-
Notifications
You must be signed in to change notification settings - Fork 826
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: sanitize attributes inputs #2881
Conversation
Codecov Report
@@ Coverage Diff @@
## main #2881 +/- ##
==========================================
- Coverage 93.33% 93.30% -0.03%
==========================================
Files 165 165
Lines 5594 5605 +11
Branches 1176 1178 +2
==========================================
+ Hits 5221 5230 +9
- Misses 373 375 +2
|
CHANGELOG.md
Outdated
@@ -10,6 +10,8 @@ All notable changes to this project will be documented in this file. | |||
|
|||
### :bug: (Bug Fix) | |||
|
|||
* [#2881](https://github.com/open-telemetry/opentelemetry-js/pull/2881) fix: sanitize attributes inputs ([@legendecas](https://githuc.com/legendecas)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
githuc :)
* [#2881](https://github.com/open-telemetry/opentelemetry-js/pull/2881) fix: sanitize attributes inputs ([@legendecas](https://githuc.com/legendecas)) | |
* [#2881](https://github.com/open-telemetry/opentelemetry-js/pull/2881) fix: sanitize attributes inputs ([@legendecas](https://github.com/legendecas)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if we should consider a less elaborate changelog format?
This might be good enough? Maybe name/handle is even optional?
* Change explanation here #000 @dyladan
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd agree the current form is kinda verbose :) I'd be happy to shorten the entries.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dyladan updated :)
As far as I understand, the invalid attributes will be dropped silently. Perhaps this should be documented somewhere, because this can cause a lot of confusion imo. Or perhaps it's possible to log an attribute's dropping event? |
We're already dropping invalid attributes at I'm fine with adding more diagnostics. |
Yeah, this is exactly what I mean. IMO it's a good idea) |
} | ||
} | ||
|
||
return out; | ||
} | ||
|
||
export function isAttributeValue(val: unknown): val is SpanAttributeValue { | ||
export function isAttributeKey(key: unknown): key is string { | ||
return typeof key === 'string' && key.length > 0; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor perf and minification improvements by reordering
return key && typeof === 'string';
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't find there is any big perf difference between the two flavors: https://jsbench.me/30l1ntj53a/1
TBO, I think checking the length is more explicit and easier to read.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
apart from nit lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry I thought I already approved this. LGTM
Which problem is this PR solving?
Fixes #2713
Short description of the changes
Link
in Span constructor, andEvent
inSpan.addEvent
.Type of change
How Has This Been Tested?
Checklist:
Documentation has been updated