Only use HttpClientAttributesExtractor and rename configuration

Author: jeanbisutti

instrumentation-api-incubator/src/main/java/io/opentelemetry/instrumentation/api/incubator/builder/internal/DefaultHttpClientInstrumenterBuilder.java

@@ -10,7 +10,6 @@
 import io.opentelemetry.api.common.AttributeKey;
 import io.opentelemetry.context.propagation.TextMapSetter;
 import io.opentelemetry.instrumentation.api.incubator.config.internal.CommonConfig;
-import io.opentelemetry.instrumentation.api.incubator.semconv.http.HttpClientExperimentalHttpParamsRedactionExtractor;
 import io.opentelemetry.instrumentation.api.incubator.semconv.http.HttpClientExperimentalMetrics;
 import io.opentelemetry.instrumentation.api.incubator.semconv.http.HttpClientPeerServiceAttributesExtractor;
 import io.opentelemetry.instrumentation.api.incubator.semconv.http.HttpExperimentalAttributesExtractor;
@@ -21,6 +20,7 @@
 import io.opentelemetry.instrumentation.api.instrumenter.SpanKindExtractor;
 import io.opentelemetry.instrumentation.api.instrumenter.SpanNameExtractor;
 import io.opentelemetry.instrumentation.api.instrumenter.SpanStatusExtractor;
+import io.opentelemetry.instrumentation.api.internal.ExperimentalParameterUtil;
 import io.opentelemetry.instrumentation.api.semconv.http.HttpClientAttributesExtractor;
 import io.opentelemetry.instrumentation.api.semconv.http.HttpClientAttributesExtractorBuilder;
 import io.opentelemetry.instrumentation.api.semconv.http.HttpClientAttributesGetter;
@@ -64,7 +64,7 @@ public final class DefaultHttpClientInstrumenterBuilder<REQUEST, RESPONSE> {
   private Function<SpanNameExtractor<? super REQUEST>, ? extends SpanNameExtractor<? super REQUEST>>
       spanNameExtractorTransformer = Function.identity();
   private boolean emitExperimentalHttpClientMetrics = false;
-  private boolean redactSensitiveUrlParameters = false;
+  private boolean redactQueryParameters = false;
   private Consumer<InstrumenterBuilder<REQUEST, RESPONSE>> builderCustomizer = b -> {};
 
   private DefaultHttpClientInstrumenterBuilder(
@@ -182,13 +182,12 @@ public DefaultHttpClientInstrumenterBuilder<REQUEST, RESPONSE> setKnownMethods(
   /**
    * Configures the instrumentation to redact sensitive URL parameters.
    *
-   * @param redactSensitiveUrlParameters {@code true} if the sensitive URL parameters have to be
-   *     redacted.
+   * @param redactQueryParameters {@code true} if the sensitive URL parameters have to be redacted.
    */
   @CanIgnoreReturnValue
-  public DefaultHttpClientInstrumenterBuilder<REQUEST, RESPONSE> setRedactSensitiveUrlParameters(
-      boolean redactSensitiveUrlParameters) {
-    this.redactSensitiveUrlParameters = redactSensitiveUrlParameters;
+  public DefaultHttpClientInstrumenterBuilder<REQUEST, RESPONSE> setRedactQueryParameters(
+      boolean redactQueryParameters) {
+    this.redactQueryParameters = redactQueryParameters;
     return this;
   }
 
@@ -227,6 +226,10 @@ public Instrumenter<REQUEST, RESPONSE> build() {
     SpanNameExtractor<? super REQUEST> spanNameExtractor =
         spanNameExtractorTransformer.apply(httpSpanNameExtractorBuilder.build());
 
+    if (redactQueryParameters) {
+      ExperimentalParameterUtil.setRedactQueryParameters(redactQueryParameters);
+    }
+
     InstrumenterBuilder<REQUEST, RESPONSE> builder =
         Instrumenter.<REQUEST, RESPONSE>builder(
                 openTelemetry, instrumentationName, spanNameExtractor)
@@ -240,10 +243,7 @@ public Instrumenter<REQUEST, RESPONSE> build() {
           .addAttributesExtractor(HttpExperimentalAttributesExtractor.create(attributesGetter))
           .addOperationMetrics(HttpClientExperimentalMetrics.get());
     }
-    if (redactSensitiveUrlParameters) {
-      builder.addAttributesExtractor(
-          HttpClientExperimentalHttpParamsRedactionExtractor.create(attributesGetter));
-    }
+
     builderCustomizer.accept(builder);
 
     if (headerSetter != null) {
@@ -267,7 +267,7 @@ public DefaultHttpClientInstrumenterBuilder<REQUEST, RESPONSE> configure(CommonC
     set(
         config::shouldEmitExperimentalHttpClientTelemetry,
         this::setEmitExperimentalHttpClientMetrics);
-    set(config::shouldRedactSensitiveUrlParameters, this::setRedactSensitiveUrlParameters);
+    set(config::redactQueryParameters, this::setRedactQueryParameters);
     return this;
   }
 

instrumentation-api-incubator/src/main/java/io/opentelemetry/instrumentation/api/incubator/config/internal/CommonConfig.java

@@ -31,7 +31,7 @@ public final class CommonConfig {
   private final boolean statementSanitizationEnabled;
   private final boolean emitExperimentalHttpClientTelemetry;
   private final boolean emitExperimentalHttpServerTelemetry;
-  private final boolean redactSensitiveUrlParameters;
+  private final boolean redactQueryParameters;
   private final String loggingTraceIdKey;
   private final String loggingSpanIdKey;
   private final String loggingTraceFlagsKey;
@@ -58,9 +58,9 @@ public CommonConfig(InstrumentationConfig config) {
         config.getBoolean("otel.instrumentation.common.db-statement-sanitizer.enabled", true);
     emitExperimentalHttpClientTelemetry =
         config.getBoolean("otel.instrumentation.http.client.emit-experimental-telemetry", false);
-    redactSensitiveUrlParameters =
+    redactQueryParameters =
         config.getBoolean(
-            "otel.instrumentation.http.client.experimental.redact-sensitive-url-parameters", false);
+            "otel.instrumentation.http.client.experimental.redact-query-parameters", false);
     emitExperimentalHttpServerTelemetry =
         config.getBoolean("otel.instrumentation.http.server.emit-experimental-telemetry", false);
     enduserConfig = new EnduserConfig(config);
@@ -115,8 +115,8 @@ public boolean shouldEmitExperimentalHttpServerTelemetry() {
     return emitExperimentalHttpServerTelemetry;
   }
 
-  public boolean shouldRedactSensitiveUrlParameters() {
-    return redactSensitiveUrlParameters;
+  public boolean redactQueryParameters() {
+    return redactQueryParameters;
   }
 
   public String getTraceIdKey() {

instrumentation-api/src/main/java/io/opentelemetry/instrumentation/api/internal/ExperimentalParameterUtil.java

@@ -0,0 +1,25 @@
+/*
+ * Copyright The OpenTelemetry Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package io.opentelemetry.instrumentation.api.internal;
+
+/**
+ * This class is internal and is hence not for public use. Its APIs are unstable and can change at
+ * any time.
+ */
+public class ExperimentalParameterUtil {
+
+  private static boolean redactQueryParameters;
+
+  private ExperimentalParameterUtil() {}
+
+  public static boolean isRedactQueryParameters() {
+    return redactQueryParameters;
+  }
+
+  public static void setRedactQueryParameters(boolean redactQueryParameters) {
+    ExperimentalParameterUtil.redactQueryParameters = redactQueryParameters;
+  }
+}

instrumentation-api/src/main/java/io/opentelemetry/instrumentation/api/semconv/http/HttpClientAttributesExtractor.java

@@ -17,6 +17,9 @@
 import io.opentelemetry.instrumentation.api.semconv.network.internal.InternalServerAttributesExtractor;
 import io.opentelemetry.semconv.HttpAttributes;
 import io.opentelemetry.semconv.UrlAttributes;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
 import java.util.function.ToIntFunction;
 import javax.annotation.Nullable;
 
@@ -32,6 +35,9 @@ public final class HttpClientAttributesExtractor<REQUEST, RESPONSE>
         REQUEST, RESPONSE, HttpClientAttributesGetter<REQUEST, RESPONSE>>
     implements SpanKeyProvider {
 
+  private static final Set<String> PARAMS_TO_REDACT =
+      new HashSet<>(Arrays.asList("AWSAccessKeyId", "Signature", "sig", "X-Goog-Signature"));
+
   /**
    * Creates the HTTP client attributes extractor with default configuration.
    *
@@ -54,6 +60,7 @@ public static <REQUEST, RESPONSE> HttpClientAttributesExtractorBuilder<REQUEST,
   private final InternalNetworkAttributesExtractor<REQUEST, RESPONSE> internalNetworkExtractor;
   private final InternalServerAttributesExtractor<REQUEST> internalServerExtractor;
   private final ToIntFunction<Context> resendCountIncrementer;
+  private final boolean redactQueryParameters;
 
   HttpClientAttributesExtractor(HttpClientAttributesExtractorBuilder<REQUEST, RESPONSE> builder) {
     super(
@@ -65,6 +72,7 @@ public static <REQUEST, RESPONSE> HttpClientAttributesExtractorBuilder<REQUEST,
     internalNetworkExtractor = builder.buildNetworkExtractor();
     internalServerExtractor = builder.buildServerExtractor();
     resendCountIncrementer = builder.resendCountIncrementer;
+    redactQueryParameters = builder.redactQueryParameters;
   }
 
   @Override
@@ -104,11 +112,21 @@ public SpanKey internalGetSpanKey() {
   }
 
   @Nullable
-  private static String stripSensitiveData(@Nullable String url) {
+  private String stripSensitiveData(@Nullable String url) {
     if (url == null || url.isEmpty()) {
       return url;
     }
 
+    url = redactUserInfo(url);
+
+    if (redactQueryParameters) {
+      url = redactQueryParameters(url);
+    }
+
+    return url;
+  }
+
+  private static String redactUserInfo(String url) {
     int schemeEndIndex = url.indexOf(':');
 
     if (schemeEndIndex == -1) {
@@ -145,4 +163,59 @@ private static String stripSensitiveData(@Nullable String url) {
     }
     return url.substring(0, schemeEndIndex + 3) + "REDACTED:REDACTED" + url.substring(atIndex);
   }
+
+  private static String redactQueryParameters(String url) {
+
+    int questionMarkIndex = url.indexOf('?');
+
+    if (questionMarkIndex == -1) {
+      return url;
+    }
+
+    if (!containsParamToRedact(url)) {
+      return url;
+    }
+
+    StringBuilder redactedParameters = new StringBuilder();
+    boolean paramToRedact = false;
+    boolean paramNameDetected = false;
+    boolean reference = false;
+
+    StringBuilder currentParamName = new StringBuilder();
+
+    for (int i = questionMarkIndex + 1; i < url.length(); i++) {
+      char currentChar = url.charAt(i);
+      if (currentChar == '=') {
+        paramNameDetected = true;
+        redactedParameters.append(currentParamName);
+        redactedParameters.append('=');
+        if (PARAMS_TO_REDACT.contains(currentParamName.toString())) {
+          redactedParameters.append("REDACTED");
+          paramToRedact = true;
+        }
+      } else if (currentChar == '&') {
+        redactedParameters.append('&');
+        paramNameDetected = false;
+        paramToRedact = false;
+        currentParamName.setLength(0);
+      } else if (currentChar == '#') {
+        reference = true;
+        redactedParameters.append('#');
+      } else if (!paramNameDetected) {
+        currentParamName.append(currentChar);
+      } else if (!paramToRedact || reference) {
+        redactedParameters.append(currentChar);
+      }
+    }
+    return url.substring(0, questionMarkIndex) + "?" + redactedParameters;
+  }
+
+  private static boolean containsParamToRedact(String urlpart) {
+    for (String param : PARAMS_TO_REDACT) {
+      if (urlpart.contains(param)) {
+        return true;
+      }
+    }
+    return false;
+  }
 }

instrumentation-api/src/main/java/io/opentelemetry/instrumentation/api/semconv/http/HttpClientAttributesExtractorBuilder.java

@@ -11,6 +11,7 @@
 import io.opentelemetry.context.Context;
 import io.opentelemetry.instrumentation.api.instrumenter.AttributesExtractor;
 import io.opentelemetry.instrumentation.api.instrumenter.InstrumenterBuilder;
+import io.opentelemetry.instrumentation.api.internal.ExperimentalParameterUtil;
 import io.opentelemetry.instrumentation.api.internal.HttpConstants;
 import io.opentelemetry.instrumentation.api.semconv.network.internal.AddressAndPortExtractor;
 import io.opentelemetry.instrumentation.api.semconv.network.internal.InternalNetworkAttributesExtractor;
@@ -37,6 +38,7 @@ public final class HttpClientAttributesExtractorBuilder<REQUEST, RESPONSE> {
   List<String> capturedResponseHeaders = emptyList();
   Set<String> knownMethods = HttpConstants.KNOWN_METHODS;
   ToIntFunction<Context> resendCountIncrementer = HttpClientRequestResendCount::getAndIncrement;
+  boolean redactQueryParameters;
 
   HttpClientAttributesExtractorBuilder(
       HttpClientAttributesGetter<REQUEST, RESPONSE> httpAttributesGetter) {
@@ -180,6 +182,7 @@ HttpClientAttributesExtractorBuilder<REQUEST, RESPONSE> setResendCountIncremente
    * @see InstrumenterBuilder#addAttributesExtractor(AttributesExtractor)
    */
   public AttributesExtractor<REQUEST, RESPONSE> build() {
+    redactQueryParameters = ExperimentalParameterUtil.isRedactQueryParameters();
     return new HttpClientAttributesExtractor<>(this);
   }
 

instrumentation-api/src/test/java/io/opentelemetry/instrumentation/api/semconv/http/HttpClientAttributesExtractorTest.java

@@ -30,6 +30,7 @@
 import io.opentelemetry.api.common.AttributesBuilder;
 import io.opentelemetry.context.Context;
 import io.opentelemetry.instrumentation.api.instrumenter.AttributesExtractor;
+import io.opentelemetry.instrumentation.api.internal.ExperimentalParameterUtil;
 import io.opentelemetry.instrumentation.api.internal.HttpConstants;
 import java.net.ConnectException;
 import java.util.HashMap;
@@ -211,6 +212,8 @@ void stripBasicAuthTest(String url, String expectedResult) {
     Map<String, String> request = new HashMap<>();
     request.put("urlFull", url);
 
+    ExperimentalParameterUtil.setRedactQueryParameters(true);
+
     AttributesExtractor<Map<String, String>, Map<String, String>> extractor =
         HttpClientAttributesExtractor.create(new TestHttpClientAttributesGetter());
 
@@ -241,7 +244,37 @@ public Stream<? extends Arguments> provideArguments(ExtensionContext context) {
           arguments("https://github.com/p@th?foo=b@r", "https://github.com/p@th?foo=b@r"),
           arguments("https://github.com#[email protected]", "https://github.com#[email protected]"),
           arguments("user1:[email protected]", "user1:[email protected]"),
-          arguments("https://github.com@", "https://github.com@"));
+          arguments("https://github.com@", "https://github.com@"),
+          arguments(
+              "https://service.com?paramA=valA&paramB=valB",
+              "https://service.com?paramA=valA&paramB=valB"),
+          arguments(
+              "https://service.com?AWSAccessKeyId=AKIAIOSFODNN7",
+              "https://service.com?AWSAccessKeyId=REDACTED"),
+          arguments(
+              "https://service.com?Signature=39Up9jzHkxhuIhFE9594DJxe7w6cIRCg0V6ICGS0%3A377",
+              "https://service.com?Signature=REDACTED"),
+          arguments(
+              "https://service.com?sig=39Up9jzHkxhuIhFE9594DJxe7w6cIRCg0V6ICGS0",
+              "https://service.com?sig=REDACTED"),
+          arguments(
+              "https://service.com?X-Goog-Signature=39Up9jzHkxhuIhFE9594DJxe7w6cIRCg0V6ICGS0",
+              "https://service.com?X-Goog-Signature=REDACTED"),
+          arguments(
+              "https://service.com?paramA=valA&AWSAccessKeyId=AKIAIOSFODNN7&paramB=valB",
+              "https://service.com?paramA=valA&AWSAccessKeyId=REDACTED&paramB=valB"),
+          arguments(
+              "https://service.com?AWSAccessKeyId=AKIAIOSFODNN7&paramA=valA",
+              "https://service.com?AWSAccessKeyId=REDACTED&paramA=valA"),
+          arguments(
+              "https://service.com?paramA=valA&AWSAccessKeyId=AKIAIOSFODNN7",
+              "https://service.com?paramA=valA&AWSAccessKeyId=REDACTED"),
+          arguments(
+              "https://service.com?AWSAccessKeyId=AKIAIOSFODNN7&AWSAccessKeyId=ZGIAIOSFODNN7",
+              "https://service.com?AWSAccessKeyId=REDACTED&AWSAccessKeyId=REDACTED"),
+          arguments(
+              "https://service.com?AWSAccessKeyId=AKIAIOSFODNN7#ref",
+              "https://service.com?AWSAccessKeyId=REDACTED#ref"));
     }
   }
 

smoke-tests-otel-starter/spring-boot-common/src/main/resources/application.yaml

@@ -12,7 +12,7 @@ otel:
       client:
         emit-experimental-telemetry: true
         experimental:
-          redact-sensitive-url-parameters: true
+          redact-query-parameters: true
       server:
         emit-experimental-telemetry: true
         capture-request-headers: [key]