preserve capitalization and white space when normalizing IN statement

instrumentation-api-incubator/src/main/jflex/SqlSanitizer.jflex

@@ -54,9 +54,9 @@ WHITESPACE          = [ \t\r\n]+
   // max length of the sanitized statement - SQLs longer than this will be trimmed
   static final int LIMIT = 32 * 1024;
 
-  // Match on "IN(?, ?, ...)"
-  private static final Pattern IN_STATEMENT_PATTERN = Pattern.compile("(\\sin\\s*)\\(\\s*\\?\\s*(,\\s*\\?\\s*)*+\\)", Pattern.CASE_INSENSITIVE);
-  private static final String IN_STATEMENT_NORMALIZED = " in(?)";
+  // Match on strings like "IN(?, ?, ...)"
+  private static final Pattern IN_STATEMENT_PATTERN = Pattern.compile("(\\sIN\\s*)\\(\\s*\\?\\s*(?:,\\s*\\?\\s*)*+\\)", Pattern.CASE_INSENSITIVE);
+  private static final String IN_STATEMENT_NORMALIZED = "$1(?)";
 
   private final StringBuilder builder = new StringBuilder();
 

instrumentation-api-incubator/src/test/java/io/opentelemetry/instrumentation/api/incubator/semconv/db/SqlStatementSanitizerTest.java

@@ -123,7 +123,7 @@ public void longInStatementDoesntCauseStackOverflow() {
 
     String sanitized = SqlStatementSanitizer.create(true).sanitize(s.toString()).getFullStatement();
 
-    assertThat(sanitized).isEqualTo("select col from table where col in(?)");
+    assertThat(sanitized).isEqualTo("select col from table where col in (?)");
   }
 
   static class SqlArgs implements ArgumentsProvider {
@@ -284,11 +284,11 @@ public Stream<? extends Arguments> provideArguments(ExtensionContext context) th
           Arguments.of("select col from table1 as t1, table2 as t2", expect("SELECT", null)),
           Arguments.of(
               "select col from table where col in (1, 2, 3)",
-              expect("select col from table where col in(?)", "SELECT", "table")),
+              expect("select col from table where col in (?)", "SELECT", "table")),
           Arguments.of(
-              "select 'a' IN(x, 'b') from table where col in(1) and z IN( '3', '4' )",
+              "select 'a' IN(x, 'b') from table where col in (1) and z IN( '3', '4' )",
               expect(
-                  "select ? IN(x, ?) from table where col in(?) and z in(?)", "SELECT", "table")),
+                  "select ? IN(x, ?) from table where col in (?) and z IN(?)", "SELECT", "table")),
           Arguments.of("select col from table order by col, col2", expect("SELECT", "table")),
           Arguments.of("select ąś∂ń© from źćļńĶ order by col, col2", expect("SELECT", "źćļńĶ")),
           Arguments.of("select 12345678", expect("select ?", "SELECT", null)),
@@ -316,8 +316,8 @@ public Stream<? extends Arguments> provideArguments(ExtensionContext context) th
           Arguments.of(
               "delete from \"my table\" where something something", expect("DELETE", "my table")),
           Arguments.of(
-              "delete from foo where x IN(1, 2, 3)",
-              expect("delete from foo where x in(?)", "DELETE", "foo")),
+              "delete from foo where x IN (1,2,3)",
+              expect("delete from foo where x IN (?)", "DELETE", "foo")),
           Arguments.of("delete from 12345678", expect("delete from ?", "DELETE", null)),
           Arguments.of("delete   (((", expect("delete (((", "DELETE", null)),
 
@@ -328,8 +328,11 @@ public Stream<? extends Arguments> provideArguments(ExtensionContext context) th
               "update `my table` set answer=42",
               expect("update `my table` set answer=?", "UPDATE", "my table")),
           Arguments.of(
-              "update `my table` set answer=42 where x IN('a', 'b')",
-              expect("update `my table` set answer=? where x in(?)", "UPDATE", "my table")),
+              "update `my table` set answer=42 where x IN('a', 'b') AND y In ('a',  'b')",
+              expect(
+                  "update `my table` set answer=? where x IN(?) AND y In (?)",
+                  "UPDATE",
+                  "my table")),
           Arguments.of(
               "update \"my table\" set answer=42",
               expect("update \"my table\" set answer=?", "UPDATE", "my table")),