Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add db.statement sanitization/masking examples #708

Closed
mateuszrzeszutek opened this issue Oct 19, 2020 · 4 comments
Closed

Add db.statement sanitization/masking examples #708

mateuszrzeszutek opened this issue Oct 19, 2020 · 4 comments
Assignees

Comments

@mateuszrzeszutek
Copy link
Member

What are you trying to achieve?

The trace DB spec mentions that the db.statement attribute value may be sanitized to exclude sensitive information but provides no example of such sanitization.
The aim of this issue is to add several examples of how we should sanitize database statements, e.g. INSERT INTO payment_cards (CC, EXP_DATE) values (?, ?) for SQL or HMSET cards cc ? exp_date ? for Redis.

Additional context.

See: open-telemetry/opentelemetry-java-instrumentation#1405

@Oberon00
Copy link
Member

Oberon00 commented Oct 19, 2020

The given examples (if they actually contain ? instead of the actual values) need no sanitization I think.

@mateuszrzeszutek
Copy link
Member Author

Yeah, those are after sanitization. Let me correct myself, I meant something like that:

raw db.statement sanitized db.statement
INSERT INTO payment_cards (CC, EXP_DATE) values (1234432112344321, '10/2025') INSERT INTO payment_cards (CC, EXP_DATE) values (?, ?)
HMSET cards cc 1234432112344321 exp_date '10/2025'? HMSET cards cc ? exp_date ?

@avzis
Copy link
Contributor

avzis commented Jan 15, 2023

@mateuszrzeszutek
I think that in order to add specific examples, the specs should also better describe the format of the sanitization.
Like, what data need sanitization?
How to display sanitized data?
etc

(maybe it requires a dedicated issue)

@jack-berg jack-berg transferred this issue from open-telemetry/opentelemetry-specification Feb 7, 2024
joaopgrassi pushed a commit to dynatrace-oss-contrib/semantic-conventions that referenced this issue Mar 21, 2024
The parameter `maxExportBatchSize` refers to "export", but
`exporterTimeoutMillis` refers to the "exporter." This unifies on
"export" since they are both in reference to the same process.
@trask
Copy link
Member

trask commented Apr 24, 2024

Rolling this issue into #717

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Development

No branches or pull requests

5 participants