refactor(instrumentation-http): avoid deprecated url.parse() in getAbsoluteUrl() (#6089)

Author: cjihrig

experimental/CHANGELOG.md

@@ -55,6 +55,7 @@ For notes on migrating to 2.x / 0.200.x see [the upgrade guide](doc/upgrade-to-2
 * test(otlp-grpc-exporter-base): increase timeout in flaky test [#6042](https://github.com/open-telemetry/opentelemetry-js/pull/6042) @cjihrig
 * test(sdk-node): use process.env consistently in tests [#6052](https://github.com/open-telemetry/opentelemetry-js/pull/6052) @cjihrig
 * test(sdk-node): ensure process.env is cleaned up between tests [#6066](https://github.com/open-telemetry/opentelemetry-js/pull/6066) @cjihrig
+* refactor(instrumentation-http): avoid deprecated url.parse() in getAbsoluteUrl() [#6089](https://github.com/open-telemetry/opentelemetry-js/pull/6089) @cjihrig
 
 ## 0.207.0
 

experimental/packages/opentelemetry-instrumentation-http/src/utils.ts

@@ -116,23 +116,20 @@ export const getAbsoluteUrl = (
   }
   // Redact sensitive query parameters
   if (path.includes('?')) {
-    const parsedUrl = url.parse(path);
-    const pathname = parsedUrl.pathname || '';
-    const query = parsedUrl.query || '';
-    const searchParams = new URLSearchParams(query);
-    const sensitiveParamsToRedact: string[] = redactedQueryParams || [];
-
-    for (const sensitiveParam of sensitiveParamsToRedact) {
-      if (
-        searchParams.has(sensitiveParam) &&
-        searchParams.get(sensitiveParam) !== ''
-      ) {
-        searchParams.set(sensitiveParam, STR_REDACTED);
+    try {
+      const parsedUrl = new URL(path, 'http://localhost');
+      const sensitiveParamsToRedact: string[] = redactedQueryParams || [];
+
+      for (const sensitiveParam of sensitiveParamsToRedact) {
+        if (parsedUrl.searchParams.get(sensitiveParam)) {
+          parsedUrl.searchParams.set(sensitiveParam, STR_REDACTED);
+        }
       }
-    }
 
-    const redactedQuery = searchParams.toString();
-    path = `${pathname}?${redactedQuery}`;
+      path = `${parsedUrl.pathname}${parsedUrl.search}`;
+    } catch {
+      // Ignore error, as the path was not a valid URL.
+    }
   }
   const authPart = reqUrlObject.auth ? `${STR_REDACTED}:${STR_REDACTED}@` : '';
   return `${protocol}//${authPart}${host}${path}`;

experimental/packages/opentelemetry-instrumentation-http/test/functionals/utils.test.ts

@@ -211,6 +211,16 @@ describe('Utility', () => {
         'http://localhost:8080/registers?AWSAccessKeyId=REDACTED'
       );
     });
+    it('does not perform redaction if the provided path cannot be parsed', () => {
+      const result = utils.getAbsoluteUrl(
+        { path: 'http://?AWSAccessKeyId=secret123' },
+        {}
+      );
+      assert.strictEqual(
+        result,
+        'http://localhosthttp://?AWSAccessKeyId=secret123'
+      );
+    });
   });
 
   describe('setSpanWithError()', () => {