Skip to content

enhance elasticsearch body sanitization #3919

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

enhance elasticsearch body sanitization #3919

wants to merge 5 commits into from
+169 −51

Conversation

@mznet
Copy link

@mznet mznet commented Nov 4, 2025

Description

The existing sanitize_body can only handle limited types of queries, and sometimes it loses the query structure while sanitizing. It also cannot handle tricky queries like aggregation or script.
I improved the body sanitization by masking all values in the leaf nodes. It’s a simple solution, but more clear, no exception, and also keeps the query structure.

Fixes #3876

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

I added new queries like term, script, and aggregation to check if sanitize_body can sanitize well and not lose the query structure. I also checked that the existing test queries still keep their structure while masking.

Does This PR Require a Core Repo Change?

  • Yes. - Link to PR:
  • No.

Checklist:

See contributing.md for styleguide, changelog guidelines, and more.

  • Followed the style guidelines of this project
  • Changelogs have been updated
  • Unit tests have been added
  • Documentation has been updated

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Nov 4, 2025
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

@mznet mznet force-pushed the better-elasticsearch-sanitization branch from fc4629a to 62e324e Compare November 4, 2025 13:36
@xrmx xrmx moved this to Ready for review in @xrmx's Python PR digest Nov 4, 2025
@xrmx
Copy link
Contributor

xrmx commented Nov 4, 2025

@mznet thanks, please add a changelog entry

@mznet mznet requested a review from a team as a code owner November 5, 2025 00:30
@mznet mznet force-pushed the better-elasticsearch-sanitization branch from d5610ea to 1674df0 Compare November 5, 2025 00:33
@mznet
Copy link
Author

mznet commented Nov 5, 2025

@xrmx i've updated it.

@mznet
Copy link
Author

mznet commented Nov 5, 2025

@xrmx some tests were failed but i fixed them

@xrmx
Copy link
Contributor

xrmx commented Nov 5, 2025

@mznet please run tox -e pyXX-test-instrumentation-elasticsearch-1 and tox -e lint-instrumentation-elasticsearch locally before the next push

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xrmx xrmx xrmx approved these changes

Assignees

No one assigned

Labels

None yet

Projects

@xrmx's Python PR digest
Status: Ready for review

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Insufficient sanitization in Elasticsearch query handling

2 participants

@mznet @xrmx