Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request option that does not include the SQL statement in the tag #1329

Open
be-hase opened this issue May 12, 2022 · 4 comments
Open

Request option that does not include the SQL statement in the tag #1329

be-hase opened this issue May 12, 2022 · 4 comments
Labels
enhancement

Comments

@be-hase
Copy link

be-hase commented May 12, 2022

Feature

I want an option that does not include the SQL statement in the tag

Rationale and Example Scenario

Currently, when I apply mysql's Tracing Query Interceptor, sql query is included as a span tag.

brave/instrumentation/mysql8/src/main/java/brave/mysql8/TracingQueryInterceptor.java

Line 58 in 6ff1428

span.tag("sql.query", sql);

While this is very convenient, sql queries often contain sensitive personal information.
For sensitive applications, it would be nice to have an option that doesn't include sql query as a tag.

Prior Art

For example, lettuce (mejor redis client library) also has an option like this.
https://github.com/lettuce-io/lettuce-core/blob/7be77cb8298b456cb68754f71c5eb3fed412c0f9/src/main/java/io/lettuce/core/tracing/BraveTracing.java#L151-L156
@be-hase
Copy link
Author

be-hase commented May 16, 2022

It seems good to add the following implementation specifically for the client side prepared statement.

This will get the args part as ?.
e.g. SELECT * FROM test WHERE id = ?

  @Override
  public <T extends Resultset> T preProcess(Supplier<String> sqlSupplier, Query interceptedQuery) {
    // Gets the next span (and places it in scope) so code between here and postProcess can read it
    Span span = ThreadLocalSpan.CURRENT_TRACER.next();
    if (span == null || span.isNoop()) return null;

    String sql = sqlSupplier.get();

    // ↓ THIS
    if (interceptedQuery instanceof ClientPreparedStatement) {
      Query query = ((ClientPreparedStatement) interceptedQuery).getQuery();
      if (query instanceof ClientPreparedQuery) {
        sql = ((ClientPreparedQuery) query).getOriginalSql();
      }
    }
    // ↑ THIS

    int spaceIndex = sql.indexOf(' '); // Allow span names of single-word statements like COMMIT
    span.kind(CLIENT).name(spaceIndex == -1 ? sql : sql.substring(0, spaceIndex));
    span.tag("sql.query", sql);
    parseServerIpAndPort(connection, span);
    span.start();
    return null;
  }

@jcchavezs
Copy link
Contributor

jcchavezs commented Oct 11, 2022 via email
edited

@be-hase
Copy link
Author

be-hase commented Oct 24, 2022

OK, please wait. :)

@jcchavezs
Copy link
Contributor

Awesome!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@be-hase @jcchavezs