Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changed TraceConfigz zPage form to use POST request #1521

Merged
merged 36 commits into from
Aug 12, 2020
Merged

Changed TraceConfigz zPage form to use POST request #1521

merged 36 commits into from
Aug 12, 2020

Conversation

wangty27
Copy link

@wangty27 wangty27 commented Aug 7, 2020

This PR addresses #1517

williamhu99 and others added 30 commits July 18, 2020 00:27
@williamhu99
Removed URLEncoder
ec31e3e
@williamhu99
Fixed typo
e0fe0ed
@williamhu99
Added URLDecoding
cf7f5c8
@williamhu99
Included comment for string replacement
9db8e7e
@williamhu99
Added unit tests for special characters in span names
4127978
@williamhu99
Resolved URL decoding issues
e17c337
@williamhu99
Moved url decoding to parseQueryMap and updated the corresponding uni…
bb58b26 
…t tests
@williamhu99
Added a README file for zPage quickstart
80a5ccf
@williamhu99
Add images for README
dcbd9aa
@williamhu99
Updated README
24ffce2
@williamhu99
Add frontend images
5047849
@williamhu99
Add backend images
85a539e
@williamhu99
Added our design doc
4156123
@wty27
Added details on package
265cf27
@williamhu99
Reworded a few lines
c102e45
@williamhu99
Merge branch 'master' of https://github.com/open-telemetry/openteleme…
e977dcf 
…try-java into master
@williamhu99
Moved DESIGN.md to a docs folder and changed gradle config to impleme…
ed8ef33 
…ntation
@wty27
Changed wording regarding HttpServer requirement
f595909
@wty27
Added zpages folder under docs, resolved broken image links
806b632
@williamhu99
Resolved comments for the design md file
9e4dde8
@williamhu99
Made a few wording changes
86c2a51
@williamhu99
Wrote a benchmark test for TracezSpanBuckets (#23)
a3c9a5a 
* Scaffolded logic for basic benchmark tests

* Wrote benchmark tests for TracezSpanBuckets

* Updated README with benchmark tests

* Changed the wording slightly
@wty27
Updated README file (#25)
07b2fcf
@williamhu99
Wrote benchmark tests for TracezDataAggregator (#24)
542f756 
* Scaffolded logic for basic benchmark tests

* Wrote benchmark tests for TracezSpanBuckets

* Updated README with benchmark tests

* Changed the wording slightly

* Added a set of benchmark tests for TracezDataAggregator

* Modified README formatting

* Changed benchmark test to negate dead code elimination
@williamhu99
Merged with original repo
fe056e3
@williamhu99
Added Javadocs to the TracezDataAggregator benchmark tests
f714b43
@williamhu99
Removed benchmark results from README and added a param to the Tracez…
922e950 
…DataAggregator benchmark tests
@williamhu99 @anuraaga
Update sdk_extensions/zpages/src/jmh/java/io/opentelemetry/sdk/extens…
13d82c4 
…ions/zpages/TracezDataAggregatorBenchmark.java

Co-authored-by: Anuraag Agrawal <[email protected]>
@williamhu99
Added multiple param values for TracezDataAggregatorBenchmark
5ab6f6a
@williamhu99
Merge branch 'master' of github.com:williamhu99/opentelemetry-java in…
18a4141 
…to master
@codecov
Copy link

codecov bot commented Aug 7, 2020
edited
Loading

Codecov Report

Merging #1521 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff            @@
##             master    #1521   +/-   ##
=========================================
  Coverage     87.07%   87.07%           
  Complexity     1367     1367           
=========================================
  Files           162      162           
  Lines          5191     5191           
  Branches        490      490           
=========================================
  Hits           4520     4520           
  Misses          492      492           
  Partials        179      179

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5b4e0a8...95ff5b7. Read the comment docs.

v-y-l
v-y-l reviewed Aug 7, 2020
View reviewed changes
Copy link

@v-y-l v-y-l left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why was this change necessary?

...nsions/zpages/src/test/java/io/opentelemetry/sdk/extensions/zpages/ZPageHttpHandlerTest.java Outdated Show resolved Hide resolved
anuraaga
anuraaga reviewed Aug 8, 2020
View reviewed changes
Copy link
Contributor

@anuraaga anuraaga left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the quick turnaround!

...extensions/zpages/src/main/java/io/opentelemetry/sdk/extensions/zpages/ZPageHttpHandler.java Outdated Show resolved Hide resolved
...extensions/zpages/src/main/java/io/opentelemetry/sdk/extensions/zpages/ZPageHttpHandler.java Outdated Show resolved Hide resolved
...extensions/zpages/src/main/java/io/opentelemetry/sdk/extensions/zpages/ZPageHttpHandler.java Outdated Show resolved Hide resolved
...pages/src/test/java/io/opentelemetry/sdk/extensions/zpages/TraceConfigzZPageHandlerTest.java Outdated Show resolved Hide resolved
@jkwatson
Copy link
Contributor

Why was this change necessary?

The originating issue is #1517, but I'm not convinced this is really an issue. It would seems to be a bad idea to expose your zPages to the public internet, whether via GET or POST, so I'm not really sure this is a big deal. From a pure HTTP semantics perspective, though, GET shouldn't be being used for mutating operations of any kind, so I think from that perspective, it's a good change.

@anuraaga
Copy link
Contributor

The originating issue is #1517, but I'm not convinced this is really an issue. It would seems to be a bad idea to expose your zPages to the public internet, whether via GET or POST, so I'm not really sure this is a big deal.

The page is exposed to someone, probably on an internal network from a browser. Opening a malicious email (not even clicking a link) that happened to know the URL would be enough for them to change the config. Knowing the URL and who to target aren't easy, but we should generally consider these as big deals.

anuraaga
anuraaga reviewed Aug 11, 2020
View reviewed changes
...ns/zpages/src/main/java/io/opentelemetry/sdk/extensions/zpages/TraceConfigzZPageHandler.java
try {
applyTraceConfig(queryMap);
} catch (Throwable t) {
try (PrintStream out = new PrintStream(outputStream, /* autoFlush= */ false, "UTF-8")) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This section seems like an error applying the config, not an error generating HTML right?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea it's error applying config, I will adjust the error message

...extensions/zpages/src/main/java/io/opentelemetry/sdk/extensions/zpages/ZPageHttpHandler.java Outdated Show resolved Hide resolved
...pages/src/test/java/io/opentelemetry/sdk/extensions/zpages/TraceConfigzZPageHandlerTest.java Outdated Show resolved Hide resolved
anuraaga
anuraaga approved these changes Aug 12, 2020
View reviewed changes
Copy link
Contributor

@anuraaga anuraaga left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@jkwatson jkwatson merged commit ce8cfd4 into open-telemetry:master Aug 12, 2020
@wangty27 wangty27 deleted the fix-get-request branch August 13, 2020 18:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@v-y-l v-y-l v-y-l left review comments

@jkwatson jkwatson jkwatson approved these changes

@carlosalberto carlosalberto carlosalberto approved these changes

@anuraaga anuraaga anuraaga approved these changes

@arminru arminru Awaiting requested review from arminru

@bogdandrutu bogdandrutu Awaiting requested review from bogdandrutu

@pavolloffay pavolloffay Awaiting requested review from pavolloffay

@thisthat thisthat Awaiting requested review from thisthat

@tylerbenson tylerbenson Awaiting requested review from tylerbenson

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@wangty27 @jkwatson @anuraaga @carlosalberto @v-y-l @williamhu99 @wty27