Apply sanitization to span names too (#43779)

<!-- Issue number (e.g. #1234) or full URL to issue, if applicable. -->
#### Link to tracking issue
Fixes #43778

Signed-off-by: Israel Blancas <[email protected]>

Author: iblancasa

.chloggen/span-name.yaml

@@ -0,0 +1,27 @@
+# Use this changelog template to create an entry for release notes.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: enhancement
+
+# The name of the component, or a single word describing the area of concern, (e.g. receiver/filelog)
+component: processor/redaction
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Extend database query obfuscation to span names. Previously, database query obfuscation (SQL, Redis, MongoDB) was only applied to span attributes and log bodies. Now it also redacts sensitive data in span names.
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+issues: [43778]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
+
+# If your change doesn't affect end users or the exported elements of any package,
+# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
+# Optional: The change log or logs in which this entry should be included.
+# e.g. '[user]' or '[user, api]'
+# Include 'user' if the change is relevant to end users.
+# Include 'api' if there is a change to a library API.
+# Default: '[user]'
+change_logs: [user]

processor/redactionprocessor/internal/db/db.go

@@ -157,3 +157,7 @@ func (o *Obfuscator) ObfuscateAttribute(attributeValue, attributeKey string) (st
 func (o *Obfuscator) HasSpecificAttributes() bool {
 	return o.processAttributesEnabled
 }
+
+func (o *Obfuscator) HasObfuscators() bool {
+	return len(o.obfuscators) > 0
+}

processor/redactionprocessor/internal/db/db_test.go

@@ -159,6 +159,7 @@ func TestNewObfuscator(t *testing.T) {
 			o := NewObfuscator(tt.config)
 			assert.Len(t, o.obfuscators, tt.expectedObfuscatorCount)
 			assert.Equal(t, tt.expectedProcessSpecific, o.HasSpecificAttributes())
+			assert.Equal(t, tt.expectedObfuscatorCount > 0, o.HasObfuscators())
 		})
 	}
 }

processor/redactionprocessor/processor.go

@@ -144,7 +144,18 @@ func (s *redaction) processResourceSpan(ctx context.Context, rs ptrace.ResourceS
 			s.processSpanEvents(ctx, span.Events())
 
 			if s.shouldRedactSpanName(&span) {
-				span.SetName(s.urlSanitizer.SanitizeURL(span.Name()))
+				name := span.Name()
+				if s.urlSanitizer != nil {
+					name = s.urlSanitizer.SanitizeURL(name)
+				}
+				if s.dbObfuscator.HasObfuscators() {
+					var err error
+					name, err = s.dbObfuscator.Obfuscate(name)
+					if err != nil {
+						s.logger.Error(err.Error())
+					}
+				}
+				span.SetName(name)
 			}
 		}
 	}
@@ -426,7 +437,7 @@ func (s *redaction) processStringValueForAttribute(strVal, attributeKey string)
 		strVal = s.urlSanitizer.SanitizeAttributeURL(strVal, attributeKey)
 	}
 
-	if s.dbObfuscator != nil {
+	if s.dbObfuscator.HasObfuscators() {
 		obfuscatedQuery, err := s.dbObfuscator.ObfuscateAttribute(strVal, attributeKey)
 		if err != nil {
 			return strVal
@@ -450,7 +461,7 @@ func (s *redaction) processStringValueForLogBody(strVal string) string {
 		strVal = s.urlSanitizer.SanitizeURL(strVal)
 	}
 
-	if s.dbObfuscator != nil {
+	if s.dbObfuscator.HasObfuscators() {
 		obfuscatedQuery, err := s.dbObfuscator.Obfuscate(strVal)
 		if err != nil {
 			return strVal
@@ -498,7 +509,7 @@ func (s *redaction) shouldRedactKey(k string) bool {
 }
 
 func (s *redaction) shouldRedactSpanName(span *ptrace.Span) bool {
-	if s.urlSanitizer == nil {
+	if s.urlSanitizer == nil && !s.dbObfuscator.HasObfuscators() {
 		return false
 	}
 	spanKind := span.Kind()
@@ -507,7 +518,7 @@ func (s *redaction) shouldRedactSpanName(span *ptrace.Span) bool {
 	}
 
 	spanName := span.Name()
-	if !strings.Contains(spanName, "/") {
+	if !strings.Contains(spanName, "/") && !s.dbObfuscator.HasObfuscators() {
 		return false
 	}
 	return !s.shouldAllowValue(spanName)

processor/redactionprocessor/processor_test.go

@@ -17,6 +17,7 @@ import (
 	"go.opentelemetry.io/collector/pdata/ptrace"
 	"go.uber.org/zap/zaptest"
 
+	"github.com/open-telemetry/opentelemetry-collector-contrib/processor/redactionprocessor/internal/db"
 	"github.com/open-telemetry/opentelemetry-collector-contrib/processor/redactionprocessor/internal/url"
 )
 
@@ -1791,3 +1792,250 @@ func TestURLSanitizationSpanNameWithBlockedValues(t *testing.T) {
 		assert.Equal(t, "GET /api/v1/payments/*", spans.At(0).Name())
 	})
 }
+
+func TestDBObfuscationSpanName(t *testing.T) {
+	t.Run("span name with SQL query should be obfuscated when SQL config enabled", func(t *testing.T) {
+		tc := testConfig{
+			config: &Config{
+				AllowAllKeys: true,
+				DBSanitizer: db.DBSanitizerConfig{
+					SQLConfig: db.SQLConfig{
+						Enabled: true,
+					},
+				},
+			},
+		}
+
+		inBatch := ptrace.NewTraces()
+		rs := inBatch.ResourceSpans().AppendEmpty()
+		ils := rs.ScopeSpans().AppendEmpty()
+		span := ils.Spans().AppendEmpty()
+		span.SetName("SELECT * FROM users WHERE id = 123")
+		span.SetKind(ptrace.SpanKindClient)
+
+		processor, err := newRedaction(t.Context(), tc.config, zaptest.NewLogger(t))
+		require.NoError(t, err)
+		outTraces, err := processor.processTraces(t.Context(), inBatch)
+		require.NoError(t, err)
+
+		outSpan := outTraces.ResourceSpans().At(0).ScopeSpans().At(0).Spans().At(0)
+		// SQL query should be obfuscated (numbers replaced)
+		assert.Contains(t, outSpan.Name(), "SELECT * FROM users WHERE id = ?")
+	})
+
+	t.Run("span name with Redis command should be obfuscated when Redis config enabled", func(t *testing.T) {
+		tc := testConfig{
+			config: &Config{
+				AllowAllKeys: true,
+				DBSanitizer: db.DBSanitizerConfig{
+					RedisConfig: db.RedisConfig{
+						Enabled: true,
+					},
+				},
+			},
+		}
+
+		inBatch := ptrace.NewTraces()
+		rs := inBatch.ResourceSpans().AppendEmpty()
+		ils := rs.ScopeSpans().AppendEmpty()
+		span := ils.Spans().AppendEmpty()
+		span.SetName("SET user:12345 value")
+		span.SetKind(ptrace.SpanKindClient)
+
+		processor, err := newRedaction(t.Context(), tc.config, zaptest.NewLogger(t))
+		require.NoError(t, err)
+		outTraces, err := processor.processTraces(t.Context(), inBatch)
+		require.NoError(t, err)
+
+		outSpan := outTraces.ResourceSpans().At(0).ScopeSpans().At(0).Spans().At(0)
+		// Redis SET command should have value removed but key retained
+		assert.Equal(t, "SET user:12345 ?", outSpan.Name())
+	})
+
+	t.Run("span name without slash should be obfuscated when DB obfuscator enabled", func(t *testing.T) {
+		tc := testConfig{
+			config: &Config{
+				AllowAllKeys: true,
+				DBSanitizer: db.DBSanitizerConfig{
+					SQLConfig: db.SQLConfig{
+						Enabled: true,
+					},
+				},
+			},
+		}
+
+		inBatch := ptrace.NewTraces()
+		rs := inBatch.ResourceSpans().AppendEmpty()
+		ils := rs.ScopeSpans().AppendEmpty()
+		span := ils.Spans().AppendEmpty()
+		// No slash in span name
+		span.SetName("SELECT count(*) FROM orders WHERE status = 'pending'")
+		span.SetKind(ptrace.SpanKindServer)
+
+		processor, err := newRedaction(t.Context(), tc.config, zaptest.NewLogger(t))
+		require.NoError(t, err)
+		outTraces, err := processor.processTraces(t.Context(), inBatch)
+		require.NoError(t, err)
+
+		outSpan := outTraces.ResourceSpans().At(0).ScopeSpans().At(0).Spans().At(0)
+		// Should be obfuscated even without slash
+		assert.Contains(t, outSpan.Name(), "SELECT count(*) FROM orders WHERE status = ?")
+	})
+
+	t.Run("span name should be processed by both URL sanitizer and DB obfuscator when both enabled", func(t *testing.T) {
+		tc := testConfig{
+			config: &Config{
+				AllowAllKeys: true,
+				URLSanitization: url.URLSanitizationConfig{
+					Enabled: true,
+				},
+				DBSanitizer: db.DBSanitizerConfig{
+					SQLConfig: db.SQLConfig{
+						Enabled: true,
+					},
+				},
+			},
+		}
+
+		inBatch := ptrace.NewTraces()
+		rs := inBatch.ResourceSpans().AppendEmpty()
+		ils := rs.ScopeSpans().AppendEmpty()
+		span := ils.Spans().AppendEmpty()
+		// Span name that could benefit from both sanitizers
+		span.SetName("/api/users/123")
+		span.SetKind(ptrace.SpanKindClient)
+
+		processor, err := newRedaction(t.Context(), tc.config, zaptest.NewLogger(t))
+		require.NoError(t, err)
+		outTraces, err := processor.processTraces(t.Context(), inBatch)
+		require.NoError(t, err)
+
+		outSpan := outTraces.ResourceSpans().At(0).ScopeSpans().At(0).Spans().At(0)
+		// URL should be sanitized by URL sanitizer
+		assert.Equal(t, "/api/users/*", outSpan.Name())
+	})
+
+	t.Run("span name should not be obfuscated when span kind is INTERNAL", func(t *testing.T) {
+		tc := testConfig{
+			config: &Config{
+				AllowAllKeys: true,
+				DBSanitizer: db.DBSanitizerConfig{
+					SQLConfig: db.SQLConfig{
+						Enabled: true,
+					},
+				},
+			},
+		}
+
+		inBatch := ptrace.NewTraces()
+		rs := inBatch.ResourceSpans().AppendEmpty()
+		ils := rs.ScopeSpans().AppendEmpty()
+		span := ils.Spans().AppendEmpty()
+		span.SetName("SELECT * FROM users WHERE id = 123")
+		span.SetKind(ptrace.SpanKindInternal)
+
+		processor, err := newRedaction(t.Context(), tc.config, zaptest.NewLogger(t))
+		require.NoError(t, err)
+		outTraces, err := processor.processTraces(t.Context(), inBatch)
+		require.NoError(t, err)
+
+		outSpan := outTraces.ResourceSpans().At(0).ScopeSpans().At(0).Spans().At(0)
+		// Should NOT be obfuscated because span kind is INTERNAL
+		assert.Equal(t, "SELECT * FROM users WHERE id = 123", outSpan.Name())
+	})
+
+	t.Run("span name with no enabled DB configs should not be DB obfuscated", func(t *testing.T) {
+		tc := testConfig{
+			config: &Config{
+				AllowAllKeys: true,
+				DBSanitizer: db.DBSanitizerConfig{
+					SQLConfig: db.SQLConfig{
+						Enabled: false,
+					},
+					RedisConfig: db.RedisConfig{
+						Enabled: false,
+					},
+				},
+			},
+		}
+
+		inBatch := ptrace.NewTraces()
+		rs := inBatch.ResourceSpans().AppendEmpty()
+		ils := rs.ScopeSpans().AppendEmpty()
+		span := ils.Spans().AppendEmpty()
+		// SQL query without slash
+		span.SetName("SELECT * FROM users WHERE id = 123")
+		span.SetKind(ptrace.SpanKindClient)
+
+		processor, err := newRedaction(t.Context(), tc.config, zaptest.NewLogger(t))
+		require.NoError(t, err)
+		outTraces, err := processor.processTraces(t.Context(), inBatch)
+		require.NoError(t, err)
+
+		outSpan := outTraces.ResourceSpans().At(0).ScopeSpans().At(0).Spans().At(0)
+		// Should NOT be obfuscated because no DB configs are enabled and no slash for URL sanitization
+		assert.Equal(t, "SELECT * FROM users WHERE id = 123", outSpan.Name())
+	})
+
+	t.Run("span name with Mongo query should be obfuscated when Mongo config enabled", func(t *testing.T) {
+		tc := testConfig{
+			config: &Config{
+				AllowAllKeys: true,
+				DBSanitizer: db.DBSanitizerConfig{
+					MongoConfig: db.MongoConfig{
+						Enabled: true,
+					},
+				},
+			},
+		}
+
+		inBatch := ptrace.NewTraces()
+		rs := inBatch.ResourceSpans().AppendEmpty()
+		ils := rs.ScopeSpans().AppendEmpty()
+		span := ils.Spans().AppendEmpty()
+		span.SetName(`{"find":"users","filter":{"_id":"507f1f77bcf86cd799439011"}}`)
+		span.SetKind(ptrace.SpanKindClient)
+
+		processor, err := newRedaction(t.Context(), tc.config, zaptest.NewLogger(t))
+		require.NoError(t, err)
+		outTraces, err := processor.processTraces(t.Context(), inBatch)
+		require.NoError(t, err)
+
+		outSpan := outTraces.ResourceSpans().At(0).ScopeSpans().At(0).Spans().At(0)
+		// Mongo query should be obfuscated (all values replaced with ?)
+		assert.Contains(t, outSpan.Name(), `"find":"?"`)
+		assert.Contains(t, outSpan.Name(), `"filter":{"_id":"?"}`)
+	})
+
+	t.Run("span name with multiple database types enabled should be processed sequentially", func(t *testing.T) {
+		tc := testConfig{
+			config: &Config{
+				AllowAllKeys: true,
+				DBSanitizer: db.DBSanitizerConfig{
+					SQLConfig: db.SQLConfig{
+						Enabled: true,
+					},
+					RedisConfig: db.RedisConfig{
+						Enabled: true,
+					},
+				},
+			},
+		}
+
+		inBatch := ptrace.NewTraces()
+		rs := inBatch.ResourceSpans().AppendEmpty()
+		ils := rs.ScopeSpans().AppendEmpty()
+		span := ils.Spans().AppendEmpty()
+		span.SetName("SELECT * FROM cache WHERE key = 'user:123'")
+		span.SetKind(ptrace.SpanKindServer)
+
+		processor, err := newRedaction(t.Context(), tc.config, zaptest.NewLogger(t))
+		require.NoError(t, err)
+		outTraces, err := processor.processTraces(t.Context(), inBatch)
+		require.NoError(t, err)
+
+		outSpan := outTraces.ResourceSpans().At(0).ScopeSpans().At(0).Spans().At(0)
+		// Should be processed by all enabled obfuscators
+		assert.NotEqual(t, "SELECT * FROM cache WHERE key = 'user:123'", outSpan.Name())
+	})
+}