Remove URL credentials (httpx)

ods · ods · commit 017c6ab0a47d · 2023-12-04T09:17:35.000+02:00
diff --git a/instrumentation/opentelemetry-instrumentation-httpx/pyproject.toml b/instrumentation/opentelemetry-instrumentation-httpx/pyproject.toml
@@ -28,6 +28,7 @@ dependencies = [
   "opentelemetry-api ~= 1.12",
   "opentelemetry-instrumentation == 0.43b0.dev",
   "opentelemetry-semantic-conventions == 0.43b0.dev",
+  "opentelemetry-util-http == 0.43b0.dev",
 ]
 
 [project.optional-dependencies]
diff --git a/instrumentation/opentelemetry-instrumentation-httpx/src/opentelemetry/instrumentation/httpx/__init__.py b/instrumentation/opentelemetry-instrumentation-httpx/src/opentelemetry/instrumentation/httpx/__init__.py
@@ -206,6 +206,7 @@ async def async_response_hook(span, request, response):
 from opentelemetry.trace import SpanKind, TracerProvider, get_tracer
 from opentelemetry.trace.span import Span
 from opentelemetry.trace.status import Status
+from opentelemetry.util.http import remove_url_credentials
 
 _logger = logging.getLogger(__name__)
 
@@ -269,7 +270,7 @@ def _extract_parameters(args, kwargs):
         # In httpx >= 0.20.0, handle_request receives a Request object
         request: httpx.Request = args[0]
         method = request.method.encode()
-        url = request.url
+        url = remove_url_credentials(str(request.url))
         headers = request.headers
         stream = request.stream
         extensions = request.extensions
diff --git a/instrumentation/opentelemetry-instrumentation-httpx/tests/test_httpx_integration.py b/instrumentation/opentelemetry-instrumentation-httpx/tests/test_httpx_integration.py
@@ -604,6 +604,13 @@ def perform_request(
             return self.client.request(method, url, headers=headers)
         return client.request(method, url, headers=headers)
 
+    def test_credential_removal(self):
+        new_url = "http://username:password@mock/status/200"
+        self.perform_request(new_url)
+        span = self.assert_span()
+
+        self.assertEqual(span.attributes[SpanAttributes.HTTP_URL], self.URL)
+
 
 class TestAsyncIntegration(BaseTestCases.BaseManualTest):
     response_hook = staticmethod(_async_response_hook)
@@ -664,6 +671,13 @@ def test_basic_multiple(self):
         )
         self.assert_span(num_spans=2)
 
+    def test_credential_removal(self):
+        new_url = "http://username:password@mock/status/200"
+        self.perform_request(new_url)
+        span = self.assert_span()
+
+        self.assertEqual(span.attributes[SpanAttributes.HTTP_URL], self.URL)
+
 
 class TestSyncInstrumentationIntegration(BaseTestCases.BaseInstrumentorTest):
     def create_client(
diff --git a/tox.ini b/tox.ini
@@ -386,7 +386,7 @@ commands_pre =
 
   grpc: pip install {toxinidir}/instrumentation/opentelemetry-instrumentation-grpc[test]
 
-  falcon{1,2,3},flask{213,220},django{1,2,3,4},pyramid,tornado,starlette,fastapi,aiohttp,asgi,requests,urllib,urllib3v{1,2},wsgi: pip install {toxinidir}/util/opentelemetry-util-http[test]
+  falcon{1,2,3},flask{213,220},django{1,2,3,4},pyramid,tornado,starlette,fastapi,aiohttp,asgi,httpx{18,21},requests,urllib,urllib3v{1,2},wsgi: pip install {toxinidir}/util/opentelemetry-util-http[test]
   wsgi,falcon{1,2,3},flask{213,220},django{1,2,3,4},pyramid: pip install {toxinidir}/instrumentation/opentelemetry-instrumentation-wsgi[test]
   asgi,django{3,4},starlette,fastapi: pip install {toxinidir}/instrumentation/opentelemetry-instrumentation-asgi[test]
 

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,7 @@ dependencies = [`
`28`	`28`	`"opentelemetry-api ~= 1.12",`
`29`	`29`	`"opentelemetry-instrumentation == 0.43b0.dev",`
`30`	`30`	`"opentelemetry-semantic-conventions == 0.43b0.dev",`
	`31`	`+ "opentelemetry-util-http == 0.43b0.dev",`
`31`	`32`	`]`
`32`	`33`
`33`	`34`	`[project.optional-dependencies]`