opentelemetry-go
opentelemetry-go copied to clipboard
open-telemetry
Inconsistence of baggage value restriction
Description
Member.String() accpets UTF-8 strings as baggage member values, and URL-encodes them. But it seems this URL-encoding has no effect since baggage.NewMember() does not accept UTF-8 strings.
Environment
- opentelemetry-go version: 1.9.0
Steps To Reproduce
-
baggage.NewMember("", ";")returns an error.
Expected behavior
baggage.NewMember("", ";") does not return errors or Member.String() does no URL-encoding.
baggage.NewMember("", ";") contains an invalid key: https://go.dev/play/p/Xeoi2wArkIn
It also contains an invalid value according to the W3C baggage specification: https://go.dev/play/p/oGeHN3Y52wl
The error returned from NewMember is valid based on how that function is defined:
// NewMember returns a new Member from the passed arguments. An error is // returned if the created Member would be invalid according to the W3C // Baggage specification.
As for underlying issue, the accepted value of NewMember is not decoded as the specification has added:
A value contains a string whose character encoding MUST be UTF-8 [Encoding]. Any characters outside of the baggage-octet range of characters MUST be percent-encoded. Characters which are not required to be percent-encoded MAY be percent-encoded. Percent-encoding is defined in [RFC3986], Section 2.1: https://datatracker.ietf.org/doc/html/rfc3986#section-2.1.
When decoding the value, percent-encoded octet sequences that do not match the UTF-8 encoding scheme MUST be replaced with the replacement character (U+FFFD).
baggage.NewMember("key", "%3B") should be interpreted with a value of ;. Instead it is interpreted directly: https://go.dev/play/p/16d_eij-CWt
The value accepted by NewMember needs to be decoded.
