opentelemetry-instrumentation-http throws on requests with malformed Forwarded headers #5095
Labels
bug
Something isn't working
pkg:instrumentation-http
priority:p1
Bugs which cause problems in end-user applications such as crashes, data inconsistencies, etc
What happened?
Steps to Reproduce
I used the minimal/standard setup from the repository README to reproduce.
Then, ran the server with
node -r ./tracing.js app.js
.Then, ran two requests against the server:
Expected Result
For the server not to crash/still being able to handle the request; and the
open-telemetry-instrumentation-http
plugin to handle bad requests gracefully.Actual Result
Server/node process crashed with
uncaughtException
:Additional Details
The error thrown comes from forward-parse, in this line: https://github.com/lpinca/forwarded-parse/blob/master/index.js#L146
which is called by
open-telemetry-instrumentation-http
ingetIncomingRequestAttributes
(opentelemetry-js/experimental/packages/opentelemetry-instrumentation-http/src/utils.ts
Line 689 in eb3ca4f
getServerAddress
-> usage offorwarded-parse
It feels like the
open-telemetry-instrumentation-http
should handle errors in the plugin itself, i.e., the error should not "leave" the plugin. It is quite expected that a client may send a malformed request, and the server should not crash on those. I could not find a really good way to prevent these errors. That is why I filed this as a bug report.But also happy to be educated whether there's a way to handle errors from plugins that I am not aware of.
Workaround
You might laugh at this, but for completeness: calling
getIncomingRequestAttributes
fromignoreIncomingRequestHook
like this is a hacky way to fix the issue for clients:Possible fix
A possible fix could be wrapping this part of the code
opentelemetry-js/experimental/packages/opentelemetry-instrumentation-http/src/utils.ts
Line 575 in eb3ca4f
getRemoteClientAddress
) into a try / catch and treating a parsing error gracefully in the same way as an absentForwarded
header. This seems to be in line with how the otherx-forwarded-*
headers are handled.Happy to take care of that and submit a PR, should you agree about the problem and suggestion.
OpenTelemetry Setup Code
package.json
Relevant log output
The text was updated successfully, but these errors were encountered: