This repository has been archived by the owner on Sep 13, 2022. It is now read-only.
Protect from exceptions in decodeURIComponent; do not url-encode span context #105
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…code span context
vprithvi
reviewed
Mar 29, 2017
| import SpanContext from '../src/span_context'; | ||
|
|
||
| describe ('TextMapCodec', () => { | ||
| it('should not URL-decode value that has no % meta-characters', () => { |
There was a problem hiding this comment.
This test is insufficient because decodeURIComponent(abc) returns abc. We should explicitly verify that decodeURIComponent('abc') has never been called.
There was a problem hiding this comment.
good point, but I am not sure how to do that. @saminzadeh is there a way to mock standard functions?
yurishkuro
commented
Mar 29, 2017
src/propagators/text_map_codec.js
Outdated
| if (this._urlEncoding && value.indexOf('%') > -1) { | ||
| // unfortunately, decodeURIComponent() can throw 'URIError: URI malformed' | ||
| try { | ||
| return decodeURIComponent(value); |
There was a problem hiding this comment.
@saminzadeh do you know if there's an alternative std function that never throws exceptions?
vprithvi
approved these changes
Mar 29, 2017
Iuriy-Budnikov
pushed a commit
to agile-pm/jaeger-client-node
that referenced
this pull request
Sep 25, 2021
* Adds Metrics API https://github.com/open-telemetry/opentelemetry-specification/blob/master/specification/metrics-api.md adds gauge and counter types checkpoint checkpoint update docs update index.ts move todo * yarn check
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
decodeURIComponent can throw
URIError: URI malformedwhen unable to parse the string.The string representation of the context is #:#:#:# (# is hex digits), so it is "safe" to be used as is in the http header value without URL encoding.