envoyproxy/envoy

Feature request for modifying how zipkin tracer acts upon receiving bad headers

Open

#12 713 ouverte le 18 août 2020

Voir sur GitHub
 (3 commentaires) (0 réactions) (0 assignés)C++ (5 373 forks)batch import
area/tracinghelp wanted

Métriques du dépôt

Stars
 (27 997 stars)
Métriques de merge PR
 (Merge moyen 8j) (378 PRs mergées en 30 j)

Description

Description:

Send non hex characters as request header x-b3-traceid or x-b3-spanid, or send headers that are not of 64/128bit hex length. The tracer operates correctly and securely in the sense that it was not a sampled trace and was not submitted to zipkin collector.

However, this unverified data can then be sent to upstream, to access logs, added in headers_to_add, etc, with a small possible risk of introducing malicious input handled somewhere that was expecting a mandated format. Request to validate the traceid and span ids are of appropriate format, otherwise reject the supplied trace and start a new trace (just like what happens when trace is missing entirely) so that systems expect to always have valid headers with this config. An alternative is to strip all the headers. I believe that starting a new trace is the behavior of spring-cloud-sleuth.

Config:

+                  tracing:
+                    provider:
+                      name: envoy.tracers.zipkin
+                      typed_config:
+                        "@type": type.googleapis.com/envoy.config.trace.v3.ZipkinConfig
+                        trace_id_128bit: true
+                        collector_cluster: remote_zipkin
+                        collector_endpoint: "/api/v2/spans"
+                        collector_endpoint_version: HTTP_JSON

Logs: There are no logs at debug level when this rejects the trace. Possibly could be logged or gauged.

Relevant: The below curl output demonstrates echoing back the input – notice it is not sampled with x-b3-sampled: 1

curl -k -v https://localhost/echo -H "x-b3-traceid: 273d1yyyyyyyyyyyyyyy <>{} @#$%^&*()" -H "x-b3-spanid: c115c94374c93923"
> GET /echo HTTP/1.1
> Host: localhost
> User-Agent: curl/7.54.0
> Accept: */*
> x-b3-traceid: 273d1yyyyyyyyyyyyyyy <>{} @#$%^&*()
> x-b3-spanid: c115c94374c93923
>
< HTTP/1.1 200 OK
< date: Mon Aug 17 2020 13:23:46 GMT-0700 (Pacific Daylight Time)
< content-type: text/plain
< access-control-allow-origin: *
< x-envoy-upstream-service-time: 1
< x-response-traceid: 273d1yyyyyyyyyyyyyyy <>{} @#$%^&*() ****<- added via response_headers_to_add
< server: envoy
< transfer-encoding: chunked
< 
GET /echo HTTP/1.1
host: localhost
user-agent: curl/7.54.0
accept: */*
x-b3-traceid: 273d1yyyyyyyyyyyyyyy <>{} @#$%^&*()
x-b3-spanid: c115c94374c93923
x-forwarded-proto: https
x-envoy-expected-rq-timeout-ms: 15000
content-length: 0

Guide contributeur