Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Obfuscate sql for external #559

Draft
wants to merge 12 commits into
base: main
Choose a base branch
from
Draft

Obfuscate sql for external #559

wants to merge 12 commits into from

Conversation

XiXiaPdx
Copy link
Contributor

@XiXiaPdx XiXiaPdx commented Nov 16, 2021

WIP
AIT 🟢 https://javaagent-build.pdx.vm.datanerd.us/job/AIT_Configurable/203/

Sample Test App - https://github.com/XiXiaPdx/mysql-agent-testapp

significant changes:

  1. Obfuscate early in DefaultSqlTracer
  2. removing an agent attribute being set in DefaultSlowQueryListener.
  3. Documentation

Needs tests and one todo to resolve

@@ -68,7 +68,8 @@ public DefaultSlowQueryListener(String appName, double thresholdInMillis) {
}

// This allows transaction traces to show slow queries directly in the trace details
tracer.setAgentAttribute(SqlTracer.SQL_PARAMETER_NAME, rawQueryString);
//todo: obfuscatedQueryString isn't correct, it could be Raw or Obfuscated. The queryConverter
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this TODO comment need to stay in?

}

private boolean queryExceedsSlowQueryThreshold(String appName) {
double threshold = ServiceFactory.getConfigService().getAgentConfig(appName).getTransactionTracerConfig().getExplainThresholdInMillis();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm guessing we know that none of these calls can return a null and cause an NPE

@meiao meiao force-pushed the obfuscate-sql-for-external branch from a1d2622 to 96ccc30 Compare January 5, 2022 16:04
@@ -43,7 +43,7 @@ public DefaultSlowQueryListener(String appName, double thresholdInMillis) {
@Override
public <T> void noticeTracer(Tracer tracer, SlowQueryDatastoreParameters<T> slowQueryDatastoreParameters) {
if (tracer.getDurationInMilliseconds() > thresholdInMillis) {
String query = (String) slowQueryDatastoreParameters.getQuery();
String query = slowQueryDatastoreParameters.getQuery().toString();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This fixed a ClassCastException, but it is an oversimplification that may not work for all query objects from different databases.
Ideally here it should use the queryConverter in the SlowQueryDatastoreParameters instead of assuming the toString call will return a query.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Prevent the Agent from storing raw SQL queries in memory when "record_sql" is "off" or "obfuscated"
5 participants