Added redact_url which redacts both credentials and query strings. Modified code for instrumentations and corresponding tests.

rads-1996 · rads-1996 · commit bab5f0e49771 · 2025-05-23T09:35:44.000-07:00
diff --git a/instrumentation/opentelemetry-instrumentation-aiohttp-client/src/opentelemetry/instrumentation/aiohttp_client/__init__.py b/instrumentation/opentelemetry-instrumentation-aiohttp-client/src/opentelemetry/instrumentation/aiohttp_client/__init__.py
@@ -119,7 +119,7 @@ def response_hook(span: Span, params: typing.Union[
 from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE
 from opentelemetry.trace import Span, SpanKind, TracerProvider, get_tracer
 from opentelemetry.trace.status import Status, StatusCode
-from opentelemetry.util.http import remove_url_credentials, sanitize_method, redact_query_parameters
+from opentelemetry.util.http import sanitize_method, redact_url
 
 _UrlFilterT = typing.Optional[typing.Callable[[yarl.URL], str]]
 _RequestHookT = typing.Optional[
@@ -240,9 +240,9 @@ async def on_request_start(
         method = params.method
         request_span_name = _get_span_name(method)
         request_url = (
-            redact_query_parameters(remove_url_credentials(trace_config_ctx.url_filter(params.url)))
+            redact_url(trace_config_ctx.url_filter(params.url))
             if callable(trace_config_ctx.url_filter)
-            else redact_query_parameters(remove_url_credentials(str(params.url)))
+            else redact_url(str(params.url))
         )
 
         span_attributes = {}
diff --git a/instrumentation/opentelemetry-instrumentation-aiohttp-client/tests/test_aiohttp_client_integration.py b/instrumentation/opentelemetry-instrumentation-aiohttp-client/tests/test_aiohttp_client_integration.py
@@ -587,16 +587,16 @@ async def do_request(url):
         )
         self.memory_exporter.clear()
 
-    def test_credential_removal(self):
+    def test_remove_sensitive_params(self):
         trace_configs = [aiohttp_client.create_trace_config()]
 
-        app = HttpServerMock("test_credential_removal")
+        app = HttpServerMock("test_remove_sensitive_params")
 
         @app.route("/status/200")
         def index():
             return "hello"
 
-        url = "http://username:password@localhost:5000/status/200"
+        url = "http://username:password@localhost:5000/status/200?Signature=secret"
 
         with app.run("localhost", 5000):
             with self.subTest(url=url):
@@ -618,7 +618,7 @@ async def do_request(url):
                     (StatusCode.UNSET, None),
                     {
                         HTTP_METHOD: "GET",
-                        HTTP_URL: ("http://localhost:5000/status/200"),
+                        HTTP_URL: ("http://REDACTED:REDACTED@localhost:5000/status/200?Signature=REDACTED"),
                         HTTP_STATUS_CODE: int(HTTPStatus.OK),
                     },
                 )
diff --git a/instrumentation/opentelemetry-instrumentation-aiohttp-server/src/opentelemetry/instrumentation/aiohttp_server/__init__.py b/instrumentation/opentelemetry-instrumentation-aiohttp-server/src/opentelemetry/instrumentation/aiohttp_server/__init__.py
@@ -57,7 +57,7 @@ async def hello(request):
 from opentelemetry.semconv.metrics import MetricInstruments
 from opentelemetry.semconv.trace import SpanAttributes
 from opentelemetry.trace.status import Status, StatusCode
-from opentelemetry.util.http import get_excluded_urls, remove_url_credentials, redact_query_parameters
+from opentelemetry.util.http import get_excluded_urls, redact_url
 
 _duration_attrs = [
     SpanAttributes.HTTP_METHOD,
@@ -146,7 +146,7 @@ def collect_request_attributes(request: web.Request) -> Dict:
         SpanAttributes.HTTP_ROUTE: _get_view_func(request),
         SpanAttributes.HTTP_FLAVOR: f"{request.version.major}.{request.version.minor}",
         SpanAttributes.HTTP_TARGET: request.path,
-        SpanAttributes.HTTP_URL: redact_query_parameters(remove_url_credentials(http_url)),
+        SpanAttributes.HTTP_URL: redact_url(http_url),
     }
 
     http_method = request.method
diff --git a/instrumentation/opentelemetry-instrumentation-asgi/src/opentelemetry/instrumentation/asgi/__init__.py b/instrumentation/opentelemetry-instrumentation-asgi/src/opentelemetry/instrumentation/asgi/__init__.py
@@ -258,9 +258,8 @@ def client_response_hook(span: Span, scope: dict[str, Any], message: dict[str, A
     get_custom_headers,
     normalise_request_header_name,
     normalise_response_header_name,
-    remove_url_credentials,
     sanitize_method,
-    redact_query_parameters,
+    redact_url,
 )
 
 
@@ -356,7 +355,7 @@ def collect_request_attributes(
         if _report_old(sem_conv_opt_in_mode):
             _set_http_url(
                 result,
-                redact_query_parameters(remove_url_credentials(http_url)),
+                redact_url(http_url),
                 _StabilityMode.DEFAULT,
             )
     http_method = scope.get("method", "")
diff --git a/instrumentation/opentelemetry-instrumentation-asgi/tests/test_asgi_middleware.py b/instrumentation/opentelemetry-instrumentation-asgi/tests/test_asgi_middleware.py
@@ -1796,12 +1796,13 @@ def test_response_attributes_invalid_status_code(self):
         otel_asgi.set_status_code(self.span, "Invalid Status Code")
         self.assertEqual(self.span.set_status.call_count, 1)
 
-    def test_credential_removal(self):
+    def test_remove_sensitive_params(self):
         self.scope["server"] = ("username:password@mock", 80)
         self.scope["path"] = "/status/200"
+        self.scope["query_string"] = b"X-Goog-Signature=1234567890"
         attrs = otel_asgi.collect_request_attributes(self.scope)
         self.assertEqual(
-            attrs[SpanAttributes.HTTP_URL], "http://mock/status/200"
+            attrs[SpanAttributes.HTTP_URL], "http://REDACTED:REDACTED@mock/status/200?X-Goog-Signature=REDACTED"
         )
 
     def test_collect_target_attribute_missing(self):
diff --git a/instrumentation/opentelemetry-instrumentation-httpx/src/opentelemetry/instrumentation/httpx/__init__.py b/instrumentation/opentelemetry-instrumentation-httpx/src/opentelemetry/instrumentation/httpx/__init__.py
@@ -244,7 +244,7 @@ async def async_response_hook(span, request, response):
 from opentelemetry.trace import SpanKind, Tracer, TracerProvider, get_tracer
 from opentelemetry.trace.span import Span
 from opentelemetry.trace.status import StatusCode
-from opentelemetry.util.http import remove_url_credentials, sanitize_method, redact_query_parameters
+from opentelemetry.util.http import sanitize_method, redact_url
 
 _logger = logging.getLogger(__name__)
 
@@ -298,7 +298,7 @@ def _extract_parameters(
         # In httpx >= 0.20.0, handle_request receives a Request object
         request: httpx.Request = args[0]
         method = request.method.encode()
-        url = httpx.URL(redact_query_parameters(remove_url_credentials(str(request.url))))
+        url = httpx.URL(redact_url(str(request.url)))
         headers = request.headers
         stream = request.stream
         extensions = request.extensions
diff --git a/instrumentation/opentelemetry-instrumentation-httpx/tests/test_httpx_integration.py b/instrumentation/opentelemetry-instrumentation-httpx/tests/test_httpx_integration.py
@@ -1127,12 +1127,12 @@ def perform_request(
             return self.client.request(method, url, headers=headers)
         return client.request(method, url, headers=headers)
 
-    def test_credential_removal(self):
-        new_url = "http://username:password@mock/status/200"
+    def test_remove_sensitive_params(self):
+        new_url = "http://username:password@mock/status/200?sig=secret"
         self.perform_request(new_url)
         span = self.assert_span()
 
-        self.assertEqual(span.attributes[SpanAttributes.HTTP_URL], self.URL)
+        self.assertEqual(span.attributes[SpanAttributes.HTTP_URL], "http://REDACTED:REDACTED@mock/status/200?sig=REDACTED")
 
 
 class TestAsyncIntegration(BaseTestCases.BaseManualTest):
@@ -1196,12 +1196,12 @@ def test_basic_multiple(self):
         )
         self.assert_span(num_spans=2)
 
-    def test_credential_removal(self):
-        new_url = "http://username:password@mock/status/200"
+    def test_remove_sensitive_params(self):
+        new_url = "http://username:password@mock/status/200?Signature=secret"
         self.perform_request(new_url)
         span = self.assert_span()
 
-        self.assertEqual(span.attributes[SpanAttributes.HTTP_URL], self.URL)
+        self.assertEqual(span.attributes[SpanAttributes.HTTP_URL], "http://REDACTED:REDACTED@mock/status/200?Signature=REDACTED")
 
 
 class TestSyncInstrumentationIntegration(BaseTestCases.BaseInstrumentorTest):
diff --git a/instrumentation/opentelemetry-instrumentation-requests/src/opentelemetry/instrumentation/requests/__init__.py b/instrumentation/opentelemetry-instrumentation-requests/src/opentelemetry/instrumentation/requests/__init__.py
@@ -147,9 +147,8 @@ def response_hook(span, request_obj, response):
     ExcludeList,
     get_excluded_urls,
     parse_excluded_urls,
-    remove_url_credentials,
     sanitize_method,
-    redact_query_parameters,
+    redact_url,
 )
 from opentelemetry.util.http.httplib import set_ip_on_next_http_connection
 
@@ -233,7 +232,7 @@ def get_or_create_headers():
         method = request.method
         span_name = get_default_span_name(method)
 
-        url = redact_query_parameters(remove_url_credentials(request.url))
+        url = redact_url(request.url)
 
 
         span_attributes = {}
diff --git a/instrumentation/opentelemetry-instrumentation-requests/tests/test_requests_integration.py b/instrumentation/opentelemetry-instrumentation-requests/tests/test_requests_integration.py
@@ -686,12 +686,12 @@ def perform_request(url: str, session: requests.Session = None):
             return requests.get(url, timeout=5)
         return session.get(url)
 
-    def test_credential_removal(self):
-        new_url = "http://username:password@mock/status/200"
+    def test_remove_sensitive_params(self):
+        new_url = "http://username:password@mock/status/200?AWSAccessKeyId=secret"
         self.perform_request(new_url)
         span = self.assert_span()
 
-        self.assertEqual(span.attributes[HTTP_URL], self.URL)
+        self.assertEqual(span.attributes[HTTP_URL], "http://REDACTED:REDACTED@mock/status/200?AWSAccessKeyId=REDACTED")
 
     def test_if_headers_equals_none(self):
         result = requests.get(self.URL, headers=None, timeout=5)
diff --git a/instrumentation/opentelemetry-instrumentation-tornado/src/opentelemetry/instrumentation/tornado/client.py b/instrumentation/opentelemetry-instrumentation-tornado/src/opentelemetry/instrumentation/tornado/client.py
@@ -22,7 +22,7 @@
 from opentelemetry.propagate import inject
 from opentelemetry.semconv.trace import SpanAttributes
 from opentelemetry.trace.status import Status, StatusCode
-from opentelemetry.util.http import remove_url_credentials, redact_query_parameters
+from opentelemetry.util.http import redact_url
 
 
 def _normalize_request(args, kwargs):
@@ -75,7 +75,7 @@ def fetch_async(
 
     if span.is_recording():
         attributes = {
-            SpanAttributes.HTTP_URL: redact_query_parameters(remove_url_credentials(request.url)),
+            SpanAttributes.HTTP_URL: redact_url(request.url),
             SpanAttributes.HTTP_METHOD: request.method,
         }
         for key, value in attributes.items():
@@ -161,7 +161,7 @@ def _finish_tracing_callback(
 def _create_metric_attributes(response):
     metric_attributes = {
         SpanAttributes.HTTP_STATUS_CODE: response.code,
-        SpanAttributes.HTTP_URL: redact_query_parameters(remove_url_credentials(response.request.url)),
+        SpanAttributes.HTTP_URL: redact_url(response.request.url),
         SpanAttributes.HTTP_METHOD: response.request.method,
     }
 
diff --git a/instrumentation/opentelemetry-instrumentation-tornado/tests/test_instrumentation.py b/instrumentation/opentelemetry-instrumentation-tornado/tests/test_instrumentation.py
@@ -496,16 +496,16 @@ def test_response_headers(self):
 
         set_global_response_propagator(orig)
 
-    def test_credential_removal(self):
-        app = HttpServerMock("test_credential_removal")
+    def test_remove_sensitive_params(self):
+        app = HttpServerMock("test_remove_sensitive_params")
 
         @app.route("/status/200")
         def index():
             return "hello"
 
         with app.run("localhost", 5000):
             response = self.fetch(
-                "http://username:password@localhost:5000/status/200"
+                "http://username:password@localhost:5000/status/200?Signature=secret"
             )
         self.assertEqual(response.code, 200)
 
@@ -518,7 +518,7 @@ def index():
         self.assertSpanHasAttributes(
             client,
             {
-                SpanAttributes.HTTP_URL: "http://localhost:5000/status/200",
+                SpanAttributes.HTTP_URL: "http://REDACTED:REDACTED@localhost:5000/status/200?Signature=REDACTED",
                 SpanAttributes.HTTP_METHOD: "GET",
                 SpanAttributes.HTTP_STATUS_CODE: 200,
             },
diff --git a/instrumentation/opentelemetry-instrumentation-urllib/src/opentelemetry/instrumentation/urllib/__init__.py b/instrumentation/opentelemetry-instrumentation-urllib/src/opentelemetry/instrumentation/urllib/__init__.py
@@ -135,9 +135,8 @@ def response_hook(span: Span, request: Request, response: HTTPResponse):
     ExcludeList,
     get_excluded_urls,
     parse_excluded_urls,
-    remove_url_credentials,
     sanitize_method,
-    redact_query_parameters,
+    redact_url,
 )
 from opentelemetry.util.types import Attributes
 
@@ -258,7 +257,7 @@ def _instrumented_open_call(
 
         span_name = _get_span_name(method)
 
-        url = redact_query_parameters(remove_url_credentials(url))
+        url = redact_url(url)
 
         data = getattr(request, "data", None)
         request_size = 0 if data is None else len(data)
diff --git a/instrumentation/opentelemetry-instrumentation-urllib/tests/test_urllib_integration.py b/instrumentation/opentelemetry-instrumentation-urllib/tests/test_urllib_integration.py
@@ -512,14 +512,14 @@ def test_requests_timeout_exception(self, *_, **__):
         span = self.assert_span()
         self.assertEqual(span.status.status_code, StatusCode.ERROR)
 
-    def test_credential_removal(self):
+    def test_remove_sensitive_params(self):
         url = "http://username:password@mock/status/200"
 
         with self.assertRaises(Exception):
             self.perform_request(url)
 
         span = self.assert_span()
-        self.assertEqual(span.attributes[SpanAttributes.HTTP_URL], self.URL)
+        self.assertEqual(span.attributes[SpanAttributes.HTTP_URL], "http://REDACTED:REDACTED@mock/status/200")
 
     def test_hooks(self):
         def request_hook(span, request_obj):
diff --git a/instrumentation/opentelemetry-instrumentation-wsgi/src/opentelemetry/instrumentation/wsgi/__init__.py b/instrumentation/opentelemetry-instrumentation-wsgi/src/opentelemetry/instrumentation/wsgi/__init__.py
@@ -268,9 +268,8 @@ def response_hook(span: Span, environ: WSGIEnvironment, status: str, response_he
     get_custom_headers,
     normalise_request_header_name,
     normalise_response_header_name,
-    remove_url_credentials,
     sanitize_method,
-    redact_query_parameters
+    redact_url,
 )
 
 if TYPE_CHECKING:
@@ -366,9 +365,9 @@ def collect_request_attributes(
     else:
         # old semconv v1.20.0
         if _report_old(sem_conv_opt_in_mode):
-            result[SpanAttributes.HTTP_URL] = redact_query_parameters(remove_url_credentials(
+            result[SpanAttributes.HTTP_URL] = redact_url(
                 wsgiref_util.request_uri(environ)
-            ))
+            )
 
     remote_addr = environ.get("REMOTE_ADDR")
     if remote_addr:
diff --git a/instrumentation/opentelemetry-instrumentation-wsgi/tests/test_wsgi_middleware.py b/instrumentation/opentelemetry-instrumentation-wsgi/tests/test_wsgi_middleware.py
@@ -792,11 +792,12 @@ def test_response_attributes_noop(self):
         self.assertEqual(mock_span.is_recording.call_count, 2)
         self.assertEqual(attrs[SpanAttributes.HTTP_STATUS_CODE], 404)
 
-    def test_credential_removal(self):
+    def test_remove_sensitive_params(self):
         self.environ["HTTP_HOST"] = "username:password@mock"
         self.environ["PATH_INFO"] = "/status/200"
+        self.environ["QUERY_STRING"] = "sig=secret"
         expected = {
-            SpanAttributes.HTTP_URL: "http://mock/status/200",
+            SpanAttributes.HTTP_URL: "http://REDACTED:REDACTED@mock/status/200?sig=REDACTED",
             SpanAttributes.NET_HOST_PORT: 80,
         }
         self.assertGreaterEqual(
diff --git a/util/opentelemetry-util-http/src/opentelemetry/util/http/__init__.py b/util/opentelemetry-util-http/src/opentelemetry/util/http/__init__.py
@@ -294,5 +294,10 @@ def redact_query_parameters(url: str) -> str:
             )
         )
     except ValueError:  # an unparsable url was passed
-        pass
+        return url
+
+def redact_url(url: str) -> str:
+    """Redact sensitive data from the URL, including credentials and query parameters."""
+    url = remove_url_credentials(url)
+    url = redact_query_parameters(url)
     return url
diff --git a/util/opentelemetry-util-http/tests/test_redact_url.py b/util/opentelemetry-util-http/tests/test_redact_url.py
@@ -0,0 +1,39 @@
+import unittest
+from opentelemetry.util.http import redact_url, PARAMS_TO_REDACT
+
+class TestRedactUrl(unittest.TestCase):
+    def test_redact_both_credentials_and_query_params(self):
+        """Test URL with both credentials and sensitive query parameters."""
+        url = "https://user:password@api.example.com/data?AWSAccessKeyId=AKIAIOSFODNN7&color=blue"
+        expected = "https://REDACTED:REDACTED@api.example.com/data?AWSAccessKeyId=REDACTED&color=blue"
+        self.assertEqual(redact_url(url), expected)
+    
+    def test_multiple_sensitive_query_params(self):
+        """Test URL with multiple sensitive query parameters."""
+        url = "https://admin:1234@example.com/secure?Signature=abc123&X-Goog-Signature=xyz789&sig=def456"
+        expected = "https://REDACTED:REDACTED@example.com/secure?Signature=REDACTED&X-Goog-Signature=REDACTED&sig=REDACTED"
+        self.assertEqual(redact_url(url), expected)
+    
+    def test_url_with_special_characters(self):
+        """Test URL with special characters in both credentials and query parameters."""
+        url = "https://user@domain:p@ss!word@api.example.com/path?Signature=s%40me+special%20chars&normal=fine"
+        expected = "https://REDACTED:REDACTED@api.example.com/path?Signature=REDACTED&normal=fine"
+        self.assertEqual(redact_url(url), expected)
+    
+    def test_edge_cases(self):
+        """Test unusual URL formats and corner cases."""
+        # URL with fragment
+        url1 = "https://user:pass@api.example.com/data?Signature=secret#section"
+        self.assertEqual(redact_url(url1), "https://REDACTED:REDACTED@api.example.com/data?Signature=REDACTED#section")
+        
+        # URL with port number
+        url2 = "https://user:pass@api.example.com:8443/data?AWSAccessKeyId=secret"
+        self.assertEqual(redact_url(url2), "https://REDACTED:REDACTED@api.example.com:8443/data?AWSAccessKeyId=REDACTED")
+        
+        # URL with IP address instead of domain
+        url3 = "https://user:pass@192.168.1.1/path?X-Goog-Signature=xyz"
+        self.assertEqual(redact_url(url3), "https://REDACTED:REDACTED@192.168.1.1/path?X-Goog-Signature=REDACTED")
+        
+
+if __name__ == "__main__":
+    unittest.main()
