Document Resource options that potentially leak secrets (#2727)

The WithProcess and WithProcessCommandArgs options contain command line arguments as resource attributes. These could potentially expose user secrets. Document this fact so users better understand the implications of using these options.
open-telemetry · Mar 28, 2022 · 0a7cf5a · 0a7cf5a
1 parent 7a1ebf7
commit 0a7cf5a
Showing 1 changed file with 15 additions and 2 deletions.
diff --git a/sdk/resource/config.go b/sdk/resource/config.go
@@ -110,7 +110,16 @@ func WithOSDescription() Option {
 }
 
 // WithProcess adds all the Process attributes to the configured Resource.
-// See individual WithProcess* functions to configure specific attributes.
+//
+// Warning! This option will include process command line arguments. If these
+// contain sensitive information it will be included in the exported resource.
+//
+// This option is equivalent to calling WithProcessPID,
+// WithProcessExecutableName, WithProcessExecutablePath,
+// WithProcessCommandArgs, WithProcessOwner, WithProcessRuntimeName,
+// WithProcessRuntimeVersion, and WithProcessRuntimeDescription. See each
+// option function for information about what resource attributes each
+// includes.
 func WithProcess() Option {
 	return WithDetectors(
 		processPIDDetector{},
@@ -143,7 +152,11 @@ func WithProcessExecutablePath() Option {
 }
 
 // WithProcessCommandArgs adds an attribute with all the command arguments (including
-// the command/executable itself) as received by the process the configured Resource.
+// the command/executable itself) as received by the process to the configured
+// Resource.
+//
+// Warning! This option will include process command line arguments. If these
+// contain sensitive information it will be included in the exported resource.
 func WithProcessCommandArgs() Option {
 	return WithDetectors(processCommandArgsDetector{})
 }