From 3ae6ded2eee1fb89810cc91c2b7b9936a81f5734 Mon Sep 17 00:00:00 2001 From: cyve Date: Fri, 7 Apr 2023 15:48:42 +0200 Subject: [PATCH 1/3] Format HTTP headers in span attributes --- src/Http/HttpMessageHelper.php | 28 ++++++++++++++++++++++++++++ src/Http/TracedResponse.php | 8 +------- src/Http/TracingHttpClient.php | 3 +++ 3 files changed, 32 insertions(+), 7 deletions(-) create mode 100644 src/Http/HttpMessageHelper.php diff --git a/src/Http/HttpMessageHelper.php b/src/Http/HttpMessageHelper.php new file mode 100644 index 0000000..92ddf4e --- /dev/null +++ b/src/Http/HttpMessageHelper.php @@ -0,0 +1,28 @@ + + */ + +namespace Instrumentation\Http; + +class HttpMessageHelper +{ + /** + * @param array $headers + */ + public static function formatHeadersForSpanAttribute(array $headers): string + { + $lines = []; + foreach ($headers as $name => $values) { + foreach ($values as $value) { + $lines[] = sprintf('%s: %s', mb_strtolower($name), $value); + } + } + + return implode(\PHP_EOL, $lines); + } +} diff --git a/src/Http/TracedResponse.php b/src/Http/TracedResponse.php index 988768f..8a6a1de 100644 --- a/src/Http/TracedResponse.php +++ b/src/Http/TracedResponse.php @@ -182,13 +182,7 @@ protected function endTracing(): void try { if (\in_array('response.headers', $info['user_data']['span_attributes'] ?? [])) { - $headers = []; - $raw = $this->getHeaders(false); - foreach ($raw as $header => $value) { - $headers[$header] = $this->toReadableHeaderValue($value); - } - - $this->span->setAttribute('response.headers', $headers); + $this->span->setAttribute('response.headers', HttpMessageHelper::formatHeadersForSpanAttribute($this->getHeaders(false))); } if (\in_array('response.body', $info['user_data']['span_attributes'] ?? [])) { diff --git a/src/Http/TracingHttpClient.php b/src/Http/TracingHttpClient.php index 6da6f49..5cda904 100644 --- a/src/Http/TracingHttpClient.php +++ b/src/Http/TracingHttpClient.php @@ -93,6 +93,9 @@ public function request(string $method, string $url, array $options = []): Respo if (\in_array('request.body', $options['user_data']['span_attributes'])) { $attributes['request.body'] = self::getRequestBody($options); } + if (\in_array('request.headers', $options['user_data']['span_attributes'])) { + $attributes['request.headers'] = HttpMessageHelper::formatHeadersForSpanAttribute($headers); + } } catch (\Throwable) { } From 070c595dbc4b612d6ccf2e48f14874734cb4b591 Mon Sep 17 00:00:00 2001 From: cyve Date: Wed, 19 Apr 2023 16:36:38 +0200 Subject: [PATCH 2/3] Remove sensitive data from URL and HTTP headers --- spec/Http/HttpSensitiveDataHelperSpec.php | 29 ++++++++++++++ src/Http/HttpMessageHelper.php | 2 + src/Http/HttpSensitiveDataHelper.php | 40 +++++++++++++++++++ .../ClientRequestAttributeProvider.php | 3 +- 4 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 spec/Http/HttpSensitiveDataHelperSpec.php create mode 100644 src/Http/HttpSensitiveDataHelper.php diff --git a/spec/Http/HttpSensitiveDataHelperSpec.php b/spec/Http/HttpSensitiveDataHelperSpec.php new file mode 100644 index 0000000..65bfd9e --- /dev/null +++ b/spec/Http/HttpSensitiveDataHelperSpec.php @@ -0,0 +1,29 @@ + + */ + +namespace spec\Instrumentation\Http; + +use PhpSpec\ObjectBehavior; + +class HttpSensitiveDataHelperSpec extends ObjectBehavior +{ + public function it_removes_credentials_from_url(): void + { + $this::filterUrl('https://root:p4ssw0rd@example.com?foo=bar#baz')->shouldReturn('https://example.com?foo=bar#baz'); + } + + public function it_removes_credentials_from_headers(): void + { + $this::filterHeaders([ + 'Content-Type' => 'application/json', + 'Authorization' => 'Bearer kjfdhsfkjshgskjq', + 'proxy-authorization' => 'Basic gperfbshkdbfzdzl', + ])->shouldReturn([ + 'Content-Type' => 'application/json', + ]); + } +} diff --git a/src/Http/HttpMessageHelper.php b/src/Http/HttpMessageHelper.php index 92ddf4e..dc4ad4a 100644 --- a/src/Http/HttpMessageHelper.php +++ b/src/Http/HttpMessageHelper.php @@ -16,6 +16,8 @@ class HttpMessageHelper */ public static function formatHeadersForSpanAttribute(array $headers): string { + $headers = HttpSensitiveDataHelper::filterHeaders($headers); + $lines = []; foreach ($headers as $name => $values) { foreach ($values as $value) { diff --git a/src/Http/HttpSensitiveDataHelper.php b/src/Http/HttpSensitiveDataHelper.php new file mode 100644 index 0000000..0a25d67 --- /dev/null +++ b/src/Http/HttpSensitiveDataHelper.php @@ -0,0 +1,40 @@ + + */ + +namespace Instrumentation\Http; + +use Nyholm\Psr7\Uri; + +class HttpSensitiveDataHelper +{ + private const SENSITIVE_HEADERS = [ + 'authorization', + 'Authorization', + 'proxy-authorization', + 'Proxy-Authorization', + ]; + + public static function filterUrl(string $url): string + { + $url = new Uri($url); + $url = $url->withUserInfo(''); + + return (string) $url; + } + + /** + * @param array $headers + * + * @return array + */ + public static function filterHeaders(array $headers): array + { + return array_diff_key($headers, array_flip(self::SENSITIVE_HEADERS)); + } +} diff --git a/src/Semantics/Attribute/ClientRequestAttributeProvider.php b/src/Semantics/Attribute/ClientRequestAttributeProvider.php index c4d24bb..1f3c73e 100644 --- a/src/Semantics/Attribute/ClientRequestAttributeProvider.php +++ b/src/Semantics/Attribute/ClientRequestAttributeProvider.php @@ -9,6 +9,7 @@ namespace Instrumentation\Semantics\Attribute; +use Instrumentation\Http\HttpSensitiveDataHelper; use OpenTelemetry\SemConv\TraceAttributes; class ClientRequestAttributeProvider implements ClientRequestAttributeProviderInterface @@ -24,7 +25,7 @@ public function getAttributes(string $method, string $url, array $headers = []): { $attributes = [ TraceAttributes::HTTP_METHOD => strtoupper($method), - TraceAttributes::HTTP_URL => $url, + TraceAttributes::HTTP_URL => HttpSensitiveDataHelper::filterUrl($url), ]; foreach ($this->capturedHeaders as $header) { From 84eadde376832144862d30f94a67b1b58943c20d Mon Sep 17 00:00:00 2001 From: GCalmels Date: Tue, 23 Apr 2024 15:48:33 +0200 Subject: [PATCH 3/3] refacto: remove useless function toReadableHeaderValue --- src/Http/TracedResponse.php | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/src/Http/TracedResponse.php b/src/Http/TracedResponse.php index 8a6a1de..7f15dce 100644 --- a/src/Http/TracedResponse.php +++ b/src/Http/TracedResponse.php @@ -51,29 +51,6 @@ public function getHeaders(bool $throw = true): array return $this->response->getHeaders($throw); } - private function toReadableHeaderValue(mixed $value): string - { - if (null === $value) { - return 'null'; - } elseif (\is_array($value)) { - return implode(', ', array_map([$this, __FUNCTION__], $value)); - } elseif (\is_scalar($value)) { - if (\is_bool($value)) { - return true === $value ? 'true' : 'false'; - } - - return (string) $value; - } elseif (\is_object($value)) { - if (method_exists($value, '__toString')) { - return (string) $value; - } - - return '(object)#'.$value::class; - } - - return \gettype($value); - } - public function getContent(bool $throw = true): string { try {