contributor
|
@ryokather |
Contributor
Author
|
Should be done! |
5 tasks
9 tasks
12 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR fixes issue #367 in which a new specification was established such that http.url, a span attribute, must not contain username or password information for security purposes. This would ensure that URLs passed in the form of
https://username:password@www.example.com/would result in a http span attribute value ofhttps://www.example.com/.This issue was fixed by implementing an additional util function in
util/open-telemetry-httpcalledremove_url_credentials(url: str) -> str. This function utilizes theurllib.parsemodule to cleanly strip a username and password from a given url if present. This fix was applied to the following instrumentations: aiohttp-client, asgi, requests, tornado, urllib, and wsgi. Note that the current implementation of the urllib3 instrumentation would not process the username and password of a url so this logic was not needed.Type of change
How Has This Been Tested?
An additional test called
test_credential_removalwas provided in every instrumentation that sets theHTTP_URLattribute. This includes the instrumentations aiohttp-client, asgi, requests, tornado, urllib, urllib3, and wsgi. Tests were run using tox.Does This PR Require a Core Repo Change?
Checklist:
See contributing.md for styleguide, changelog guidelines, and more.