Skip to content

fix(exporters): use parseHeaders() to ensure header-values are not 'undefined' #4540

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Mar 14, 2024
Merged

fix(exporters): use parseHeaders() to ensure header-values are not 'undefined' #4540

merged 4 commits into from
Mar 14, 2024

Conversation

@pichlermarc
Copy link
Member

@pichlermarc pichlermarc commented Mar 12, 2024
edited
Loading

Which problem is this PR solving?

When passing an options object like { headers: { foo: undefined } } to the http/json and http/protobuf exporters, the headers will not be validated and that will cause

opentelemetry-js/experimental/packages/otlp-exporter-base/src/platform/node/util.ts

Line 89 in abfe059

req = request(options, (res: http.IncomingMessage) => {

to throw, as we're passing an undefined header value. While this alone will not cause an application crash, trying to access req at

opentelemetry-js/experimental/packages/otlp-exporter-base/src/platform/node/util.ts

Line 62 in abfe059

if (req.destroyed) {

will cause the end-user's application to crash within typically 10s after the first export (when using defaults).

This PR fixes this by sanitizing these headers first using parseHeaders().

Fixes #4541

Type of change

  • Bug fix (non-breaking change which fixes an issue)

@pichlermarc pichlermarc added bug Something isn't working priority:p1 Bugs which cause problems in end-user applications such as crashes, data inconsistencies, etc pkg:exporter-trace-otlp-http pkg:exporter-trace-otlp-proto pkg:exporter-metrics-otlp-http pkg:exporter-metrics-otlp-proto labels Mar 12, 2024
@pichlermarc pichlermarc force-pushed the fix/exporter-headers branch from 60f7ebd to 02dc846 Compare March 12, 2024 13:03
@codecov
Copy link

codecov bot commented Mar 12, 2024
edited
Loading

Codecov Report

Merging #4540 (418b9e3) into main (1b4999f) will decrease coverage by 0.13%.
The diff coverage is 100.00%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4540      +/-   ##
==========================================
- Coverage   92.83%   92.71%   -0.13%     
==========================================
  Files         328      327       -1     
  Lines        9481     9455      -26     
  Branches     2031     2031              
==========================================
- Hits         8802     8766      -36     
- Misses        679      689      +10
Files Coverage Δ
...ogs-otlp-http/src/platform/node/OTLPLogExporter.ts 100.00% <100.00%> (ø)
...gs-otlp-proto/src/platform/node/OTLPLogExporter.ts 100.00% <100.00%> (ø)
...e-otlp-http/src/platform/node/OTLPTraceExporter.ts 100.00% <100.00%> (ø)
...-otlp-proto/src/platform/node/OTLPTraceExporter.ts 100.00% <100.00%> (ø)
...porter-metrics-otlp-grpc/src/OTLPMetricExporter.ts 100.00% <100.00%> (ø)
...-otlp-http/src/platform/node/OTLPMetricExporter.ts 100.00% <100.00%> (ø)
...orter-metrics-otlp-proto/src/OTLPMetricExporter.ts 100.00% <100.00%> (ø)
...perimental/packages/otlp-exporter-base/src/util.ts 93.44% <100.00%> (ø)

... and 2 files with indirect coverage changes

@pichlermarc pichlermarc force-pushed the fix/exporter-headers branch from 11d923d to 85d3d4c Compare March 12, 2024 14:05
@pichlermarc pichlermarc marked this pull request as ready for review March 13, 2024 13:14
@pichlermarc pichlermarc requested a review from a team March 13, 2024 13:14
@pichlermarc pichlermarc merged commit 3a426e8 into open-telemetry:main Mar 14, 2024
@pichlermarc pichlermarc deleted the fix/exporter-headers branch March 14, 2024 14:21
@pichlermarc pichlermarc mentioned this pull request Apr 2, 2024
Merged
This was referenced May 19, 2024
Open
Open
@Graysonbarton Graysonbarton mentioned this pull request May 21, 2024
Open
This was referenced May 22, 2024
Open
Open
This was referenced May 28, 2024
Open
Open
Open
Open
This was referenced May 29, 2024
Open
Open
This was referenced Jun 12, 2024
Open
Open
Zirak pushed a commit to Zirak/opentelemetry-js that referenced this pull request Sep 14, 2024
@pichlermarc @Zirak
fix(exporters): use parseHeaders() to ensure header-values are not 'u…
150e13d 
…ndefined' (open-telemetry#4540)

* fix(exporters): use parseHeaders() to ensure header-values are not 'undefined'

* chore: changelog

* fixup! fix(exporters): use parseHeaders() to ensure header-values are not 'undefined'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@trentm trentm trentm approved these changes

Assignees

No one assigned

Labels

bug Something isn't working pkg:exporter-metrics-otlp-http pkg:exporter-metrics-otlp-proto pkg:exporter-trace-otlp-http pkg:exporter-trace-otlp-proto priority:p1 Bugs which cause problems in end-user applications such as crashes, data inconsistencies, etc

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[otlp-exporters] passing an undefined header values crashes end-user apps

2 participants

@pichlermarc @trentm