fix(api): Filter internal trace attributes from results#116093
fix(api): Filter internal trace attributes from results#116093nsdeschenes wants to merge 1 commit into
Conversation
Apply EAP API visibility checks to trace item stats, ranked attribute comparisons, trace item detail serialization, exports, and RPC table/stat responses. Hidden attributes in query filters now return empty results instead of broadening the query for regular users.
github-actions
Bot
added
the
Scope: Backend
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit ab4a530. Configure here.
| cohort_1_distribution_map={}, | ||
| total_cohort_1=0, | ||
| cohort_1_function_value=function_value, | ||
| ) |
There was a problem hiding this comment.
Ranked resolver misses hidden function
Medium Severity
The ranked-attribute flow calls Spans.run_table_query without passing the shared SearchResolver, so hidden API fields referenced only in the percentile function are tracked on a throwaway resolver. has_hidden_api_attributes() on the main resolver stays false and the endpoint can still run full distribution analysis instead of returning empty ranked results.
Reviewed by Cursor Bugbot for commit ab4a530. Configure here.
1 participant
Summary
include_internalparameter throughspans_rpc,occurrences_rpc, anddata_exportcallershas_hidden_api_attributes()short-circuit inRPCBase.run_table_query()to avoid dispatching RPCs when the query is guaranteed to return nothing usefulDepends on #116091
Test plan
test_project_trace_item_details.py,test_organization_trace_item_stats.py, andtest_organization_trace_item_attributes_ranked.pyCloses TODO