Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix password and username in http.url #5038

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Fix password and username in http.url #5038

wants to merge 4 commits into from

Conversation

Dorcas-BD
Copy link

@Dorcas-BD Dorcas-BD commented Oct 4, 2024
edited
Loading

Which problem is this PR solving?

This PR addresses the issue described in #2000 which states that the http.url attribute must not contain credentials passed via the URL. According to the recent specification changes, URLs formatted as https://username:[email protected]/ are invalid for the http.url attribute and should instead be formatted as https://www.example.com/.

Fixes #2000

Short description of the changes

The isValidOptionsType function has been modified to check for the presence of credentials in a given URL using the url.parse method. If the URL contains authentication information (i.e., username or password), the function will return false. Conversely, the function will return true if the URL contains no credentials.

Type of change

  • Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

The functionality has been tested with a series of unit tests, which include various input values. The tests verify that the function returns false for invalid URLs containing credentials and true for valid URLs and acceptable types such as strings and objects. The test cases ensure the behaviour is consistent with the updated requirements.

describe('isValidOptionsType()', () => {
  [
    '',
    false,
    true,
    1,
    0,
    'https://username:[email protected]/',
    [],
  ].forEach(options => {
    it(`should return false with the following value: ${JSON.stringify(
      options
    )}`, () => {
      assert.strictEqual(utils.isValidOptionsType(options), false);
    });
  });
  for (const options of ['url', url.parse('http://url.com'), {}]) {
    it(`should return true with the following value: ${JSON.stringify(
      options
    )}`, () => {
      assert.strictEqual(utils.isValidOptionsType(options), true);
    });
  }
});

Checklist:

  • Followed the style guidelines of this project
  • Unit tests have been added
  • Documentation has been updated

@Dorcas-BD Dorcas-BD requested a review from a team as a code owner October 4, 2024 08:23
@linux-foundation-easycla Linux Foundation: EasyCLA
Copy link

linux-foundation-easycla bot commented Oct 4, 2024
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

JacksonWeber
JacksonWeber reviewed Oct 7, 2024
View reviewed changes
experimental/packages/opentelemetry-instrumentation-http/src/utils.ts
@@ -342,13 +342,22 @@ export const getRequestInfo = (
* Makes sure options is of type string or object
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You may want to update this function description to better represent the new logic added in this PR.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, thanks

I will do that

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JacksonWeber JacksonWeber JacksonWeber left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

HTTP Span Attributes: http.url must not contain username / password
2 participants
@Dorcas-BD @JacksonWeber