Add MASK_URL for url sanitization (#1850)

* Add MASK_URL for url sanitization

Python 3.11.4 added more strict URL checking when calling
`urllib.parse.urlparse`. This caused the url sanitization to fail
when the url contained brackets, as with `[REDACTED]` when redacting
passwords in URLs

* Fix two more tests

Author: basepi

elasticapm/conf/constants.py

@@ -76,6 +76,7 @@ def _starmatch_to_regex(pattern: str) -> Pattern:
 HTTP_WITH_BODY = {"POST", "PUT", "PATCH", "DELETE"}
 
 MASK = "[REDACTED]"
+MASK_URL = "REDACTED"
 
 EXCEPTION_CHAIN_MAX_DEPTH = 50
 

elasticapm/utils/__init__.py

@@ -132,7 +132,7 @@ def sanitize_url(url: str) -> str:
     if "@" not in url:
         return url
     parts = urllib.parse.urlparse(url)
-    return url.replace("%s:%s" % (parts.username, parts.password), "%s:%s" % (parts.username, constants.MASK))
+    return url.replace("%s:%s" % (parts.username, parts.password), "%s:%s" % (parts.username, constants.MASK_URL))
 
 
 def get_host_from_url(url: str) -> str:

tests/instrumentation/asyncio_tests/httpx_tests.py

@@ -149,7 +149,7 @@ async def test_url_sanitization(instrument, elasticapm_client, waiting_httpserve
     span = elasticapm_client.spans_for_transaction(transactions[0])[0]
 
     assert "pass" not in span["context"]["http"]["url"]
-    assert constants.MASK in span["context"]["http"]["url"]
+    assert constants.MASK_URL in span["context"]["http"]["url"]
 
 
 @pytest.mark.parametrize("status_code", [400, 500])

tests/instrumentation/httpx_tests.py

@@ -147,7 +147,7 @@ def test_url_sanitization(instrument, elasticapm_client, waiting_httpserver):
     span = elasticapm_client.spans_for_transaction(transactions[0])[0]
 
     assert "pass" not in span["context"]["http"]["url"]
-    assert constants.MASK in span["context"]["http"]["url"]
+    assert constants.MASK_URL in span["context"]["http"]["url"]
 
 
 @pytest.mark.parametrize("status_code", [400, 500])

tests/instrumentation/requests_tests.py

@@ -199,4 +199,4 @@ def test_url_sanitization(instrument, elasticapm_client, waiting_httpserver):
     span = elasticapm_client.spans_for_transaction(transactions[0])[0]
 
     assert "pass" not in span["context"]["http"]["url"]
-    assert constants.MASK in span["context"]["http"]["url"]
+    assert constants.MASK_URL in span["context"]["http"]["url"]

tests/instrumentation/urllib_tests.py

@@ -50,7 +50,6 @@ def test_urllib(instrument, elasticapm_client, waiting_httpserver):
     elasticapm_client.begin_transaction("transaction")
     expected_sig = "GET {0}".format(parsed_url.netloc)
     with capture_span("test_name", "test_type"):
-
         url = "http://{0}/hello_world".format(parsed_url.netloc)
         r = urlopen(url)
 
@@ -93,7 +92,6 @@ def test_urllib_error(instrument, elasticapm_client, waiting_httpserver, status_
     elasticapm_client.begin_transaction("transaction")
     expected_sig = "GET {0}".format(parsed_url.netloc)
     with capture_span("test_name", "test_type"):
-
         url = "http://{0}/hello_world".format(parsed_url.netloc)
         try:
             r = urlopen(url)
@@ -257,4 +255,4 @@ def test_url_sanitization(instrument, elasticapm_client, waiting_httpserver):
     span = elasticapm_client.spans_for_transaction(transactions[0])[0]
 
     assert "pass" not in span["context"]["http"]["url"]
-    assert constants.MASK in span["context"]["http"]["url"]
+    assert constants.MASK_URL in span["context"]["http"]["url"]

tests/utils/tests.py

@@ -204,12 +204,12 @@ def test_starmatch_to_regex(pattern, input, match):
 
 def test_url_sanitization():
     sanitized = sanitize_url("http://user:pass@localhost:123/foo?bar=baz#bazzinga")
-    assert sanitized == "http://user:%s@localhost:123/foo?bar=baz#bazzinga" % constants.MASK
+    assert sanitized == "http://user:%s@localhost:123/foo?bar=baz#bazzinga" % constants.MASK_URL
 
 
 def test_url_sanitization_urlencoded_password():
     sanitized = sanitize_url("http://user:%F0%9F%9A%B4@localhost:123/foo?bar=baz#bazzinga")
-    assert sanitized == "http://user:%s@localhost:123/foo?bar=baz#bazzinga" % constants.MASK
+    assert sanitized == "http://user:%s@localhost:123/foo?bar=baz#bazzinga" % constants.MASK_URL
 
 
 @pytest.mark.parametrize(