Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sanitize DB_STATEMENT by default for elasticsearch #1758

Merged
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
sanitize db statement by default
nemoshlag committed Apr 16, 2023
commit 969a7ddf96d78cdcfe17324f880d9b8e1f843cde
Original file line number Diff line number Diff line change
@@ -44,7 +44,6 @@

The instrument() method accepts the following keyword args:
tracer_provider (TracerProvider) - an optional tracer provider
sanitize_query (bool) - an optional query sanitization flag
request_hook (Callable) - a function with extra user-defined logic to be performed before performing the request
this function signature is:
def request_hook(span: Span, method: str, url: str, kwargs)
@@ -138,13 +137,11 @@ def _instrument(self, **kwargs):
tracer = get_tracer(__name__, __version__, tracer_provider)
request_hook = kwargs.get("request_hook")
response_hook = kwargs.get("response_hook")
sanitize_query = kwargs.get("sanitize_query", False)
_wrap(
elasticsearch,
"Transport.perform_request",
_wrap_perform_request(
tracer,
sanitize_query,
self._span_name_prefix,
request_hook,
response_hook,
@@ -163,7 +160,6 @@ def _uninstrument(self, **kwargs):

def _wrap_perform_request(
tracer,
sanitize_query,
span_name_prefix,
request_hook=None,
response_hook=None,
@@ -225,10 +221,9 @@ def wrapper(wrapped, _, args, kwargs):
if method:
attributes["elasticsearch.method"] = method
if body:
statement = str(body)
if sanitize_query:
statement = sanitize_body(body)
attributes[SpanAttributes.DB_STATEMENT] = statement
attributes[SpanAttributes.DB_STATEMENT] = sanitize_body(
body
)
if params:
attributes["elasticsearch.params"] = str(params)
if doc_id:
Original file line number Diff line number Diff line change
@@ -58,9 +58,7 @@ class TestElasticsearchIntegration(TestBase):
"elasticsearch.url": "/test-index/_search",
"elasticsearch.method": helpers.dsl_search_method,
"elasticsearch.target": "test-index",
SpanAttributes.DB_STATEMENT: str(
{"query": {"bool": {"filter": [{"term": {"author": "testing"}}]}}}
),
SpanAttributes.DB_STATEMENT: str({"query": {"bool": {"filter": "?"}}}),
}

create_attributes = {
@@ -264,18 +262,6 @@ def test_dsl_search(self, request_mock):
)

def test_dsl_search_sanitized(self, request_mock):
# Reset instrumentation to use sanitized query (default)
ElasticsearchInstrumentor().uninstrument()
ElasticsearchInstrumentor().instrument(sanitize_query=True)

# update expected attributes to match sanitized query
sanitized_search_attributes = self.search_attributes.copy()
sanitized_search_attributes.update(
{
SpanAttributes.DB_STATEMENT: "{'query': {'bool': {'filter': '?'}}}"
}
)

request_mock.return_value = (1, {}, '{"hits": {"hits": []}}')
client = Elasticsearch()
search = Search(using=client, index="test-index").filter(
@@ -289,7 +275,7 @@ def test_dsl_search_sanitized(self, request_mock):
self.assertIsNotNone(span.end_time)
self.assertEqual(
span.attributes,
sanitized_search_attributes,
self.search_attributes,
)

def test_dsl_create(self, request_mock):
@@ -320,9 +306,6 @@ def test_dsl_create(self, request_mock):
)

def test_dsl_create_sanitized(self, request_mock):
# Reset instrumentation to explicitly use sanitized query
ElasticsearchInstrumentor().uninstrument()
ElasticsearchInstrumentor().instrument(sanitize_query=True)
request_mock.return_value = (1, {}, {})
client = Elasticsearch()
Article.init(using=client)