[FEATURE]: Ability to hide queryString from generated spans

[sdwa0]

Describe the goal of the feature

When we switched from an old version of ingress-nginx instrumented with nginx-opentracing module to using nginx-datadog , we noticed query parameters are appended to the http.url span attribute. Also, there is a new span attribute http.url_details.queryString that contains the list of all query parameter.

I am not sure if this is due to the switch to nginx-datadog though. I couldn't find a related difference in code between nginx-opentracing and nginx-datadog.

Regardless, an ability to hide query string from generated spans would be useful. There could be services that write PII data on query string, even though that is a bad security practice. An ability to hide it will avoid that from surfacing on Datadog.

Is your feature request related to a problem?

No response

Describe alternatives you've considered

No response

Additional context

No response

[dmehala]

Hello @sdwa0,

Thank you for bringing this to our attention.

From what I understand, the module sends the full URL here, and the agent (or intake?) split it. I’m also surprised that query strings are not obfuscated by default, especially because the agent obfuscate some span metadata by default since v7.48.0.

I’d recommend reviewing the documentation on Trace Obfuscation here. From what I understand, you may need to update the agent configuration with the following:

apm_config:
  enabled: true
  obfuscation:
    http:
      ## Enables obfuscation of query strings in URLs. Disabled by default.
      remove_query_string: true
      remove_paths_with_digits: true

I hope this solves your issue. Keep me posted.

Thank you.