Capture and scrub outgoing http query params (#115)

* Capture and scrub outgoing http query params

* Update tests to support older python dict ordering

Author: pglombardo

instana/instrumentation/urllib3.py

@@ -15,21 +15,24 @@ def collect(instance, args, kwargs):
         """ Build and return a fully qualified URL for this request """
         try:
             kvs = {}
-
             kvs['host'] = instance.host
             kvs['port'] = instance.port
 
             if args is not None and len(args) is 2:
                 kvs['method'] = args[0]
-                kvs['path'] = strip_secrets(args[1], agent.secrets_matcher, agent.secrets_list)
+                kvs['path'] = args[1]
             else:
                 kvs['method'] = kwargs.get('method')
                 kvs['path'] = kwargs.get('path')
                 if kvs['path'] is None:
                     kvs['path'] = kwargs.get('url')
 
-                # Strip any secrets from potential query params
-                kvs['path'] = strip_secrets(kvs['path'], agent.secrets_matcher, agent.secrets_list)
+            # Strip any secrets from potential query params
+            if '?' in kvs['path']:
+                parts = kvs['path'].split('?')
+                kvs['path'] = parts[0]
+                if len(parts) is 2:
+                    kvs['query'] = strip_secrets(parts[1], agent.secrets_matcher, agent.secrets_list)
 
             if type(instance) is urllib3.connectionpool.HTTPSConnectionPool:
                 kvs['url'] = 'https://%s:%d%s' % (kvs['host'], kvs['port'], kvs['path'])
@@ -54,6 +57,8 @@ def urlopen_with_instana(wrapped, instance, args, kwargs):
                 kvs = collect(instance, args, kwargs)
                 if 'url' in kvs:
                     scope.span.set_tag(ext.HTTP_URL, kvs['url'])
+                if 'query' in kvs:
+                    scope.span.set_tag("http.params", kvs['query'])
                 if 'method' in kvs:
                     scope.span.set_tag(ext.HTTP_METHOD, kvs['method'])
 

tests/test_urllib3.py

@@ -77,6 +77,110 @@ def test_get_request(self):
         self.assertTrue(type(urllib3_span.stack) is list)
         self.assertTrue(len(urllib3_span.stack) > 1)
 
+    def test_get_request_with_query(self):
+        with tracer.start_active_span('test'):
+            r = self.http.request('GET', 'http://127.0.0.1:5000/?one=1&two=2')
+
+        spans = self.recorder.queued_spans()
+        self.assertEqual(3, len(spans))
+
+        wsgi_span = spans[0]
+        urllib3_span = spans[1]
+        test_span = spans[2]
+
+        assert(r)
+        self.assertEqual(200, r.status)
+        self.assertIsNone(tracer.active_span)
+
+        # Same traceId
+        self.assertEqual(test_span.t, urllib3_span.t)
+        self.assertEqual(urllib3_span.t, wsgi_span.t)
+
+        # Parent relationships
+        self.assertEqual(urllib3_span.p, test_span.s)
+        self.assertEqual(wsgi_span.p, urllib3_span.s)
+
+        # Error logging
+        self.assertFalse(test_span.error)
+        self.assertIsNone(test_span.ec)
+        self.assertFalse(urllib3_span.error)
+        self.assertIsNone(urllib3_span.ec)
+        self.assertFalse(wsgi_span.error)
+        self.assertIsNone(wsgi_span.ec)
+
+        # wsgi
+        self.assertEqual("wsgi", wsgi_span.n)
+        self.assertEqual('127.0.0.1:5000', wsgi_span.data.http.host)
+        self.assertEqual('/', wsgi_span.data.http.url)
+        self.assertEqual('GET', wsgi_span.data.http.method)
+        self.assertEqual('200', wsgi_span.data.http.status)
+        self.assertIsNone(wsgi_span.data.http.error)
+        self.assertIsNotNone(wsgi_span.stack)
+        self.assertEqual(2, len(wsgi_span.stack))
+
+        # urllib3
+        self.assertEqual("test", test_span.data.sdk.name)
+        self.assertEqual("urllib3", urllib3_span.n)
+        self.assertEqual(200, urllib3_span.data.http.status)
+        self.assertEqual("http://127.0.0.1:5000/", urllib3_span.data.http.url)
+        self.assertTrue(urllib3_span.data.http.params in ["one=1&two=2", "two=2&one=1"] )
+        self.assertEqual("GET", urllib3_span.data.http.method)
+        self.assertIsNotNone(urllib3_span.stack)
+        self.assertTrue(type(urllib3_span.stack) is list)
+        self.assertTrue(len(urllib3_span.stack) > 1)
+
+    def test_get_request_with_alt_query(self):
+        with tracer.start_active_span('test'):
+            r = self.http.request('GET', 'http://127.0.0.1:5000/', fields={'one': '1', 'two': 2})
+
+        spans = self.recorder.queued_spans()
+        self.assertEqual(3, len(spans))
+
+        wsgi_span = spans[0]
+        urllib3_span = spans[1]
+        test_span = spans[2]
+
+        assert(r)
+        self.assertEqual(200, r.status)
+        self.assertIsNone(tracer.active_span)
+
+        # Same traceId
+        self.assertEqual(test_span.t, urllib3_span.t)
+        self.assertEqual(urllib3_span.t, wsgi_span.t)
+
+        # Parent relationships
+        self.assertEqual(urllib3_span.p, test_span.s)
+        self.assertEqual(wsgi_span.p, urllib3_span.s)
+
+        # Error logging
+        self.assertFalse(test_span.error)
+        self.assertIsNone(test_span.ec)
+        self.assertFalse(urllib3_span.error)
+        self.assertIsNone(urllib3_span.ec)
+        self.assertFalse(wsgi_span.error)
+        self.assertIsNone(wsgi_span.ec)
+
+        # wsgi
+        self.assertEqual("wsgi", wsgi_span.n)
+        self.assertEqual('127.0.0.1:5000', wsgi_span.data.http.host)
+        self.assertEqual('/', wsgi_span.data.http.url)
+        self.assertEqual('GET', wsgi_span.data.http.method)
+        self.assertEqual('200', wsgi_span.data.http.status)
+        self.assertIsNone(wsgi_span.data.http.error)
+        self.assertIsNotNone(wsgi_span.stack)
+        self.assertEqual(2, len(wsgi_span.stack))
+
+        # urllib3
+        self.assertEqual("test", test_span.data.sdk.name)
+        self.assertEqual("urllib3", urllib3_span.n)
+        self.assertEqual(200, urllib3_span.data.http.status)
+        self.assertEqual("http://127.0.0.1:5000/", urllib3_span.data.http.url)
+        self.assertTrue(urllib3_span.data.http.params in ["one=1&two=2", "two=2&one=1"] )
+        self.assertEqual("GET", urllib3_span.data.http.method)
+        self.assertIsNotNone(urllib3_span.stack)
+        self.assertTrue(type(urllib3_span.stack) is list)
+        self.assertTrue(len(urllib3_span.stack) > 1)
+
     def test_put_request(self):
         with tracer.start_active_span('test'):
             r = self.http.request('PUT', 'http://127.0.0.1:5000/notfound')