Added the redaction capability in the instrumentations

Author: rads-1996

instrumentation/opentelemetry-instrumentation-aiohttp-client/src/opentelemetry/instrumentation/aiohttp_client/__init__.py

@@ -119,7 +119,7 @@ def response_hook(span: Span, params: typing.Union[
 from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE
 from opentelemetry.trace import Span, SpanKind, TracerProvider, get_tracer
 from opentelemetry.trace.status import Status, StatusCode
-from opentelemetry.util.http import remove_url_credentials, sanitize_method
+from opentelemetry.util.http import remove_url_credentials, sanitize_method, redact_query_parameters
 
 _UrlFilterT = typing.Optional[typing.Callable[[yarl.URL], str]]
 _RequestHookT = typing.Optional[
@@ -240,9 +240,9 @@ async def on_request_start(
         method = params.method
         request_span_name = _get_span_name(method)
         request_url = (
-            remove_url_credentials(trace_config_ctx.url_filter(params.url))
+            redact_query_parameters(remove_url_credentials(trace_config_ctx.url_filter(params.url)))
             if callable(trace_config_ctx.url_filter)
-            else remove_url_credentials(str(params.url))
+            else redact_query_parameters(remove_url_credentials(str(params.url)))
         )
 
         span_attributes = {}

instrumentation/opentelemetry-instrumentation-aiohttp-server/src/opentelemetry/instrumentation/aiohttp_server/__init__.py

@@ -57,7 +57,7 @@ async def hello(request):
 from opentelemetry.semconv.metrics import MetricInstruments
 from opentelemetry.semconv.trace import SpanAttributes
 from opentelemetry.trace.status import Status, StatusCode
-from opentelemetry.util.http import get_excluded_urls, remove_url_credentials
+from opentelemetry.util.http import get_excluded_urls, remove_url_credentials, redact_query_parameters
 
 _duration_attrs = [
     SpanAttributes.HTTP_METHOD,
@@ -146,7 +146,7 @@ def collect_request_attributes(request: web.Request) -> Dict:
         SpanAttributes.HTTP_ROUTE: _get_view_func(request),
         SpanAttributes.HTTP_FLAVOR: f"{request.version.major}.{request.version.minor}",
         SpanAttributes.HTTP_TARGET: request.path,
-        SpanAttributes.HTTP_URL: remove_url_credentials(http_url),
+        SpanAttributes.HTTP_URL: redact_query_parameters(remove_url_credentials(http_url)),
     }
 
     http_method = request.method

instrumentation/opentelemetry-instrumentation-asgi/src/opentelemetry/instrumentation/asgi/__init__.py

@@ -260,6 +260,7 @@ def client_response_hook(span: Span, scope: dict[str, Any], message: dict[str, A
     normalise_response_header_name,
     remove_url_credentials,
     sanitize_method,
+    redact_query_parameters,
 )
 
 
@@ -355,7 +356,7 @@ def collect_request_attributes(
         if _report_old(sem_conv_opt_in_mode):
             _set_http_url(
                 result,
-                remove_url_credentials(http_url),
+                redact_query_parameters(remove_url_credentials(http_url)),
                 _StabilityMode.DEFAULT,
             )
     http_method = scope.get("method", "")

instrumentation/opentelemetry-instrumentation-httpx/src/opentelemetry/instrumentation/httpx/__init__.py

@@ -244,7 +244,7 @@ async def async_response_hook(span, request, response):
 from opentelemetry.trace import SpanKind, Tracer, TracerProvider, get_tracer
 from opentelemetry.trace.span import Span
 from opentelemetry.trace.status import StatusCode
-from opentelemetry.util.http import remove_url_credentials, sanitize_method
+from opentelemetry.util.http import remove_url_credentials, sanitize_method, redact_query_parameters
 
 _logger = logging.getLogger(__name__)
 
@@ -298,7 +298,7 @@ def _extract_parameters(
         # In httpx >= 0.20.0, handle_request receives a Request object
         request: httpx.Request = args[0]
         method = request.method.encode()
-        url = httpx.URL(remove_url_credentials(str(request.url)))
+        url = httpx.URL(redact_query_parameters(remove_url_credentials(str(request.url))))
         headers = request.headers
         stream = request.stream
         extensions = request.extensions

instrumentation/opentelemetry-instrumentation-requests/src/opentelemetry/instrumentation/requests/__init__.py

@@ -149,6 +149,7 @@ def response_hook(span, request_obj, response):
     parse_excluded_urls,
     remove_url_credentials,
     sanitize_method,
+    redact_query_parameters,
 )
 from opentelemetry.util.http.httplib import set_ip_on_next_http_connection
 
@@ -232,7 +233,8 @@ def get_or_create_headers():
         method = request.method
         span_name = get_default_span_name(method)
 
-        url = remove_url_credentials(request.url)
+        url = redact_query_parameters(remove_url_credentials(request.url))
+
 
         span_attributes = {}
         _set_http_method(

instrumentation/opentelemetry-instrumentation-tornado/src/opentelemetry/instrumentation/tornado/client.py

@@ -22,7 +22,7 @@
 from opentelemetry.propagate import inject
 from opentelemetry.semconv.trace import SpanAttributes
 from opentelemetry.trace.status import Status, StatusCode
-from opentelemetry.util.http import remove_url_credentials
+from opentelemetry.util.http import remove_url_credentials, redact_query_parameters
 
 
 def _normalize_request(args, kwargs):
@@ -75,7 +75,7 @@ def fetch_async(
 
     if span.is_recording():
         attributes = {
-            SpanAttributes.HTTP_URL: remove_url_credentials(request.url),
+            SpanAttributes.HTTP_URL: redact_query_parameters(remove_url_credentials(request.url)),
             SpanAttributes.HTTP_METHOD: request.method,
         }
         for key, value in attributes.items():
@@ -161,7 +161,7 @@ def _finish_tracing_callback(
 def _create_metric_attributes(response):
     metric_attributes = {
         SpanAttributes.HTTP_STATUS_CODE: response.code,
-        SpanAttributes.HTTP_URL: remove_url_credentials(response.request.url),
+        SpanAttributes.HTTP_URL: redact_query_parameters(remove_url_credentials(response.request.url)),
         SpanAttributes.HTTP_METHOD: response.request.method,
     }
 

instrumentation/opentelemetry-instrumentation-urllib/src/opentelemetry/instrumentation/urllib/__init__.py

@@ -137,6 +137,7 @@ def response_hook(span: Span, request: Request, response: HTTPResponse):
     parse_excluded_urls,
     remove_url_credentials,
     sanitize_method,
+    redact_query_parameters,
 )
 from opentelemetry.util.types import Attributes
 
@@ -257,7 +258,7 @@ def _instrumented_open_call(
 
         span_name = _get_span_name(method)
 
-        url = remove_url_credentials(url)
+        url = redact_query_parameters(remove_url_credentials(url))
 
         data = getattr(request, "data", None)
         request_size = 0 if data is None else len(data)

instrumentation/opentelemetry-instrumentation-wsgi/src/opentelemetry/instrumentation/wsgi/__init__.py

@@ -270,6 +270,7 @@ def response_hook(span: Span, environ: WSGIEnvironment, status: str, response_he
     normalise_response_header_name,
     remove_url_credentials,
     sanitize_method,
+    redact_query_parameters
 )
 
 if TYPE_CHECKING:
@@ -365,9 +366,9 @@ def collect_request_attributes(
     else:
         # old semconv v1.20.0
         if _report_old(sem_conv_opt_in_mode):
-            result[SpanAttributes.HTTP_URL] = remove_url_credentials(
+            result[SpanAttributes.HTTP_URL] = redact_query_parameters(remove_url_credentials(
                 wsgiref_util.request_uri(environ)
-            )
+            ))
 
     remote_addr = environ.get("REMOTE_ADDR")
     if remote_addr:

util/opentelemetry-util-http/tests/test_remove_credentials.py

@@ -10,10 +10,10 @@ def test_remove_no_credentials(self):
         self.assertEqual(cleaned_url, url)
 
     def test_remove_credentials(self):
-        url = "http://someuser:[email protected]:8080/test/path?query=value"
+        url = "http://someuser:[email protected]:8080/test/path?sig=value"
         cleaned_url = remove_url_credentials(url)
         self.assertEqual(
-            cleaned_url, "http://REDACTED:[email protected]:8080/test/path?query=value"
+            cleaned_url, "http://REDACTED:[email protected]:8080/test/path?sig=value"
         )
 
     def test_remove_credentials_ipv4_literal(self):