-
Notifications
You must be signed in to change notification settings - Fork 412
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(w3c): fix traceparent validation #4791
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mabdinur
added
the
changelog/no-changelog
A changelog entry is not required for this PR.
label
Dec 14, 2022
mabdinur
force-pushed
the
w3c/munir/fix-system-test-edgecases
branch
2 times, most recently
from
December 14, 2022 23:37
8b54d09
to
13a9c19
Compare
edge case 2 future proofing: traceparent may contain more than 4 values
mabdinur
force-pushed
the
w3c/munir/fix-system-test-edgecases
branch
from
December 14, 2022 23:58
13a9c19
to
ae1e73e
Compare
…on instead of just logging a warning
mabdinur
commented
Dec 15, 2022
mabdinur
commented
Dec 15, 2022
mabdinur
commented
Dec 15, 2022
Yun-Kim
previously approved these changes
Dec 15, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
some minor nits and suggestions for additional tests, but otherwise lgtm
majorgreys
reviewed
Dec 15, 2022
mabdinur
commented
Dec 15, 2022
Co-authored-by: Brett Langdon <brett.langdon@datadoghq.com>
Co-authored-by: Tahir H. Butt <tahir.butt@datadoghq.com>
mabdinur
force-pushed
the
w3c/munir/fix-system-test-edgecases
branch
from
December 15, 2022 19:12
48b5712
to
4cebe75
Compare
mabdinur
force-pushed
the
w3c/munir/fix-system-test-edgecases
branch
3 times, most recently
from
December 15, 2022 20:49
10cfb2c
to
2fa3a0a
Compare
Codecov Report
@@ Coverage Diff @@
## 1.x #4791 +/- ##
=======================================
Coverage 78.03% 78.03%
=======================================
Files 808 808
Lines 62062 62062
=======================================
Hits 48431 48431
Misses 13631 13631
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
mabdinur
force-pushed
the
w3c/munir/fix-system-test-edgecases
branch
from
December 16, 2022 04:12
2fa3a0a
to
88c74b1
Compare
3 tasks
clean up regex comments Co-authored-by: Brett Langdon <brett.langdon@datadoghq.com>
mabdinur
force-pushed
the
w3c/munir/fix-system-test-edgecases
branch
from
December 19, 2022 17:14
bc7087b
to
23c3517
Compare
Yun-Kim
previously approved these changes
Dec 19, 2022
mabdinur
commented
Dec 19, 2022
Co-authored-by: Brett Langdon <brett.langdon@datadoghq.com>
mabdinur
force-pushed
the
w3c/munir/fix-system-test-edgecases
branch
from
December 19, 2022 19:06
0dd1f3f
to
38d02db
Compare
brettlangdon
approved these changes
Dec 19, 2022
Yun-Kim
approved these changes
Dec 19, 2022
mabdinur
added a commit
that referenced
this pull request
Dec 19, 2022
## Description Running the W3C trace context parametric tests (introduced [here](DataDog/system-tests#691)) surfaced four issues with how the python tracer propagates traceparent and tracestate headers. These issues are described below and are fixed in this PR. ### Edge Case 1 (most important) Currently `trace_parent.islower()` is used to check if a traceparent contains lower case letters and digits (uppercase letters are invalid). Unfortunately `trace_parent.islower()` also evaluates to False if there are no lowercase letters are present in the traceparent (ex: traceparent=00-12312312003-1232131321 would be marked as invalid and dropped). This is incorrect. Fix: ddb9dc5. Since the traceparent should contain 48 randomly generated hex values it is unlikely to only contain digits. This edge case is very unlikely to occur. Current behavior: - `00-123123123-23123213AAA` -> uppercase letter detected traceparent is ignored - `00-123123123-23123213132` -> no lowercase letter detected traceparent is ignored [WRONG] - `00-123123123-2312322aaaa` -> lowercase letter detected traceparent is propagated Expected behavior: - `00-123123123-23123213132AAAA` -> uppercase detected traceparent is ignored - `00-123123123-23123213132` -> no uppercase detected traceparent is propagated - `00-123123123-23123213132aaaa` -> no uppercase detected traceparent is propagated ### Edge Case 2 If traceparent contains an invalid characters (ex: period) do not propagate the traceparent. Start a new trace. Currently we can propagate invalid trace_ids (this is because we truncate the trace_id and only convert the last 16 digits to hex, we ignore all the characters in the first 16 digits). Fix: ae1e73e ### Edge Case 3 Ensure that traceflags contain ONLY two digits (`00` or `01`). `000` and `001` are examples of invalid values that should not be propagated. Fix: adc4f80 ### Edge Case 4 Ensure traceparent version contain ONLY two digits (`00` or `01`). `000` and `001` are examples of invalid values that should not be propagated. Fix: 2e416c5 ### Edge Case 5 The W3C specification is additive. Although only traceparents with the version `00` are supported we should attempt to parse traceparent with different formats. Example: "01-12345678901234567890123456789012-1234567890123456-01-what-the-future-will-be-like" In the traceparent example above we should parse the version, trace id, span id, and sample flag and ignore the trailing values. Fix: 4cebe7514682787f6068754037fba569f4af3d60 ### Edge Case 6 This edge case is not addressed in this PR. I am including it here for completeness. In the W3C tracecontext specification a tracer SHOULD set two http headers, one header should set the tracestate and the other should set the traceparent. However, if duplicate traceparent and tracestate headers are received, the tracer must processes and reconcile these headers (logic: 1) receive duplicate traceparent headers with different values -> drop these values and start a new trace. 2) receive duplicate tracestates with different tags -> combine the tracestates and propagate it). In the ddtrace library http headers are added to a dictionary, so duplicate http header values are overwritten. To address this edge case the tracer must be able to store detect and store all key value pairs in http headers. Since this edge case requires significant changes to distributed tracing and does not resolve a critical issue this work can be deferred. ## Testing Testing will covered by system tests. ## Reviewer Checklist - [ ] Title is accurate. - [ ] Description motivates each change. - [ ] No unnecessary changes were introduced in this PR. - [ ] Avoid breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes unless absolutely necessary. - [ ] Tests provided or description of manual testing performed is included in the code or PR. - [ ] Release note has been added and follows the [library release note guidelines](https://ddtrace.readthedocs.io/en/stable/contributing.html#Release-Note-Guidelines), or else `changelog/no-changelog` label added. - [ ] All relevant GitHub issues are correctly linked. - [ ] Backports are identified and tagged with Mergifyio. Co-authored-by: Brett Langdon <brett.langdon@datadoghq.com> Co-authored-by: Tahir H. Butt <tahir.butt@datadoghq.com>
brettlangdon
added a commit
that referenced
this pull request
Dec 19, 2022
## Description Running the W3C trace context parametric tests (introduced [here](DataDog/system-tests#691)) surfaced four issues with how the python tracer propagates traceparent and tracestate headers. These issues are described below and are fixed in this PR. ### Edge Case 1 (most important) Currently `trace_parent.islower()` is used to check if a traceparent contains lower case letters and digits (uppercase letters are invalid). Unfortunately `trace_parent.islower()` also evaluates to False if there are no lowercase letters are present in the traceparent (ex: traceparent=00-12312312003-1232131321 would be marked as invalid and dropped). This is incorrect. Fix: ddb9dc5. Since the traceparent should contain 48 randomly generated hex values it is unlikely to only contain digits. This edge case is very unlikely to occur. Current behavior: - `00-123123123-23123213AAA` -> uppercase letter detected traceparent is ignored - `00-123123123-23123213132` -> no lowercase letter detected traceparent is ignored [WRONG] - `00-123123123-2312322aaaa` -> lowercase letter detected traceparent is propagated Expected behavior: - `00-123123123-23123213132AAAA` -> uppercase detected traceparent is ignored - `00-123123123-23123213132` -> no uppercase detected traceparent is propagated - `00-123123123-23123213132aaaa` -> no uppercase detected traceparent is propagated ### Edge Case 2 If traceparent contains an invalid characters (ex: period) do not propagate the traceparent. Start a new trace. Currently we can propagate invalid trace_ids (this is because we truncate the trace_id and only convert the last 16 digits to hex, we ignore all the characters in the first 16 digits). Fix: ae1e73e ### Edge Case 3 Ensure that traceflags contain ONLY two digits (`00` or `01`). `000` and `001` are examples of invalid values that should not be propagated. Fix: adc4f80 ### Edge Case 4 Ensure traceparent version contain ONLY two digits (`00` or `01`). `000` and `001` are examples of invalid values that should not be propagated. Fix: 2e416c5 ### Edge Case 5 The W3C specification is additive. Although only traceparents with the version `00` are supported we should attempt to parse traceparent with different formats. Example: "01-12345678901234567890123456789012-1234567890123456-01-what-the-future-will-be-like" In the traceparent example above we should parse the version, trace id, span id, and sample flag and ignore the trailing values. Fix: 4cebe7514682787f6068754037fba569f4af3d60 ### Edge Case 6 This edge case is not addressed in this PR. I am including it here for completeness. In the W3C tracecontext specification a tracer SHOULD set two http headers, one header should set the tracestate and the other should set the traceparent. However, if duplicate traceparent and tracestate headers are received, the tracer must processes and reconcile these headers (logic: 1) receive duplicate traceparent headers with different values -> drop these values and start a new trace. 2) receive duplicate tracestates with different tags -> combine the tracestates and propagate it). In the ddtrace library http headers are added to a dictionary, so duplicate http header values are overwritten. To address this edge case the tracer must be able to store detect and store all key value pairs in http headers. Since this edge case requires significant changes to distributed tracing and does not resolve a critical issue this work can be deferred. ## Testing Testing will covered by system tests. ## Reviewer Checklist - [ ] Title is accurate. - [ ] Description motivates each change. - [ ] No unnecessary changes were introduced in this PR. - [ ] Avoid breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes unless absolutely necessary. - [ ] Tests provided or description of manual testing performed is included in the code or PR. - [ ] Release note has been added and follows the [library release note guidelines](https://ddtrace.readthedocs.io/en/stable/contributing.html#Release-Note-Guidelines), or else `changelog/no-changelog` label added. - [ ] All relevant GitHub issues are correctly linked. - [ ] Backports are identified and tagged with Mergifyio. Co-authored-by: Brett Langdon <brett.langdon@datadoghq.com> Co-authored-by: Tahir H. Butt <tahir.butt@datadoghq.com> Co-authored-by: Brett Langdon <brett.langdon@datadoghq.com> Co-authored-by: Tahir H. Butt <tahir.butt@datadoghq.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Running the W3C trace context parametric tests (introduced here) surfaced four issues with how the python tracer propagates traceparent and tracestate headers. These issues are described below and are fixed in this PR.
Edge Case 1 (most important)
Currently
trace_parent.islower()
is used to check if a traceparent contains lower case letters and digits (uppercase letters are invalid). Unfortunatelytrace_parent.islower()
also evaluates to False if there are no lowercase letters are present in the traceparent (ex: traceparent=00-12312312003-1232131321 would be marked as invalid and dropped). This is incorrect. Fix: ddb9dc5.Since the traceparent should contain 48 randomly generated hex values it is unlikely to only contain digits. This edge case is very unlikely to occur.
Current behavior:
00-123123123-23123213AAA
-> uppercase letter detected traceparent is ignored00-123123123-23123213132
-> no lowercase letter detected traceparent is ignored [WRONG]00-123123123-2312322aaaa
-> lowercase letter detected traceparent is propagatedExpected behavior:
00-123123123-23123213132AAAA
-> uppercase detected traceparent is ignored00-123123123-23123213132
-> no uppercase detected traceparent is propagated00-123123123-23123213132aaaa
-> no uppercase detected traceparent is propagatedEdge Case 2
If traceparent contains an invalid characters (ex: period) do not propagate the traceparent. Start a new trace. Currently we can propagate invalid trace_ids (this is because we truncate the trace_id and only convert the last 16 digits to hex, we ignore all the characters in the first 16 digits). Fix: ae1e73e
Edge Case 3
Ensure that traceflags contain ONLY two digits (
00
or01
).000
and001
are examples of invalid values that should not be propagated. Fix: adc4f80Edge Case 4
Ensure traceparent version contain ONLY two digits (
00
or01
).000
and001
are examples of invalid values that should not be propagated. Fix: 2e416c5Edge Case 5
The W3C specification is additive. Although only traceparents with the version
00
are supported we should attempt to parse traceparent with different formats.Example: "01-12345678901234567890123456789012-1234567890123456-01-what-the-future-will-be-like"
In the traceparent example above we should parse the version, trace id, span id, and sample flag and ignore the trailing values. Fix: 4cebe7514682787f6068754037fba569f4af3d60
Edge Case 6
This edge case is not addressed in this PR. I am including it here for completeness. In the W3C tracecontext specification a tracer SHOULD set two http headers, one header should set the tracestate and the other should set the traceparent. However, if duplicate traceparent and tracestate headers are received, the tracer must processes and reconcile these headers (logic: 1) receive duplicate traceparent headers with different values -> drop these values and start a new trace. 2) receive duplicate tracestates with different tags -> combine the tracestates and propagate it).
In the ddtrace library http headers are added to a dictionary, so duplicate http header values are overwritten. To address this edge case the tracer must be able to store detect and store all key value pairs in http headers. Since this edge case requires significant changes to distributed tracing and does not resolve a critical issue this work can be deferred.
Testing
Testing will covered by system tests.
Reviewer Checklist
changelog/no-changelog
label added.