opentelemetry-rust icon indicating copy to clipboard operation
opentelemetry-rust copied to clipboard
verified publisher icon open-telemetry

Add comprehensive defensive parsing tests for TraceState and Baggage propagators

Open Copilot opened this issue 5 months ago • 2 comments

This PR adds extensive defensive parsing tests for TraceState and Baggage propagators to ensure they handle malformed headers gracefully without crashes or security vulnerabilities, following the OpenTelemetry .NET security advisory.

Changes Made

TraceState Parsing (opentelemetry/src/trace/span_context.rs)

  • Fixed valid_key() validation: Now properly rejects empty keys and invalid vendor format edge cases
  • Added test_tracestate_defensive_parsing: Tests malformed inputs including empty strings, invalid characters, Unicode, control characters, and very long inputs
  • Added test_tracestate_memory_safety: Tests extremely long inputs (100k+ chars) and memory exhaustion protection
  • Added test_tracestate_key_validation_edge_cases: Comprehensive tests for key validation rules per W3C spec
  • Added test_tracestate_value_validation_edge_cases: Comprehensive tests for value validation rules

Baggage Parsing (opentelemetry-sdk/src/propagation/baggage.rs)

  • Added extract_baggage_defensive_parsing: Tests malformed baggage headers don't cause crashes
  • Added extract_baggage_memory_safety: Tests memory safety with very long headers and many entries (10k+ entries)
  • Added extract_baggage_percent_encoding_edge_cases: Tests invalid percent encoding patterns

TraceContext Parsing (opentelemetry-sdk/src/propagation/trace_context.rs)

  • Added extract_w3c_defensive_traceparent: Tests malformed traceparent headers
  • Added extract_w3c_defensive_tracestate: Tests malformed tracestate with valid traceparent
  • Added extract_w3c_memory_safety: Tests memory safety with extremely long inputs
  • Added extract_w3c_boundary_conditions: Tests boundary conditions for versions and flags

Security Improvements

The tests validate that the parsing code handles these attack vectors defensively:

  • Memory exhaustion: Very long headers (100k+ characters) and excessive entries (10k+ items)
  • Invalid UTF-8 sequences: Malformed Unicode that could cause parsing errors
  • Control characters: Null bytes, newlines, tabs that might confuse parsers
  • Malformed structures: Missing equals signs, empty keys/values, nested separators
  • Invalid percent encoding: Incomplete or invalid hex sequences

Test Results

All tests pass successfully:

  • ✅ TraceState tests: 8/8 passing
  • ✅ Baggage tests: 7/7 passing
  • ✅ TraceContext tests: 9/9 passing
  • ✅ All existing tests continue to pass

The existing parsing implementations already handle most malformed inputs gracefully by design, logging warnings and ignoring invalid entries. These tests ensure this defensive behavior is maintained and covers edge cases that could be exploited.

Fixes #2757.

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

Copilot avatar Jun 27 '25 15:06 Copilot

CLA Missing ID CLA Not Signed

  • :x: The email address for the commit (b4b4ea58d7fe9d93f0c277106b4af5c301b9d55c, 3d85eefdfacc470742b25bb4de1b732760d52f7d, 02fa8f9e013650ab8da82d1201a302b1c7ca5163) is not linked to the GitHub account, preventing the EasyCLA check. Consult this Help Article and GitHub Help to resolve. (To view the commit's email address, add .patch at the end of this PR page's URL.) For further assistance with EasyCLA, please submit a support request ticket.

linux-foundation-easycla[bot] avatar Jun 27 '25 15:06 linux-foundation-easycla[bot]

Codecov Report

Attention: Patch coverage is 94.50262% with 21 lines in your changes missing coverage. Please review.

Project coverage is 80.3%. Comparing base (5e29598) to head (b4b4ea5). Report is 8 commits behind head on main.

Files with missing lines Patch % Lines
opentelemetry/src/trace/span_context.rs 93.2% 11 Missing :warning:
opentelemetry-sdk/src/propagation/baggage.rs 94.9% 5 Missing :warning:
opentelemetry-sdk/src/propagation/trace_context.rs 95.7% 5 Missing :warning:
Additional details and impacted files 
@@           Coverage Diff           @@
##            main   #3040     +/-   ##
=======================================
+ Coverage   80.0%   80.3%   +0.2%     
=======================================
  Files        126     126             
  Lines      21879   22257    +378     
=======================================
+ Hits       17519   17883    +364     
- Misses      4360    4374     +14

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

codecov[bot] avatar Jul 06 '25 20:07 codecov[bot]