[otelmongo] Disable adding the mongo 'db.statement' tag by default (#…

…3519) * Disable adding the mongo 'db.statement' tag by default As of now, the 'db.statement' tag is not obfuscated, which can lead to sensitive information being leaked through the tag. See #3388 * Update CHANGELOG.md * Update CHANGELOG.md * Update mongo.go * fix reverted changelog change in conflict resolution * Move changelog entry to unreleased --------- Co-authored-by: Damien Mathieu <42@dmathieu.com> Co-authored-by: Robert Pająk <pellared@hotmail.com> Co-authored-by: Tyler Yahn <MrAlias@users.noreply.github.com> Co-authored-by: Tyler Yahn <codingalias@gmail.com>
open-telemetry · Apr 26, 2023 · d208339 · d208339
1 parent 6682591
commit d208339
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -16,6 +16,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 ### Changed
 
 - Update `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc` to align gRPC server span status with the changes in the OpenTelemetry specification. (#3685)
+- Adding the `db.statement` tag to spans in `go.opentelemetry.io/contrib/instrumentation/go.mongodb.org/mongo-driver/mongo/otelmongo` is now disabled by default. (#3519)
 
 ### Fixed
 

diff --git a/instrumentation/go.mongodb.org/mongo-driver/mongo/otelmongo/config.go b/instrumentation/go.mongodb.org/mongo-driver/mongo/otelmongo/config.go
@@ -33,7 +33,8 @@ type config struct {
 // newConfig returns a config with all Options set.
 func newConfig(opts ...Option) config {
 	cfg := config{
-		TracerProvider: otel.GetTracerProvider(),
+		TracerProvider:           otel.GetTracerProvider(),
+		CommandAttributeDisabled: true,
 	}
 	for _, opt := range opts {
 		opt.apply(&cfg)
@@ -68,7 +69,8 @@ func WithTracerProvider(provider trace.TracerProvider) Option {
 }
 
 // WithCommandAttributeDisabled specifies if the MongoDB command is added as an attribute to Spans or not.
-// The MongoDB command will be added as an attribute to Spans by default if this option is not provided.
+// This is disabled by default and the MongoDB command will not be added as an attribute
+// to Spans if this option is not provided.
 func WithCommandAttributeDisabled(disabled bool) Option {
 	return optionFunc(func(cfg *config) {
 		cfg.CommandAttributeDisabled = disabled

diff --git a/instrumentation/go.mongodb.org/mongo-driver/mongo/otelmongo/mongo.go b/instrumentation/go.mongodb.org/mongo-driver/mongo/otelmongo/mongo.go
@@ -107,7 +107,7 @@ func (m *monitor) Finished(evt *event.CommandFinishedEvent, err error) {
 	span.End()
 }
 
-// TODO sanitize values where possible
+// TODO sanitize values where possible, then reenable `db.statement` span attributes default.
 // TODO limit maximum size.
 func sanitizeCommand(command bson.Raw) string {
 	b, _ := bson.MarshalExtJSON(command, false, false)