From e5aa74ff7f01d2894fc7262ded3489ef759c91f6 Mon Sep 17 00:00:00 2001 From: Denis Otkidach Date: Sat, 23 Dec 2023 00:03:51 +0200 Subject: [PATCH] Remove URL credentials (httpx integration) (#2020) * Remove URL credentials (httpx) * Add CHANGELOG --- CHANGELOG.md | 2 ++ .../pyproject.toml | 1 + .../instrumentation/httpx/__init__.py | 3 ++- .../tests/test_httpx_integration.py | 14 ++++++++++++++ tox.ini | 2 +- 5 files changed, 20 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9e39bc3090..840cfd565a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed +- `opentelemetry-instrumentation-httpx` Remove URL credentials + ([#2020](https://github.com/open-telemetry/opentelemetry-python-contrib/pull/2020)) - `opentelemetry-instrumentation-urllib`/`opentelemetry-instrumentation-urllib3` Fix metric descriptions to match semantic conventions ([#1959](https://github.com/open-telemetry/opentelemetry-python-contrib/pull/1959)) diff --git a/instrumentation/opentelemetry-instrumentation-httpx/pyproject.toml b/instrumentation/opentelemetry-instrumentation-httpx/pyproject.toml index 11dcf3e3fe..fb86ff48c5 100644 --- a/instrumentation/opentelemetry-instrumentation-httpx/pyproject.toml +++ b/instrumentation/opentelemetry-instrumentation-httpx/pyproject.toml @@ -28,6 +28,7 @@ dependencies = [ "opentelemetry-api ~= 1.12", "opentelemetry-instrumentation == 0.44b0.dev", "opentelemetry-semantic-conventions == 0.44b0.dev", + "opentelemetry-util-http == 0.44b0.dev", ] [project.optional-dependencies] diff --git a/instrumentation/opentelemetry-instrumentation-httpx/src/opentelemetry/instrumentation/httpx/__init__.py b/instrumentation/opentelemetry-instrumentation-httpx/src/opentelemetry/instrumentation/httpx/__init__.py index 13b01b6ca3..53542e7ef3 100644 --- a/instrumentation/opentelemetry-instrumentation-httpx/src/opentelemetry/instrumentation/httpx/__init__.py +++ b/instrumentation/opentelemetry-instrumentation-httpx/src/opentelemetry/instrumentation/httpx/__init__.py @@ -206,6 +206,7 @@ async def async_response_hook(span, request, response): from opentelemetry.trace import SpanKind, TracerProvider, get_tracer from opentelemetry.trace.span import Span from opentelemetry.trace.status import Status +from opentelemetry.util.http import remove_url_credentials _logger = logging.getLogger(__name__) @@ -269,7 +270,7 @@ def _extract_parameters(args, kwargs): # In httpx >= 0.20.0, handle_request receives a Request object request: httpx.Request = args[0] method = request.method.encode() - url = request.url + url = remove_url_credentials(str(request.url)) headers = request.headers stream = request.stream extensions = request.extensions diff --git a/instrumentation/opentelemetry-instrumentation-httpx/tests/test_httpx_integration.py b/instrumentation/opentelemetry-instrumentation-httpx/tests/test_httpx_integration.py index db35ab2639..b8d7fbb6b6 100644 --- a/instrumentation/opentelemetry-instrumentation-httpx/tests/test_httpx_integration.py +++ b/instrumentation/opentelemetry-instrumentation-httpx/tests/test_httpx_integration.py @@ -604,6 +604,13 @@ def perform_request( return self.client.request(method, url, headers=headers) return client.request(method, url, headers=headers) + def test_credential_removal(self): + new_url = "http://username:password@mock/status/200" + self.perform_request(new_url) + span = self.assert_span() + + self.assertEqual(span.attributes[SpanAttributes.HTTP_URL], self.URL) + class TestAsyncIntegration(BaseTestCases.BaseManualTest): response_hook = staticmethod(_async_response_hook) @@ -664,6 +671,13 @@ def test_basic_multiple(self): ) self.assert_span(num_spans=2) + def test_credential_removal(self): + new_url = "http://username:password@mock/status/200" + self.perform_request(new_url) + span = self.assert_span() + + self.assertEqual(span.attributes[SpanAttributes.HTTP_URL], self.URL) + class TestSyncInstrumentationIntegration(BaseTestCases.BaseInstrumentorTest): def create_client( diff --git a/tox.ini b/tox.ini index e3d3a1fe16..9541599f95 100644 --- a/tox.ini +++ b/tox.ini @@ -386,7 +386,7 @@ commands_pre = grpc: pip install {toxinidir}/instrumentation/opentelemetry-instrumentation-grpc[test] - falcon{1,2,3},flask{213,220},django{1,2,3,4},pyramid,tornado,starlette,fastapi,aiohttp,asgi,requests,urllib,urllib3v{1,2},wsgi: pip install {toxinidir}/util/opentelemetry-util-http[test] + falcon{1,2,3},flask{213,220},django{1,2,3,4},pyramid,tornado,starlette,fastapi,aiohttp,asgi,httpx{18,21},requests,urllib,urllib3v{1,2},wsgi: pip install {toxinidir}/util/opentelemetry-util-http[test] wsgi,falcon{1,2,3},flask{213,220},django{1,2,3,4},pyramid: pip install {toxinidir}/instrumentation/opentelemetry-instrumentation-wsgi[test] asgi,django{3,4},starlette,fastapi: pip install {toxinidir}/instrumentation/opentelemetry-instrumentation-asgi[test]