opentelemetry-js
opentelemetry-js copied to clipboard
open-telemetry
Fix password and username in http.url
Which problem is this PR solving?
This PR addresses the issue described in #2000 which states that the http.url attribute must not contain credentials passed via the URL. According to the recent specification changes, URLs formatted as https://username:[email protected]/ are invalid for the http.url attribute and should instead be formatted as https://www.example.com/.
Fixes #2000
Short description of the changes
The isValidOptionsType function has been modified to check for the presence of credentials in a given URL using the url.parse method. If the URL contains authentication information (i.e., username or password), the function will return false. Conversely, the function will return true if the URL contains no credentials.
Type of change
- [x] Bug fix (non-breaking change which fixes an issue)
How Has This Been Tested?
The functionality has been tested with a series of unit tests, which include various input values. The tests verify that the function returns false for invalid URLs containing credentials and true for valid URLs and acceptable types such as strings and objects. The test cases ensure the behaviour is consistent with the updated requirements.
describe('isValidOptionsType()', () => {
[
'',
false,
true,
1,
0,
'https://username:[email protected]/',
[],
].forEach(options => {
it(`should return false with the following value: ${JSON.stringify(
options
)}`, () => {
assert.strictEqual(utils.isValidOptionsType(options), false);
});
});
for (const options of ['url', url.parse('http://url.com'), {}]) {
it(`should return true with the following value: ${JSON.stringify(
options
)}`, () => {
assert.strictEqual(utils.isValidOptionsType(options), true);
});
}
});
Checklist:
- [x] Followed the style guidelines of this project
- [x] Unit tests have been added
- [ ] Documentation has been updated
