diff --git a/src/OpenTelemetry.Instrumentation.EntityFrameworkCore/.publicApi/PublicAPI.Unshipped.txt b/src/OpenTelemetry.Instrumentation.EntityFrameworkCore/.publicApi/PublicAPI.Unshipped.txt index 61697980c6..9f9a606ef9 100644 --- a/src/OpenTelemetry.Instrumentation.EntityFrameworkCore/.publicApi/PublicAPI.Unshipped.txt +++ b/src/OpenTelemetry.Instrumentation.EntityFrameworkCore/.publicApi/PublicAPI.Unshipped.txt @@ -1,4 +1,6 @@ OpenTelemetry.Instrumentation.EntityFrameworkCore.EntityFrameworkInstrumentationOptions +OpenTelemetry.Instrumentation.EntityFrameworkCore.EntityFrameworkInstrumentationOptions.DbStatementSanitizerEnabled.get -> bool +OpenTelemetry.Instrumentation.EntityFrameworkCore.EntityFrameworkInstrumentationOptions.DbStatementSanitizerEnabled.set -> void OpenTelemetry.Instrumentation.EntityFrameworkCore.EntityFrameworkInstrumentationOptions.EntityFrameworkInstrumentationOptions() -> void OpenTelemetry.Instrumentation.EntityFrameworkCore.EntityFrameworkInstrumentationOptions.Filter.get -> System.Func? OpenTelemetry.Instrumentation.EntityFrameworkCore.EntityFrameworkInstrumentationOptions.Filter.set -> void diff --git a/src/OpenTelemetry.Instrumentation.EntityFrameworkCore/EntityFrameworkInstrumentationOptions.cs b/src/OpenTelemetry.Instrumentation.EntityFrameworkCore/EntityFrameworkInstrumentationOptions.cs index f4b08dd49c..a23607b521 100644 --- a/src/OpenTelemetry.Instrumentation.EntityFrameworkCore/EntityFrameworkInstrumentationOptions.cs +++ b/src/OpenTelemetry.Instrumentation.EntityFrameworkCore/EntityFrameworkInstrumentationOptions.cs @@ -4,6 +4,7 @@ using System.Data; using System.Diagnostics; using Microsoft.Extensions.Configuration; +using OpenTelemetry.Instrumentation.EntityFrameworkCore.Implementation; using static OpenTelemetry.Internal.DatabaseSemanticConventionHelper; namespace OpenTelemetry.Instrumentation.EntityFrameworkCore; @@ -64,6 +65,25 @@ internal EntityFrameworkInstrumentationOptions(IConfiguration configuration) /// public Func? Filter { get; set; } + /// + /// Gets or sets a value indicating whether SQL statements should be sanitized + /// before being recorded on activities. Default value: . + /// + /// + /// + /// When enabled, SQL text is processed to remove literal values and comments + /// before it is stored in attributes such as db.statement. + /// + /// + /// WARNING: Disabling SQL statement sanitization may result in sensitive + /// data being recorded in telemetry. + /// + /// + /// DbStatementSanitizerEnabled is only supported on .NET runtimes. + /// + /// + public bool DbStatementSanitizerEnabled { get; set; } = true; + /// /// Gets or sets a value indicating whether or not the /// should add the names and values of query parameters as the db.query.parameter.{key} tag. diff --git a/src/OpenTelemetry.Instrumentation.EntityFrameworkCore/Implementation/EntityFrameworkDiagnosticListener.cs b/src/OpenTelemetry.Instrumentation.EntityFrameworkCore/Implementation/EntityFrameworkDiagnosticListener.cs index 41b5b1e9b4..bea742e94d 100644 --- a/src/OpenTelemetry.Instrumentation.EntityFrameworkCore/Implementation/EntityFrameworkDiagnosticListener.cs +++ b/src/OpenTelemetry.Instrumentation.EntityFrameworkCore/Implementation/EntityFrameworkDiagnosticListener.cs @@ -175,7 +175,7 @@ public override void OnEventWritten(string name, object? payload) case CommandType.Text: // Only SQL-like providers support sanitization as we are not // able to sanitize arbitrary commands for other query dialects. - bool sanitizeQuery = IsSqlLikeProvider(providerName); + bool sanitizeQuery = this.options.DbStatementSanitizerEnabled && IsSqlLikeProvider(providerName); DatabaseSemanticConventionHelper.ApplyConventionsForQueryText( activity, diff --git a/src/OpenTelemetry.Instrumentation.SqlClient/.publicApi/PublicAPI.Unshipped.txt b/src/OpenTelemetry.Instrumentation.SqlClient/.publicApi/PublicAPI.Unshipped.txt index e13bf6ab2c..1e7eddd688 100644 --- a/src/OpenTelemetry.Instrumentation.SqlClient/.publicApi/PublicAPI.Unshipped.txt +++ b/src/OpenTelemetry.Instrumentation.SqlClient/.publicApi/PublicAPI.Unshipped.txt @@ -1,5 +1,7 @@ #nullable enable OpenTelemetry.Instrumentation.SqlClient.SqlClientTraceInstrumentationOptions +OpenTelemetry.Instrumentation.SqlClient.SqlClientTraceInstrumentationOptions.DbStatementSanitizerEnabled.get -> bool +OpenTelemetry.Instrumentation.SqlClient.SqlClientTraceInstrumentationOptions.DbStatementSanitizerEnabled.set -> void OpenTelemetry.Instrumentation.SqlClient.SqlClientTraceInstrumentationOptions.SqlClientTraceInstrumentationOptions() -> void OpenTelemetry.Metrics.SqlClientMeterProviderBuilderExtensions OpenTelemetry.Trace.TracerProviderBuilderExtensions diff --git a/src/OpenTelemetry.Instrumentation.SqlClient/Implementation/SqlClientDiagnosticListener.cs b/src/OpenTelemetry.Instrumentation.SqlClient/Implementation/SqlClientDiagnosticListener.cs index d00912962d..6350073bae 100644 --- a/src/OpenTelemetry.Instrumentation.SqlClient/Implementation/SqlClientDiagnosticListener.cs +++ b/src/OpenTelemetry.Instrumentation.SqlClient/Implementation/SqlClientDiagnosticListener.cs @@ -168,7 +168,8 @@ public override void OnEventWritten(string name, object? payload) activity, commandText, options.EmitOldAttributes, - options.EmitNewAttributes); + options.EmitNewAttributes, + options.DbStatementSanitizerEnabled); break; case CommandType.TableDirect: diff --git a/src/OpenTelemetry.Instrumentation.SqlClient/SqlClientTraceInstrumentationOptions.cs b/src/OpenTelemetry.Instrumentation.SqlClient/SqlClientTraceInstrumentationOptions.cs index 44f18325f9..03098d3f5b 100644 --- a/src/OpenTelemetry.Instrumentation.SqlClient/SqlClientTraceInstrumentationOptions.cs +++ b/src/OpenTelemetry.Instrumentation.SqlClient/SqlClientTraceInstrumentationOptions.cs @@ -106,6 +106,25 @@ internal SqlClientTraceInstrumentationOptions(IConfiguration configuration) /// href="https://github.com/open-telemetry/semantic-conventions/blob/main/docs/exceptions/exceptions-spans.md"/>. /// public bool RecordException { get; set; } + + /// + /// Gets or sets a value indicating whether SQL statements should be sanitized + /// before being recorded on activities. Default value: . + /// + /// + /// + /// When enabled, SQL text is processed to remove literal values and comments + /// before it is stored in attributes such as db.statement. + /// + /// + /// WARNING: Disabling SQL statement sanitization may result in sensitive + /// data being recorded in telemetry. + /// + /// + /// DbStatementSanitizerEnabled is only supported on .NET runtimes. + /// + /// + public bool DbStatementSanitizerEnabled { get; set; } = true; #endif #if !NETFRAMEWORK diff --git a/test/OpenTelemetry.Instrumentation.SqlClient.Tests/SqlClientIntegrationTests.cs b/test/OpenTelemetry.Instrumentation.SqlClient.Tests/SqlClientIntegrationTests.cs index 3f4de843a1..56346d813d 100644 --- a/test/OpenTelemetry.Instrumentation.SqlClient.Tests/SqlClientIntegrationTests.cs +++ b/test/OpenTelemetry.Instrumentation.SqlClient.Tests/SqlClientIntegrationTests.cs @@ -32,6 +32,7 @@ public SqlClientIntegrationTests(SqlClientIntegrationTestsFixture fixture) #if NET [InlineData(CommandType.Text, GetContextInfoQuery, GetContextInfoQuery, false, false, false)] [InlineData(CommandType.Text, GetContextInfoQuery, GetContextInfoQuery, false, false, true)] + [InlineData(CommandType.Text, "select 1/0", "select 1/0", true, true, false, false)] #endif [InlineData(CommandType.StoredProcedure, "sp_who", "sp_who")] public void SuccessfulCommandTest( @@ -40,7 +41,8 @@ public void SuccessfulCommandTest( string? sanitizedCommandText, bool isFailure = false, bool recordException = false, - bool enableTransaction = false) + bool enableTransaction = false, + bool dbStatementSanitizerEnabled = true) { using var scope = EnvironmentVariableScope.Create( SqlClientTraceInstrumentationOptions.ContextPropagationLevelEnvVar, @@ -60,6 +62,7 @@ public void SuccessfulCommandTest( { #if NET options.RecordException = recordException; + options.DbStatementSanitizerEnabled = dbStatementSanitizerEnabled; #endif }) .Build();