Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[EF6] Incorrectly sanitised subsegment name #213

Open
yngndrw opened this issue Aug 13, 2021 · 3 comments
Open

[EF6] Incorrectly sanitised subsegment name #213

yngndrw opened this issue Aug 13, 2021 · 3 comments
Assignees
@srprash

Comments

@yngndrw
Copy link

yngndrw commented Aug 13, 2021
edited
Loading

Hello,

When using the EF6 XRay interceptor (AWSXRayEntityFramework6.AddXRayInterceptor()), the subsegment name is based upon the database name and the connection data source.

The port number is removed from the connection data source but no other sanitisation is performed.

It is valid for the connection data source to contain characters which are invalid for an XRay subsection name as there's a special alias for the current machine which includes parenthesis: (local)
https://docs.microsoft.com/en-us/dotnet/framework/data/adonet/connection-string-syntax#windows-authentication-with-sqlclient

In my case I end up with a section name which looks like this:
my_database_name@(local)

...resulting in the daemon error:
Invalid subsegment. ErrorCode: InvalidName, Cause: null

I suspect the same issue also applies to the DbCommandInterceptor, as the code is duplicated there.

As the subsection name is generated from an uncontrolled source, I'd suggest fully sanitising it to ensure that only the valid characters are included.
@srprash
Copy link
Collaborator

srprash commented Aug 22, 2021

Hi @yngndrw
Currently we are only sanitizing the port number from the connection string, but as you pointed out in your case, if the data-source contains ( or ), it will be rejected by the X-Ray service since the segment/subsegment names can only contain these valid characters.

I looked into the X-Ray Python SDK and noticed that we sanitize all the segment and subsegment names within the SDK before sending them out to the Daemon. We can probably do the same here if it doesn't affect the performance.

@yngndrw
Copy link
Author

yngndrw commented Jan 31, 2022

I'd forgotten all about this issue, moved onto another project and ran into it again - This time using TraceableSqlCommand. It's very annoying.

Are there any plans to resolve this issue for the next release?

@srprash
Copy link
Collaborator

srprash commented Feb 7, 2022

Hi @yngndrw
Sorry to hear that you ran into this issue again. I think we can implement sanitization of invalid segment/subsegment names with ease. However, I am slightly concerned if this could be a breaking change for someone who might be purposely using invalid name to avoid sending the segment. I know it's an uncommon case and likely not being used, but I will get back to you on this soon. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@srprash srprash

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yngndrw @srprash