From 227f4862f8ce0f5b4035cbd9349e4c9a47009b2b Mon Sep 17 00:00:00 2001 From: Mateusz Lach Date: Wed, 24 Apr 2024 12:28:13 +0200 Subject: [PATCH 1/3] document new behavior --- CHANGELOG.md | 8 ++++++++ docs/config.md | 13 ++++++++----- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ded8edff5..96fa5a6200 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,14 @@ This component adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.h ### Changed +- Due to the risk of sensitive information being present in a query string, +`OpenTelemetry.Instrumentation.Http`, `OpenTelemetry.Instrumentation.AspNetCore`, +`OpenTelemetry.Instrumentation.AspNet` instrumentations redact by default any values +detected in the query string component when building `url.query`/`url.full` attribute. +For example, `?key1=value1&key2=value2` becomes `?key1=Redacted&key2=Redacted`. +This behavior can be customized using environmental variables. +See the [instrumentation options](./docs/config.md#instrumentation-options) table for details. + #### Dependency updates - Following packages updated diff --git a/docs/config.md b/docs/config.md index 409c20696d..365cd7a197 100644 --- a/docs/config.md +++ b/docs/config.md @@ -202,11 +202,14 @@ the `ASPNETCORE_HOSTINGSTARTUPASSEMBLIES` environment variable to ### Instrumentation options -| Environment variable | Description | Default value | Status | -|-----------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|-----------------------------------------------------------------------------------------------------------------------------------| -| `OTEL_DOTNET_AUTO_ENTITYFRAMEWORKCORE_SET_DBSTATEMENT_FOR_TEXT` | Whether the Entity Framework Core instrumentation can pass SQL statements through the `db.statement` attribute. Queries might contain sensitive information. If set to `false`, `db.statement` is recorded only for executing stored procedures. | `false` | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) | -| `OTEL_DOTNET_AUTO_GRAPHQL_SET_DOCUMENT` | Whether the GraphQL instrumentation can pass raw queries through the `graphql.document` attribute. Queries might contain sensitive information. | `false` | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) | -| `OTEL_DOTNET_AUTO_SQLCLIENT_SET_DBSTATEMENT_FOR_TEXT` | Whether the SQL Client instrumentation can pass SQL statements through the `db.statement` attribute. Queries might contain sensitive information. If set to `false`, `db.statement` is recorded only for executing stored procedures. **Not supported on .NET Framework for System.Data.SqlClient.** | `false` | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) | +| Environment variable | Description | Default value | Status | +|-------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|-----------------------------------------------------------------------------------------------------------------------------------| +| `OTEL_DOTNET_AUTO_ENTITYFRAMEWORKCORE_SET_DBSTATEMENT_FOR_TEXT` | Whether the Entity Framework Core instrumentation can pass SQL statements through the `db.statement` attribute. Queries might contain sensitive information. If set to `false`, `db.statement` is recorded only for executing stored procedures. | `false` | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) | +| `OTEL_DOTNET_AUTO_GRAPHQL_SET_DOCUMENT` | Whether the GraphQL instrumentation can pass raw queries through the `graphql.document` attribute. Queries might contain sensitive information. | `false` | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) | +| `OTEL_DOTNET_AUTO_SQLCLIENT_SET_DBSTATEMENT_FOR_TEXT` | Whether the SQL Client instrumentation can pass SQL statements through the `db.statement` attribute. Queries might contain sensitive information. If set to `false`, `db.statement` is recorded only for executing stored procedures. **Not supported on .NET Framework for System.Data.SqlClient.** | `false` | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) | +| `OTEL_DOTNET_EXPERIMENTAL_ASPNETCORE_DISABLE_URL_QUERY_REDACTION` | Whether the ASP.NET Core instrumentation should disable redaction of `url.query` attribute value. Attribute value might contain sensitive information. | `false` | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) | +| `OTEL_DOTNET_EXPERIMENTAL_HTTPCLIENT_DISABLE_URL_QUERY_REDACTION` | Whether the HTTP client instrumentation should disable redaction of `url.full` attribute value. Attribute value might contain sensitive information. | `false` | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) | +| `OTEL_DOTNET_EXPERIMENTAL_ASPNET_DISABLE_URL_QUERY_REDACTION` | Whether the ASP.NET instrumentation should disable redaction of `url.query` attribute value. Attribute value might contain sensitive information | `false` | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) | ## Propagators From b6574de47dc812a718105e1ac5c4905324a5741c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20=C5=81ach?= Date: Wed, 24 Apr 2024 17:55:19 +0200 Subject: [PATCH 2/3] Apply suggestions from code review Co-authored-by: Fabrizio Ferri-Benedetti --- CHANGELOG.md | 13 +++++++------ docs/config.md | 6 +++--- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 96fa5a6200..0735e89d47 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,13 +15,14 @@ This component adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.h ### Changed -- Due to the risk of sensitive information being present in a query string, +- To prevent sensitive information from leaking through query strings, the +following instrumentations redact by default any value detected in query string +components when building the `url.query` or the `url.full` attributes: `OpenTelemetry.Instrumentation.Http`, `OpenTelemetry.Instrumentation.AspNetCore`, -`OpenTelemetry.Instrumentation.AspNet` instrumentations redact by default any values -detected in the query string component when building `url.query`/`url.full` attribute. -For example, `?key1=value1&key2=value2` becomes `?key1=Redacted&key2=Redacted`. -This behavior can be customized using environmental variables. -See the [instrumentation options](./docs/config.md#instrumentation-options) table for details. +`OpenTelemetry.Instrumentation.AspNet`. For example, `?key1=value1&key2=value2` +becomes `?key1=Redacted&key2=Redacted`. You can customize this behavior through +the environment variables. See the +[instrumentation options](./docs/config.md#instrumentation-options) table for details. #### Dependency updates diff --git a/docs/config.md b/docs/config.md index 365cd7a197..fc4f229a46 100644 --- a/docs/config.md +++ b/docs/config.md @@ -207,9 +207,9 @@ the `ASPNETCORE_HOSTINGSTARTUPASSEMBLIES` environment variable to | `OTEL_DOTNET_AUTO_ENTITYFRAMEWORKCORE_SET_DBSTATEMENT_FOR_TEXT` | Whether the Entity Framework Core instrumentation can pass SQL statements through the `db.statement` attribute. Queries might contain sensitive information. If set to `false`, `db.statement` is recorded only for executing stored procedures. | `false` | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) | | `OTEL_DOTNET_AUTO_GRAPHQL_SET_DOCUMENT` | Whether the GraphQL instrumentation can pass raw queries through the `graphql.document` attribute. Queries might contain sensitive information. | `false` | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) | | `OTEL_DOTNET_AUTO_SQLCLIENT_SET_DBSTATEMENT_FOR_TEXT` | Whether the SQL Client instrumentation can pass SQL statements through the `db.statement` attribute. Queries might contain sensitive information. If set to `false`, `db.statement` is recorded only for executing stored procedures. **Not supported on .NET Framework for System.Data.SqlClient.** | `false` | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) | -| `OTEL_DOTNET_EXPERIMENTAL_ASPNETCORE_DISABLE_URL_QUERY_REDACTION` | Whether the ASP.NET Core instrumentation should disable redaction of `url.query` attribute value. Attribute value might contain sensitive information. | `false` | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) | -| `OTEL_DOTNET_EXPERIMENTAL_HTTPCLIENT_DISABLE_URL_QUERY_REDACTION` | Whether the HTTP client instrumentation should disable redaction of `url.full` attribute value. Attribute value might contain sensitive information. | `false` | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) | -| `OTEL_DOTNET_EXPERIMENTAL_ASPNET_DISABLE_URL_QUERY_REDACTION` | Whether the ASP.NET instrumentation should disable redaction of `url.query` attribute value. Attribute value might contain sensitive information | `false` | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) | +| `OTEL_DOTNET_EXPERIMENTAL_ASPNETCORE_DISABLE_URL_QUERY_REDACTION` | Whether the ASP.NET Core instrumentation turns off redaction of the `url.query` attribute value. | `false` | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) | +| `OTEL_DOTNET_EXPERIMENTAL_HTTPCLIENT_DISABLE_URL_QUERY_REDACTION` | Whether the HTTP client instrumentation turns off redaction of the `url.full` attribute value. | `false` | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) | +| `OTEL_DOTNET_EXPERIMENTAL_ASPNET_DISABLE_URL_QUERY_REDACTION` | Whether the ASP.NET instrumentation turns off redaction of the `url.query` attribute value. | `false` | [Experimental](https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/versioning-and-stability.md) | ## Propagators From ee4e65f2394481714ec69b7d4c6b973a093048dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Paj=C4=85k?= Date: Wed, 24 Apr 2024 18:05:24 +0200 Subject: [PATCH 3/3] Update CHANGELOG.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Piotr Kiełkowicz --- CHANGELOG.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0735e89d47..96810d9fc4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,13 +16,13 @@ This component adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.h ### Changed - To prevent sensitive information from leaking through query strings, the -following instrumentations redact by default any value detected in query string -components when building the `url.query` or the `url.full` attributes: -`OpenTelemetry.Instrumentation.Http`, `OpenTelemetry.Instrumentation.AspNetCore`, -`OpenTelemetry.Instrumentation.AspNet`. For example, `?key1=value1&key2=value2` -becomes `?key1=Redacted&key2=Redacted`. You can customize this behavior through -the environment variables. See the -[instrumentation options](./docs/config.md#instrumentation-options) table for details. + following instrumentations redact by default any value detected in query string + components when building the `url.query` or the `url.full` attributes: + `OpenTelemetry.Instrumentation.Http`, `OpenTelemetry.Instrumentation.AspNetCore`, + `OpenTelemetry.Instrumentation.AspNet`. For example, `?key1=value1&key2=value2` + becomes `?key1=Redacted&key2=Redacted`. You can customize this behavior through + the environment variables. See the + [instrumentation options](./docs/config.md#instrumentation-options) table for details. #### Dependency updates