Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tracing captures sensitive URL query parameters #12879

Open
RichardoC opened this issue Feb 21, 2025 · 3 comments
Open

Tracing captures sensitive URL query parameters #12879

RichardoC opened this issue Feb 21, 2025 · 3 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. needs-priority needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.

Comments

@RichardoC
Copy link

What happened:

The (optional) tracing configuration, will include url query strings, which often have sensitive information in them for example, if you use an oauth login flow

By default, sensitive information shouldn't be captured in traces

What you expected to happen:

Trace spans don't contain url query parameters

NGINX Ingress controller version v1.12.0

Kubernetes version (use kubectl version): N/A

Environment:

  • Cloud provider or hardware configuration: N/A

  • OS (e.g. from /etc/os-release): N/A

  • Kernel (e.g. uname -a):N/A

  • Install tools:

    • Please mention how/where was the cluster created like kubeadm/kops/minikube/kind etc.

  • Basic cluster related info:

    • kubectl version
    • kubectl get nodes -o wide

  • How was the ingress-nginx-controller installed:
    -Helm package 4.12.0

    • If helm was used then please show output of helm -n <ingresscontrollernamespace> get values <helmreleasename>
    • If helm was not used, then copy/paste the complete precise command used to install the controller, along with the flags and options used
    • if you have more than one instance of the ingress-nginx-controller installed in the same cluster, please provide details for all the instances
      Relevant part of the vlaues.yaml
controller:
  config
      otlp-collector-host: SOME_OTEL_HOST
      enable-opentelemetry: "true"
      otel-service-name: ingress-nginx
      otel-sampler: AlwaysOn
      otel-sampler-ratio: 1.0

  • Current State of the controller:
    N/A

  • Current state of ingress object, if applicable:
    N/A

  • Others:

    • Any other related information like ;
      • copy/paste of the snippet (if applicable)
      • kubectl describe ... of any custom configmap(s) created and in use
      • Any other related information that may help

How to reproduce this issue:

As minimally and precisely as possible. Keep in mind we do not have access to your cluster or application.
Help up us (if possible) reproducing the issue using minikube or kind.

Install minikube/kind

Install the ingress controller

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/baremetal/deploy.yaml

Install an application that will act as default backend (is just an echo app)

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/docs/examples/http-svc.yaml

Create an ingress (please add any additional annotation required)

echo "
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: foo-bar
annotations:
kubernetes.io/ingress.class: nginx
spec:
ingressClassName: nginx # omit this if you're on controller version below 1.0.0
rules:
- host: foo.bar
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: http-svc
port:
number: 80
" | kubectl apply -f -

Configure tracing, and an otel compatible storage

make a request

POD_NAME=$(k get pods -n ingress-nginx -l app.kubernetes.io/name=ingress-nginx -o NAME)
kubectl exec -it -n ingress-nginx $POD_NAME -- curl -H 'Host: foo.bar' localhost?my-sensitive-value=hunter2
  • Check the trace span in jaeger, and see the sensitive information in the "http.target" and "http.url" fields

Anything else we need to know:

This issue is actually coming from </~https://github.com/open-telemetry/opentelemetry-cpp-contrib/blob/main/instrumentation/nginx/README.md > where I can't see a way to configure this plugin to not store the url query parameters. Also, my cpp isn't good enough to try and fix it there
@RichardoC RichardoC added the kind/bug Categorizes issue or PR as related to a bug. label Feb 21, 2025
@k8s-ci-robot
Copy link
Contributor

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority labels Feb 21, 2025
@RichardoC
Copy link
Author

This is somewhat related to #12878 where I found the same issue in logging

@RichardoC
Copy link
Author

This was already reported to security@kubernetes.io and they said to make a public issue for this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. needs-priority needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.
Projects
[SIG Network] Ingress NGINX
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RichardoC @k8s-ci-robot