From 87aafa20494735d4b670d5602478b3f5644589ed Mon Sep 17 00:00:00 2001 From: ruimhu Date: Thu, 9 May 2024 18:55:29 +0800 Subject: [PATCH] add redact for span name --- processor/redactionprocessor/processor.go | 11 ++++ .../redactionprocessor/processor_test.go | 55 +++++++++++++++++++ 2 files changed, 66 insertions(+) diff --git a/processor/redactionprocessor/processor.go b/processor/redactionprocessor/processor.go index 57368a1878a1..56c9fc2b6d18 100644 --- a/processor/redactionprocessor/processor.go +++ b/processor/redactionprocessor/processor.go @@ -73,12 +73,23 @@ func (s *redaction) processResourceSpan(ctx context.Context, rs ptrace.ResourceS span := ils.Spans().At(k) spanAttrs := span.Attributes() + // Redact span name + span.SetName(s.redactSpanName(span.Name())) + // Attributes can also be part of span s.processAttrs(ctx, spanAttrs) } } } +func (s *redaction) redactSpanName(name string) string { + var result = name + for _, compiledRE := range s.blockRegexList { + result = compiledRE.ReplaceAllString(result, "****") + } + return result +} + // processAttrs redacts the attributes of a resource span or a span func (s *redaction) processAttrs(_ context.Context, attributes pcommon.Map) { // TODO: Use the context for recording metrics diff --git a/processor/redactionprocessor/processor_test.go b/processor/redactionprocessor/processor_test.go index b44ab20c950e..519b58ba8759 100644 --- a/processor/redactionprocessor/processor_test.go +++ b/processor/redactionprocessor/processor_test.go @@ -328,6 +328,61 @@ func TestMultipleBlockValues(t *testing.T) { assert.Equal(t, "mystery ****", mysteryValue.Str()) } +func TestRedactSpanName(t *testing.T) { + config := &Config{ + BlockedValues: []string{"secret"}, + } + allowed := map[string]pcommon.Value{ + "id": pcommon.NewValueInt(5), + } + spanName := "secret" + expectedSpanName := "****" + + outTraces := runTestWitHSpanName(t, config, allowed, spanName) + + // Get the span name from the output traces + actualSpanName := outTraces.ResourceSpans().At(0).ScopeSpans().At(0).Spans().At(0).Name() + + // Check if the span name is redacted as expected + assert.Equal(t, expectedSpanName, actualSpanName) +} + +func runTestWitHSpanName( + t *testing.T, + config *Config, + allowed map[string]pcommon.Value, + spanName string, +) ptrace.Traces { + inBatch := ptrace.NewTraces() + rs := inBatch.ResourceSpans().AppendEmpty() + ils := rs.ScopeSpans().AppendEmpty() + + library := ils.Scope() + library.SetName("first-library") + span := ils.Spans().AppendEmpty() + span.SetName(spanName) + span.SetTraceID([16]byte{1, 2, 3, 4}) + + length := len(allowed) + for k, v := range allowed { + v.CopyTo(span.Attributes().PutEmpty(k)) + } + + assert.Equal(t, span.Attributes().Len(), length) + assert.Equal(t, ils.Spans().At(0).Attributes().Len(), length) + assert.Equal(t, inBatch.ResourceSpans().At(0).ScopeSpans().At(0).Spans().At(0).Attributes().Len(), length) + + // test + ctx := context.Background() + processor, err := newRedaction(ctx, config, zaptest.NewLogger(t)) + assert.NoError(t, err) + outBatch, err := processor.processTraces(ctx, inBatch) + + // verify + assert.NoError(t, err) + return outBatch +} + // TestProcessAttrsAppliedTwice validates a use case when data is coming through redaction processor more than once. // Existing attributes must be updated, not overridden or ignored. func TestProcessAttrsAppliedTwice(t *testing.T) {