Skip to content

Commit

Permalink
Add support for sanitizing HTTP header values.
Browse files Browse the repository at this point in the history
First step of open-telemetry#1184
  • Loading branch information
Daniel Rogers committed Aug 30, 2022
1 parent 18e056b commit 2ec2ac7
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 1 deletion.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
([#1197](https://github.com/open-telemetry/opentelemetry-python-contrib/pull/1197))
- Add metric instumentation for flask
([#1186](https://github.com/open-telemetry/opentelemetry-python-contrib/pull/1186))
- `opentelemetry-util-http` Add support for sanitizing HTTP header values.
([#1253](https://github.com/open-telemetry/opentelemetry-python-contrib/pull/1253))

## [1.12.0rc2-0.32b0](https://github.com/open-telemetry/opentelemetry-python/releases/tag/v1.12.0rc2-0.32b0) - 2022-07-01

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,15 @@
from os import environ
from re import compile as re_compile
from re import search
from re import IGNORECASE as RE_IGNORECASE
from typing import Iterable, List
from urllib.parse import urlparse, urlunparse

from opentelemetry.semconv.trace import SpanAttributes

OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SANITIZE_FIELDS = (
"OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SANITIZE_FIELDS"
)
OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SERVER_REQUEST = (
"OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SERVER_REQUEST"
)
Expand Down Expand Up @@ -60,6 +64,22 @@ def url_disabled(self, url: str) -> bool:
return bool(self._excluded_urls and search(self._regex, url))


class SanitizeValue:
"""Class to sanitize (remove sensitive data from) certain headers (given as a list of regexes)"""

def __init__(self, sanitized_fields: Iterable[str]):
self._sanitized_fields = sanitized_fields
if self._sanitized_fields:
self._regex = re_compile("|".join(sanitized_fields), RE_IGNORECASE)

def sanitize_header_value(self, header: str, value: str) -> str:
return (
"[REDACTED]"
if (self._sanitized_fields and search(self._regex, header))
else value
)


_root = r"OTEL_PYTHON_{}"


Expand Down Expand Up @@ -90,7 +110,7 @@ def get_excluded_urls(instrumentation: str) -> ExcludeList:

def parse_excluded_urls(excluded_urls: str) -> ExcludeList:
"""
Small helper to put an arbitrary url list inside of ExcludeList
Small helper to put an arbitrary url list inside an ExcludeList
"""
if excluded_urls:
excluded_url_list = [
Expand Down
16 changes: 16 additions & 0 deletions util/opentelemetry-util-http/tests/test_capture_custom_headers.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
from unittest.mock import patch

from opentelemetry.util.http import (
OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SANITIZE_FIELDS,
OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SERVER_REQUEST,
OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SERVER_RESPONSE,
get_custom_headers,
Expand Down Expand Up @@ -58,6 +59,21 @@ def test_get_custom_response_header(self):
],
)

@patch.dict(
"os.environ",
{
OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SANITIZE_FIELDS: "My-Secret-Header,My-Secret-Header-2"
},
)
def test_get_custom_sanitize_header(self):
custom_headers_to_capture = get_custom_headers(
OTEL_INSTRUMENTATION_HTTP_CAPTURE_HEADERS_SANITIZE_FIELDS
)
self.assertEqual(
custom_headers_to_capture,
["My-Secret-Header", "My-Secret-Header-2"],
)

def test_normalise_request_header_name(self):
key = normalise_request_header_name("Test-Header")
self.assertEqual(key, "http.request.header.test_header")
Expand Down

0 comments on commit 2ec2ac7

Please sign in to comment.