Skip to content

Commit

Permalink
fix(instrumentation-http): skip malformed forwarded headers (#5099)
Browse files Browse the repository at this point in the history
  • Loading branch information
pmlanger authored Nov 5, 2024
1 parent ce5bbfb commit 67d7718
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 2 deletions.
2 changes: 2 additions & 0 deletions experimental/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ All notable changes to experimental packages in this project will be documented

### :bug: (Bug Fix)

* fix(instrumentation-http): skip malformed forwarded headers. [#5095](https://github.com/open-telemetry/opentelemetry-js/issues/5095) @pmlanger

### :books: (Refine Doc)

### :house: (Internal)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -572,7 +572,7 @@ function getServerAddress(
): { host: string; port?: string } | null {
const forwardedHeader = request.headers['forwarded'];
if (forwardedHeader) {
for (const entry of forwardedParse(forwardedHeader)) {
for (const entry of parseForwardedHeader(forwardedHeader)) {
if (entry.host) {
return parseHostHeader(entry.host, entry.proto);
}
Expand Down Expand Up @@ -635,7 +635,7 @@ export function getRemoteClientAddress(
): string | null {
const forwardedHeader = request.headers['forwarded'];
if (forwardedHeader) {
for (const entry of forwardedParse(forwardedHeader)) {
for (const entry of parseForwardedHeader(forwardedHeader)) {
if (entry.for) {
return entry.for;
}
Expand Down Expand Up @@ -916,3 +916,11 @@ function normalizeMethod(method?: string | null) {

return '_OTHER';
}

function parseForwardedHeader(header: string): Record<string, string>[] {
try {
return forwardedParse(header);
} catch {
return [];
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,20 @@ describe('HttpInstrumentation Integration tests', () => {
assert.ok(result.reqHeaders[DummyPropagation.SPAN_CONTEXT_KEY]);
});

it('should succeed even with malformed Forwarded header', async () => {
const spans = memoryExporter.getFinishedSpans();
assert.strictEqual(spans.length, 0);

const headers = { 'x-foo': 'foo', forwarded: 'malformed' };
const result = await httpRequest.get(
new url.URL(`${protocol}://localhost:${mockServerPort}/?query=test`),
{ headers }
);

assert.ok(result.reqHeaders[DummyPropagation.TRACE_CONTEXT_KEY]);
assert.ok(result.reqHeaders[DummyPropagation.SPAN_CONTEXT_KEY]);
});

it('should create a span for GET requests and add propagation headers with Expect headers', async () => {
let spans = memoryExporter.getFinishedSpans();
assert.strictEqual(spans.length, 0);
Expand Down

0 comments on commit 67d7718

Please sign in to comment.