From d208339209e84cc231cc2065f0effe14c2d883e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eduardo=20Bonzi=20da=20Concei=C3=A7=C3=A3o?= Date: Tue, 25 Apr 2023 21:30:02 -0300 Subject: [PATCH] [otelmongo] Disable adding the mongo 'db.statement' tag by default (#3519) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Disable adding the mongo 'db.statement' tag by default As of now, the 'db.statement' tag is not obfuscated, which can lead to sensitive information being leaked through the tag. See https://github.com/open-telemetry/opentelemetry-go-contrib/issues/3388 * Update CHANGELOG.md * Update CHANGELOG.md * Update mongo.go * fix reverted changelog change in conflict resolution * Move changelog entry to unreleased --------- Co-authored-by: Damien Mathieu <42@dmathieu.com> Co-authored-by: Robert PajÄ…k Co-authored-by: Tyler Yahn Co-authored-by: Tyler Yahn --- CHANGELOG.md | 1 + .../go.mongodb.org/mongo-driver/mongo/otelmongo/config.go | 6 ++++-- .../go.mongodb.org/mongo-driver/mongo/otelmongo/mongo.go | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index acab402d439..9bbd9d97378 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm ### Changed - Update `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc` to align gRPC server span status with the changes in the OpenTelemetry specification. (#3685) +- Adding the `db.statement` tag to spans in `go.opentelemetry.io/contrib/instrumentation/go.mongodb.org/mongo-driver/mongo/otelmongo` is now disabled by default. (#3519) ### Fixed diff --git a/instrumentation/go.mongodb.org/mongo-driver/mongo/otelmongo/config.go b/instrumentation/go.mongodb.org/mongo-driver/mongo/otelmongo/config.go index b9acefa11fe..ef8117de62b 100644 --- a/instrumentation/go.mongodb.org/mongo-driver/mongo/otelmongo/config.go +++ b/instrumentation/go.mongodb.org/mongo-driver/mongo/otelmongo/config.go @@ -33,7 +33,8 @@ type config struct { // newConfig returns a config with all Options set. func newConfig(opts ...Option) config { cfg := config{ - TracerProvider: otel.GetTracerProvider(), + TracerProvider: otel.GetTracerProvider(), + CommandAttributeDisabled: true, } for _, opt := range opts { opt.apply(&cfg) @@ -68,7 +69,8 @@ func WithTracerProvider(provider trace.TracerProvider) Option { } // WithCommandAttributeDisabled specifies if the MongoDB command is added as an attribute to Spans or not. -// The MongoDB command will be added as an attribute to Spans by default if this option is not provided. +// This is disabled by default and the MongoDB command will not be added as an attribute +// to Spans if this option is not provided. func WithCommandAttributeDisabled(disabled bool) Option { return optionFunc(func(cfg *config) { cfg.CommandAttributeDisabled = disabled diff --git a/instrumentation/go.mongodb.org/mongo-driver/mongo/otelmongo/mongo.go b/instrumentation/go.mongodb.org/mongo-driver/mongo/otelmongo/mongo.go index e749aa81f50..b50fc6bed6f 100644 --- a/instrumentation/go.mongodb.org/mongo-driver/mongo/otelmongo/mongo.go +++ b/instrumentation/go.mongodb.org/mongo-driver/mongo/otelmongo/mongo.go @@ -107,7 +107,7 @@ func (m *monitor) Finished(evt *event.CommandFinishedEvent, err error) { span.End() } -// TODO sanitize values where possible +// TODO sanitize values where possible, then reenable `db.statement` span attributes default. // TODO limit maximum size. func sanitizeCommand(command bson.Raw) string { b, _ := bson.MarshalExtJSON(command, false, false)