fix(detectors): Filter auto.db.otel. origin for sql injection detector (#97800)

Author: roggenkemper

fixtures/events/performance_problems/sql-injection/sql-injection-event-body.json

@@ -141,7 +141,6 @@
       "trace_id": "375a86eca09a4a4e91903838dd771f50",
       "status": "ok",
       "description": "SELECT * FROM users WHERE username = 'hello'",
-      "origin": "auto.db.otel.mysql2",
       "sentry_tags": {
         "description": "SELECT * FROM users WHERE username = %s"
       },
@@ -154,8 +153,7 @@
         "net.peer.name": "localhost",
         "net.peer.port": 3306,
         "otel.kind": "CLIENT",
-        "sentry.op": "db",
-        "sentry.origin": "auto.db.otel.mysql2"
+        "sentry.op": "db"
       },
       "hash": "45330ba0cafa5997"
     }

fixtures/events/performance_problems/sql-injection/sql-injection-event-gorm.json

@@ -144,7 +144,6 @@
       "trace_id": "375a86eca09a4a4e91903838dd771f50",
       "status": "ok",
       "description": "SELECT * FROM \"user\" WHERE username = 'bob' AND \"user\".\"deleted_at\" IS NULL ORDER BY \"user\".\"id\" LIMIT 1",
-      "origin": "auto.db.otel.mysql2",
       "sentry_tags": {
         "description": "SELECT * FROM \"user\" WHERE username = 'bob' AND \"user\".\"deleted_at\" IS NULL ORDER BY \"user\".\"id\" LIMIT 1"
       },
@@ -157,8 +156,7 @@
         "net.peer.name": "localhost",
         "net.peer.port": 3306,
         "otel.kind": "CLIENT",
-        "sentry.op": "db",
-        "sentry.origin": "auto.db.otel.mysql2"
+        "sentry.op": "db"
       },
       "hash": "45330ba0cafa5997"
     }

fixtures/events/performance_problems/sql-injection/sql-injection-event-invalid-package.json

@@ -147,7 +147,6 @@
       "trace_id": "375a86eca09a4a4e91903838dd771f50",
       "status": "ok",
       "description": "SELECT * FROM users WHERE username = 'hello' ORDER BY username ASC",
-      "origin": "auto.db.otel.mysql2",
       "data": {
         "db.system": "mysql",
         "db.connection_string": "jdbc:mysql://localhost:3306/injection_test",
@@ -157,8 +156,7 @@
         "net.peer.name": "localhost",
         "net.peer.port": 3306,
         "otel.kind": "CLIENT",
-        "sentry.op": "db",
-        "sentry.origin": "auto.db.otel.mysql2"
+        "sentry.op": "db"
       },
       "hash": "45330ba0cafa5997"
     }

fixtures/events/performance_problems/sql-injection/sql-injection-event-nestjs-mikroorm.json

@@ -36,7 +36,6 @@
       "trace_id": "375a86eca09a4a4e91903838dd771f50",
       "status": "ok",
       "description": "SELECT * FROM \"user\" WHERE username = 'bob' AND \"user\".\"deleted_at\" IS NULL ORDER BY \"user\".\"id\" LIMIT 1",
-      "origin": "auto.db.otel.mysql2",
       "sentry_tags": {
         "description": "SELECT * FROM \"user\" WHERE username = 'bob' AND \"user\".\"deleted_at\" IS NULL ORDER BY \"user\".\"id\" LIMIT 1"
       },
@@ -49,8 +48,7 @@
         "net.peer.name": "localhost",
         "net.peer.port": 3306,
         "otel.kind": "CLIENT",
-        "sentry.op": "db",
-        "sentry.origin": "auto.db.otel.mysql2"
+        "sentry.op": "db"
       },
       "hash": "45330ba0cafa5997"
     }

fixtures/events/performance_problems/sql-injection/sql-injection-event-nestjs-typeorm.json

@@ -36,7 +36,6 @@
       "trace_id": "375a86eca09a4a4e91903838dd771f50",
       "status": "ok",
       "description": "SELECT * FROM \"user\" WHERE username = 'bob' AND \"user\".\"deleted_at\" IS NULL ORDER BY \"user\".\"id\" LIMIT 1",
-      "origin": "auto.db.otel.mysql2",
       "sentry_tags": {
         "description": "SELECT * FROM \"user\" WHERE username = 'bob' AND \"user\".\"deleted_at\" IS NULL ORDER BY \"user\".\"id\" LIMIT 1"
       },
@@ -49,8 +48,7 @@
         "net.peer.name": "localhost",
         "net.peer.port": 3306,
         "otel.kind": "CLIENT",
-        "sentry.op": "db",
-        "sentry.origin": "auto.db.otel.mysql2"
+        "sentry.op": "db"
       },
       "hash": "45330ba0cafa5997"
     }

fixtures/events/performance_problems/sql-injection/sql-injection-event-non-vulnerable.json

@@ -139,7 +139,6 @@
       "trace_id": "375a86eca09a4a4e91903838dd771f50",
       "status": "ok",
       "description": "SELECT * FROM users WHERE username = ?",
-      "origin": "auto.db.otel.mysql2",
       "data": {
         "db.system": "mysql",
         "db.connection_string": "jdbc:mysql://localhost:3306/injection_test",
@@ -149,8 +148,7 @@
         "net.peer.name": "localhost",
         "net.peer.port": 3306,
         "otel.kind": "CLIENT",
-        "sentry.op": "db",
-        "sentry.origin": "auto.db.otel.mysql2"
+        "sentry.op": "db"
       },
       "hash": "45330ba0cafa5997"
     }

fixtures/events/performance_problems/sql-injection/sql-injection-event-otel.json

@@ -0,0 +1,163 @@
+{
+  "event_id": "5d6401994d7949d2ac3474f472564370",
+  "platform": "node",
+  "message": "",
+  "datetime": "2025-05-12T22:42:38.642986+00:00",
+  "breakdowns": {
+    "span_ops": {
+      "ops.db": {
+        "value": 65.715075,
+        "unit": "millisecond"
+      },
+      "total.time": {
+        "value": 67.105293,
+        "unit": "millisecond"
+      }
+    }
+  },
+  "request": {
+    "url": "http://localhost:3001/vulnerable-login",
+    "method": "POST",
+    "data": {
+      "username": "hello"
+    }
+  },
+  "spans": [
+    {
+      "timestamp": 1747089758.567536,
+      "start_timestamp": 1747089758.567,
+      "exclusive_time": 0.536203,
+      "op": "middleware.express",
+      "span_id": "4a06692f4abc8dbe",
+      "parent_span_id": "91fa92ff0205967d",
+      "trace_id": "375a86eca09a4a4e91903838dd771f50",
+      "status": "ok",
+      "description": "corsMiddleware",
+      "origin": "auto.http.otel.express",
+      "data": {
+        "express.name": "corsMiddleware",
+        "express.type": "middleware",
+        "sentry.op": "middleware.express",
+        "sentry.origin": "auto.http.otel.express"
+      },
+      "sentry_tags": {
+        "user": "ip:::1",
+        "user.ip": "::1",
+        "environment": "production",
+        "transaction": "GET /vulnerable-login",
+        "transaction.method": "GET",
+        "transaction.op": "http.server",
+        "browser.name": "Chrome",
+        "sdk.name": "sentry.javascript.node",
+        "sdk.version": "9.17.0",
+        "platform": "node",
+        "os.name": "macOS",
+        "category": "middleware",
+        "op": "middleware.express",
+        "status": "ok",
+        "trace.status": "ok"
+      },
+      "hash": "e6088cf8b370ed60"
+    },
+    {
+      "timestamp": 1747089758.568761,
+      "start_timestamp": 1747089758.568,
+      "exclusive_time": 0.761032,
+      "op": "middleware.express",
+      "span_id": "92553d2584d250b8",
+      "parent_span_id": "91fa92ff0205967d",
+      "trace_id": "375a86eca09a4a4e91903838dd771f50",
+      "status": "ok",
+      "description": "jsonParser",
+      "origin": "auto.http.otel.express",
+      "data": {
+        "express.name": "jsonParser",
+        "express.type": "middleware",
+        "sentry.op": "middleware.express",
+        "sentry.origin": "auto.http.otel.express"
+      },
+      "sentry_tags": {
+        "user": "ip:::1",
+        "user.ip": "::1",
+        "environment": "production",
+        "transaction": "GET /vulnerable-login",
+        "transaction.method": "GET",
+        "transaction.op": "http.server",
+        "browser.name": "Chrome",
+        "sdk.name": "sentry.javascript.node",
+        "sdk.version": "9.17.0",
+        "platform": "node",
+        "os.name": "macOS",
+        "category": "middleware",
+        "op": "middleware.express",
+        "status": "ok",
+        "trace.status": "ok"
+      },
+      "hash": "c81e963dad9ebc6c"
+    },
+    {
+      "timestamp": 1747089758.569093,
+      "start_timestamp": 1747089758.569,
+      "exclusive_time": 0.092983,
+      "op": "request_handler.express",
+      "span_id": "435146ab0909419d",
+      "parent_span_id": "91fa92ff0205967d",
+      "trace_id": "375a86eca09a4a4e91903838dd771f50",
+      "status": "ok",
+      "description": "/vulnerable-login",
+      "origin": "auto.http.otel.express",
+      "data": {
+        "express.name": "/vulnerable-login",
+        "express.type": "request_handler",
+        "http.route": "/vulnerable-login",
+        "sentry.op": "request_handler.express",
+        "sentry.origin": "auto.http.otel.express"
+      },
+      "sentry_tags": {
+        "user": "ip:::1",
+        "user.ip": "::1",
+        "environment": "production",
+        "transaction": "GET /vulnerable-login",
+        "transaction.method": "GET",
+        "transaction.op": "http.server",
+        "browser.name": "Chrome",
+        "sdk.name": "sentry.javascript.node",
+        "sdk.version": "9.17.0",
+        "platform": "node",
+        "os.name": "macOS",
+        "op": "request_handler.express",
+        "status": "ok",
+        "trace.status": "ok"
+      },
+      "hash": "872b0c84a6f1c590"
+    },
+    {
+      "timestamp": 1747089758.637715,
+      "start_timestamp": 1747089758.572,
+      "exclusive_time": 65.715075,
+      "op": "db",
+      "span_id": "4703181ac343f71a",
+      "parent_span_id": "91fa92ff0205967d",
+      "trace_id": "375a86eca09a4a4e91903838dd771f50",
+      "status": "ok",
+      "description": "SELECT * FROM users WHERE username = 'hello'",
+      "origin": "auto.db.otel.mysql2",
+      "sentry_tags": {
+        "description": "SELECT * FROM users WHERE username = %s"
+      },
+      "data": {
+        "db.system": "mysql",
+        "db.connection_string": "jdbc:mysql://localhost:3306/injection_test",
+        "db.name": "injection_test",
+        "db.statement": "SELECT * FROM users WHERE username = 'hello'",
+        "db.user": "root",
+        "net.peer.name": "localhost",
+        "net.peer.port": 3306,
+        "otel.kind": "CLIENT",
+        "sentry.op": "db",
+        "sentry.origin": "auto.db.otel.mysql2"
+      },
+      "hash": "45330ba0cafa5997"
+    }
+  ]
+}

fixtures/events/performance_problems/sql-injection/sql-injection-event-parameterized-query.json

@@ -34,7 +34,6 @@
       "trace_id": "375a86eca09a4a4e91903838dd771f50",
       "status": "ok",
       "description": "SELECT * FROM users WHERE uid = &uid and username in ('bob')",
-      "origin": "auto.db.otel.mysql2",
       "sentry_tags": {
         "description": "SELECT * FROM users WHERE uid = &uid and username in ('bob')"
       },
@@ -47,8 +46,7 @@
         "net.peer.name": "localhost",
         "net.peer.port": 3306,
         "otel.kind": "CLIENT",
-        "sentry.op": "db",
-        "sentry.origin": "auto.db.otel.mysql2"
+        "sentry.op": "db"
       },
       "hash": "45330ba0cafa5997"
     }

fixtures/events/performance_problems/sql-injection/sql-injection-event-query.json

@@ -144,7 +144,6 @@
       "trace_id": "375a86eca09a4a4e91903838dd771f50",
       "status": "ok",
       "description": "SELECT * FROM users WHERE username = 'hello' ORDER BY username ASC",
-      "origin": "auto.db.otel.mysql2",
       "sentry_tags": {
         "description": "SELECT * FROM users WHERE username = %s ORDER BY username ASC"
       },
@@ -157,8 +156,7 @@
         "net.peer.name": "localhost",
         "net.peer.port": 3306,
         "otel.kind": "CLIENT",
-        "sentry.op": "db",
-        "sentry.origin": "auto.db.otel.mysql2"
+        "sentry.op": "db"
       },
       "hash": "45330ba0cafa5997"
     }

fixtures/events/performance_problems/sql-injection/sql-injection-laravel-query.json

@@ -142,7 +142,6 @@
       "trace_id": "375a86eca09a4a4e91903838dd771f50",
       "status": "ok",
       "description": "SELECT * FROM users WHERE id IN (1000)",
-      "origin": "auto.db.otel.mysql2",
       "data": {
         "db.system": "mysql",
         "db.connection_string": "jdbc:mysql://localhost:3306/injection_test",
@@ -152,8 +151,7 @@
         "net.peer.name": "localhost",
         "net.peer.port": 3306,
         "otel.kind": "CLIENT",
-        "sentry.op": "db",
-        "sentry.origin": "auto.db.otel.mysql2"
+        "sentry.op": "db"
       },
       "sentry_tags": {
         "user": "ip:::1",