open-telemetry · zhihali · Sep 6, 2024 · Sep 6, 2024 · Sep 6, 2024 · Sep 6, 2024
@@ -18,6 +18,8 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 - Fix memory leak in the global `MeterProvider` when identical instruments are repeatedly created. (#5754)
 - Fix panic instruments creation when setting meter provider. (#5758)
+- Stop percent encoding header environment variables in `open-telemetry/opentelemetry-go/exporters/otlp/otlplog/otlploggrpc` and `open-telemetry/opentelemetry-go/exporters/otlp/otlplog/otlploghttp` (#5792)
+- Remove invalid environment variable header keys in `open-telemetry/opentelemetry-go/exporters/otlp/otlplog/otlploggrpc` and `open-telemetry/opentelemetry-go/exporters/otlp/otlplog/otlploghttp` (#5792)
 - Fix an issue where `SetMeterProvider` in `go.opentelemetry.io/otel` might miss the delegation for instruments and registries. (#5780)
 
 ### Removed

@@ -13,6 +13,7 @@ import (
 	"strconv"
 	"strings"
 	"time"
+	"unicode"
 
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
@@ -442,12 +443,13 @@ func convHeaders(s string) (map[string]string, error) {
 			continue
 		}
 
-		escKey, e := url.PathUnescape(rawKey)
-		if e != nil {
+		trimmedKey := strings.TrimSpace(rawKey)
+
+		// Validate the key.
+		if !isValidHeaderKey(trimmedKey) {
 			err = errors.Join(err, fmt.Errorf("invalid header key: %s", rawKey))
 			continue
 		}
-		key := strings.TrimSpace(escKey)
 
 		escVal, e := url.PathUnescape(rawVal)
 		if e != nil {
@@ -456,11 +458,30 @@ func convHeaders(s string) (map[string]string, error) {
 		}
 		val := strings.TrimSpace(escVal)
 
-		out[key] = val
+		out[trimmedKey] = val
 	}
 	return out, err
 }
 
+func isValidHeaderKey(key string) bool {
+	if key == "" {
+		return false
+	}
+	for _, c := range key {
+		if !isTokenChar(c) {
+			return false
+		}
+	}
+	return true
+}
+
+func isTokenChar(c rune) bool {
+	return c <= unicode.MaxASCII && (unicode.IsLetter(c) ||
+		unicode.IsDigit(c) ||
+		c == '!' || c == '#' || c == '$' || c == '%' || c == '&' || c == '\'' || c == '*' ||
+		c == '+' || c == '-' || c == '.' || c == '^' || c == '_' || c == '`' || c == '|' || c == '~')
+}
+
 // convDuration converts s into a duration of milliseconds. If s does not
 // contain an integer, 0 and an error are returned.
 func convDuration(s string) (time.Duration, error) {

@@ -327,12 +327,52 @@ func TestNewConfig(t *testing.T) {
 				`tls: failed to find any PEM data in certificate input`,
 				`invalid OTEL_EXPORTER_OTLP_LOGS_HEADERS value a,%ZZ=valid,key=%ZZ:`,
 				`invalid header: a`,
-				`invalid header key: %ZZ`,
 				`invalid header value: %ZZ`,
 				`invalid OTEL_EXPORTER_OTLP_LOGS_COMPRESSION value xz: unknown compression: xz`,
 				`invalid OTEL_EXPORTER_OTLP_LOGS_TIMEOUT value 100 seconds: strconv.Atoi: parsing "100 seconds": invalid syntax`,
 			},
 		},
+        {
+            name: "HeadersWithSpaces",
+            envars: map[string]string{
+                "OTEL_EXPORTER_OTLP_HEADERS": " keyWithSpaces =value1",
+            },
+            want: config{
+                headers: newSetting(map[string]string{
+                    "keyWithSpaces": "value1",
+                }),
+                endpoint: newSetting(defaultEndpoint),
+                timeout:  newSetting(defaultTimeout),
+                retryCfg: newSetting(defaultRetryCfg),
+            },
+        },
+		{
+            name: "HeadersWithPercentEncoding",
+            envars: map[string]string{
+                "OTEL_EXPORTER_OTLP_HEADERS": "percent%20encoded=value,normal=ok",
+            },
+            want: config{
+                headers: newSetting(map[string]string{
+                    "percent%20encoded": "value",
+                    "normal":            "ok",
+                }),
+                endpoint: newSetting(defaultEndpoint),
+                timeout:  newSetting(defaultTimeout),
+                retryCfg: newSetting(defaultRetryCfg),
+            },
+        },
+		{
+            name: "HeadersWithInvalidKey",
+            envars: map[string]string{
+                "OTEL_EXPORTER_OTLP_HEADERS": "valid=ok,inva lid=not_ok,also_valid=fine",
+            },
+            want: config{
+                endpoint: newSetting(defaultEndpoint),
+                timeout:  newSetting(defaultTimeout),
+                retryCfg: newSetting(defaultRetryCfg),
+            },
+            errs: []string{`invalid header key: inva lid`},
+        },
 		{
 			name: "OptionEndpointURLWithoutScheme",
 			options: []Option{

@@ -14,6 +14,7 @@ import (
 	"strconv"
 	"strings"
 	"time"
+	"unicode"
 
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp/internal/retry"
@@ -548,12 +549,13 @@ func convHeaders(s string) (map[string]string, error) {
 			continue
 		}
 
-		escKey, e := url.PathUnescape(rawKey)
-		if e != nil {
+		trimmedKey := strings.TrimSpace(rawKey)
+
+		// Validate the key.
+		if !isValidHeaderKey(trimmedKey) {
 			err = errors.Join(err, fmt.Errorf("invalid header key: %s", rawKey))
 			continue
 		}
-		key := strings.TrimSpace(escKey)
 
 		escVal, e := url.PathUnescape(rawVal)
 		if e != nil {
@@ -562,11 +564,30 @@ func convHeaders(s string) (map[string]string, error) {
 		}
 		val := strings.TrimSpace(escVal)
 
-		out[key] = val
+		out[trimmedKey] = val
 	}
 	return out, err
 }
 
+func isValidHeaderKey(key string) bool {
+	if key == "" {
+		return false
+	}
+	for _, c := range key {
+		if !isTokenChar(c) {
+			return false
+		}
+	}
+	return true
+}
+
+func isTokenChar(c rune) bool {
+	return c <= unicode.MaxASCII && (unicode.IsLetter(c) ||
+		unicode.IsDigit(c) ||
+		c == '!' || c == '#' || c == '$' || c == '%' || c == '&' || c == '\'' || c == '*' ||
+		c == '+' || c == '-' || c == '.' || c == '^' || c == '_' || c == '`' || c == '|' || c == '~')
+}
+
 // convCompression returns the parsed compression encoded in s. NoCompression
 // and an errors are returned if s is unknown.
 func convCompression(s string) (Compression, error) {

@@ -332,12 +332,55 @@ func TestNewConfig(t *testing.T) {
 				`tls: failed to find any PEM data in certificate input`,
 				`invalid OTEL_EXPORTER_OTLP_LOGS_HEADERS value a,%ZZ=valid,key=%ZZ:`,
 				`invalid header: a`,
-				`invalid header key: %ZZ`,
 				`invalid header value: %ZZ`,
 				`invalid OTEL_EXPORTER_OTLP_LOGS_COMPRESSION value xz: unknown compression: xz`,
 				`invalid OTEL_EXPORTER_OTLP_LOGS_TIMEOUT value 100 seconds: strconv.Atoi: parsing "100 seconds": invalid syntax`,
 			},
 		},
+		{
+            name: "HeadersWithSpaces",
+            envars: map[string]string{
+                "OTEL_EXPORTER_OTLP_HEADERS": " keyWithSpaces =value1",
+            },
+            want: config{
+                headers: newSetting(map[string]string{
+                    "keyWithSpaces": "value1",
+                }),
+                endpoint: newSetting(defaultEndpoint),
+				path:     newSetting(defaultPath),
+                timeout:  newSetting(defaultTimeout),
+                retryCfg: newSetting(defaultRetryCfg),
+            },
+        },
+		{
+            name: "HeadersWithPercentEncoding",
+            envars: map[string]string{
+                "OTEL_EXPORTER_OTLP_HEADERS": "percent%20encoded=value,normal=ok",
+            },
+            want: config{
+                headers: newSetting(map[string]string{
+                    "percent%20encoded": "value",
+                    "normal":            "ok",
+                }),
+                endpoint: newSetting(defaultEndpoint),
+				path:     newSetting(defaultPath),
+                timeout:  newSetting(defaultTimeout),
+                retryCfg: newSetting(defaultRetryCfg),
+            },
+        },
+		{
+            name: "HeadersWithInvalidKey",
+            envars: map[string]string{
+                "OTEL_EXPORTER_OTLP_HEADERS": "valid=ok,inva lid=not_ok,also_valid=fine",
+            },
+            want: config{
+                endpoint: newSetting(defaultEndpoint),
+				path:     newSetting(defaultPath),
+                timeout:  newSetting(defaultTimeout),
+                retryCfg: newSetting(defaultRetryCfg),
+            },
+            errs: []string{`invalid header key: inva lid`},
+        },
 	}
 
 	for _, tc := range testcases {