-
Notifications
You must be signed in to change notification settings - Fork 775
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Instrumentation.AspNetCore and Instrumentation.Http 1.8.1 have illegal breaking changes in the produced telemetry #5541
Comments
CC @open-telemetry/semconv-http-approvers @open-telemetry/specs-semconv-approvers |
I also want to mention that it is related to the issue below:
Personally, I always advocated for not emitting attributes that have non-low probability to contain sensitive information. But the ship has sailed. |
I believe there is a discussion here open-telemetry/semantic-conventions#860 (among other places). If ASP.NET Core was instrumented natively, I think it'd follow the logging defaults where query params are not logged by default. I don't see a strict spec violation in the .NET instrumentation behavior (scrubbing is recommended if it can be identified). And I can understand the motivation to consider this change as a security hotfix. But I can also see that we need to be more specific in the spec wrt opt-in/opt-out behavior. @pellared could you create an issue in the semconv repo? Also, it would be awesome if you could attend SemConv SIG meeting on Monday at 8am PST to bring it up. |
It violates https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/telemetry-stability.md#fixed-schema-telemetry-producers as since https://github.com/open-telemetry/opentelemetry-dotnet/releases/tag/Instrumentation.AspNetCore-1.6.0 it even promised to produce stable telemetry
I am not sure what issue I should create. Feel free to create one. I found already 3 which are related:
I do my best to join but no promises. |
Not an answer to the original concern you have raised, but just want to highlight that the above spec is an experimental one. |
During the Specification SIG meeting (even last one) it was said that it an "aspiring" one. I am not sure why it is not stable yet. EDIT: I just created: |
I already voiced my opinion in the initial PR where this redaction logic was introduced but will share here as well: I think performing this redaction by default is bad. The framework already defines a standard redaction library that could be leveraged for this that is opt-in, and the collector also has redaction capabilities that are similarly opt-in.
This section quoted by @pellared seems quite clear to me as well. The bolded part being the most important for me. The answer to that, today, is "no" IMHO: the instrumentation cannot identify whether those should be scrubbed, all we are doing is a blanked redaction that just scrubs everything, that to me is not really the same. There is no such thing as "sensitive content detection" going on in the URL and Query components at all. I was also opposed to the way it was implemented from a technical perspective, in the sense that it was all done in a fully custom way instead of leveraging Lastly, I disagree strongly with the recent change to v1.8.0 packages in nuget.org that were all tagged as "vulnerable". That to me is the same as saying You guys are being too defensive on this. |
It is an allowable change which is not seen as breaking from OpenTelemetry Specification point of view.
Closing this issue. |
Bug Report
List of all OpenTelemetry NuGet packages and version that you are using (e.g.
OpenTelemetry 1.0.2
):Symptom
The breaking changes introduced in #5532 are violating https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/telemetry-stability.md#fixed-schema-telemetry-producers.
I find such changes unacceptable as they can break analysis tools that consumes the instrumentation (e.g. dashboards, alerts, queries, etc.) especially that this changes is NOT required by the HTTP semantic conventions:
Has this change been seen as acceptable by OTel Specification or/and OTel Semantic Conventions SIGs?
Notice that people are already complaining: #5532 (comment)
I think that such functionality MUST be changed to opt-in especially that it is not required by semantic conventions.
OTEL_DOTNET_EXPERIMENTAL_ASPNETCORE_DISABLE_URL_QUERY_REDACTION
andOTEL_DOTNET_EXPERIMENTAL_HTTPCLIENT_DISABLE_URL_QUERY_REDACTION
should betrue
by default.The text was updated successfully, but these errors were encountered: