Skip to content

Add comprehensive defensive parsing tests for TraceState and Baggage propagators #3040

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Add comprehensive defensive parsing tests for TraceState and Baggage propagators #3040

wants to merge 3 commits into from

Conversation

Copilot
Copy link
Contributor

@Copilot Copilot AI commented Jun 27, 2025
edited
Loading

This PR adds extensive defensive parsing tests for TraceState and Baggage propagators to ensure they handle malformed headers gracefully without crashes or security vulnerabilities, following the OpenTelemetry .NET security advisory.

Changes Made

TraceState Parsing (opentelemetry/src/trace/span_context.rs)

  • Fixed valid_key() validation: Now properly rejects empty keys and invalid vendor format edge cases
  • Added test_tracestate_defensive_parsing: Tests malformed inputs including empty strings, invalid characters, Unicode, control characters, and very long inputs
  • Added test_tracestate_memory_safety: Tests extremely long inputs (100k+ chars) and memory exhaustion protection
  • Added test_tracestate_key_validation_edge_cases: Comprehensive tests for key validation rules per W3C spec
  • Added test_tracestate_value_validation_edge_cases: Comprehensive tests for value validation rules

Baggage Parsing (opentelemetry-sdk/src/propagation/baggage.rs)

  • Added extract_baggage_defensive_parsing: Tests malformed baggage headers don't cause crashes
  • Added extract_baggage_memory_safety: Tests memory safety with very long headers and many entries (10k+ entries)
  • Added extract_baggage_percent_encoding_edge_cases: Tests invalid percent encoding patterns

TraceContext Parsing (opentelemetry-sdk/src/propagation/trace_context.rs)

  • Added extract_w3c_defensive_traceparent: Tests malformed traceparent headers
  • Added extract_w3c_defensive_tracestate: Tests malformed tracestate with valid traceparent
  • Added extract_w3c_memory_safety: Tests memory safety with extremely long inputs
  • Added extract_w3c_boundary_conditions: Tests boundary conditions for versions and flags

Security Improvements

The tests validate that the parsing code handles these attack vectors defensively:

  • Memory exhaustion: Very long headers (100k+ characters) and excessive entries (10k+ items)
  • Invalid UTF-8 sequences: Malformed Unicode that could cause parsing errors
  • Control characters: Null bytes, newlines, tabs that might confuse parsers
  • Malformed structures: Missing equals signs, empty keys/values, nested separators
  • Invalid percent encoding: Incomplete or invalid hex sequences

Test Results

All tests pass successfully:

  • ✅ TraceState tests: 8/8 passing
  • ✅ Baggage tests: 7/7 passing
  • ✅ TraceContext tests: 9/9 passing
  • ✅ All existing tests continue to pass

The existing parsing implementations already handle most malformed inputs gracefully by design, logging warnings and ignoring invalid entries. These tests ensure this defensive behavior is maintained and covers edge cases that could be exploited.

Fixes #2757.

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

@linux-foundation-easycla Linux Foundation: EasyCLA
Copy link

linux-foundation-easycla bot commented Jun 27, 2025
edited
Loading

CLA Missing ID CLA Not Signed

@Copilot Copilot AI changed the title [WIP] Review, test and ensure TraceState,Baggage parsing is defensive Add comprehensive defensive parsing tests for TraceState and Baggage propagators Jun 27, 2025
@Copilot Copilot AI requested a review from cijothomas June 27, 2025 16:07
Copilot finished work on behalf of cijothomas June 27, 2025 16:07
@codecov Codecov
Copy link

codecov bot commented Jul 6, 2025

Codecov Report

Attention: Patch coverage is 94.50262% with 21 lines in your changes missing coverage. Please review.

Project coverage is 80.3%. Comparing base (5e29598) to head (b4b4ea5).
Report is 8 commits behind head on main.

Files with missing lines Patch % Lines
opentelemetry/src/trace/span_context.rs 93.2% 11 Missing ⚠️
opentelemetry-sdk/src/propagation/baggage.rs 94.9% 5 Missing ⚠️
opentelemetry-sdk/src/propagation/trace_context.rs 95.7% 5 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##            main   #3040     +/-   ##
=======================================
+ Coverage   80.0%   80.3%   +0.2%     
=======================================
  Files        126     126             
  Lines      21879   22257    +378     
=======================================
+ Hits       17519   17883    +364     
- Misses      4360    4374     +14

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cijothomas cijothomas Awaiting requested review from cijothomas

At least 1 approving review is required to merge this pull request.

Assignees

@cijothomas cijothomas

Copilot code review Copilot

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Review, test and ensure TraceState,Baggage parsing is defensive
2 participants
@Copilot @cijothomas