Skip to content

feat: sensitive masking option and upgrade dependencies#26

Merged
hgiasac merged 3 commits into
mainfrom
chore/upgrade-sdk
Apr 11, 2026
Merged

feat: sensitive masking option and upgrade dependencies#26
hgiasac merged 3 commits into
mainfrom
chore/upgrade-sdk

Conversation

@hgiasac
Copy link
Copy Markdown
Collaborator

@hgiasac hgiasac commented Apr 11, 2026

This pull request introduces improvements to the tracing middleware and utilities, focusing on making sensitive header detection more flexible and configurable. The main changes include allowing users to specify custom sensitive header patterns, refactoring option names for clarity, and updating dependencies to their latest versions.

Key changes include:

Tracing Middleware Enhancements:

  • Added a new WithSensitivePatterns option to tracingMiddleware, allowing users to specify custom patterns for masking sensitive headers in telemetry logs. This makes it easier to adapt to different security requirements. [1] [2] [3] [4]
  • Refactored option names for header allow-lists to WithAllowedRequestHeaders and WithAllowedResponseHeaders for consistency and clarity. [1] [2]

Sensitive Header Detection Logic:

  • Replaced the old EvaluateSensitiveHeader function with a new, more flexible IsSensitiveHeader function that supports user-defined patterns and defaults to a built-in list if none are provided. [1] [2] [3] [4] [5]

Testing Improvements:

  • Added tests for the new WithSensitivePatterns option and for the renamed allow-list options to ensure correct behavior and integration.

Dependency Updates:

  • Updated OpenTelemetry and related dependencies to their latest versions in go.mod and jsonschema/go.mod, ensuring compatibility and access to new features and bug fixes. [1] [2] [3]

Test Adjustments for Refactoring:

  • Updated tests to use the new function signatures and naming conventions for sensitive header detection and allow-list options. [1] [2]

@hgiasac hgiasac requested a review from Copilot April 11, 2026 08:35
Copilot AI reviewed Apr 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enhances the tracing middleware and otelutils by making sensitive header masking configurable (via custom patterns), renaming header allow-list options for clarity, and upgrading OpenTelemetry-related dependencies.

Changes:

  • Add configurable sensitive-header masking via pattern lists, with default keyword-based masking when no patterns are provided.
  • Rename request/response header allow-list options to WithAllowedRequestHeaders / WithAllowedResponseHeaders.
  • Upgrade OpenTelemetry and related Go dependencies in both root and jsonschema modules.

Reviewed changes

Copilot reviewed 6 out of 8 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
otelutils/utils.go Adds default sensitive keywords and replaces EvaluateSensitiveHeader with IsSensitiveHeader; updates telemetry header extraction to accept sensitive patterns.
otelutils/utils_test.go Updates existing tests for the new APIs and adds coverage for custom sensitive patterns and extraction behavior.
middleware.go Wires SensitivePatterns through middleware options and renames allow-list option functions.
middleware_test.go Adds tests covering the new option wiring and renamed allow-list option behavior.
go.mod / go.sum Bumps OpenTelemetry and other related dependencies.
jsonschema/go.mod / jsonschema/go.sum Mirrors dependency upgrades in the jsonschema submodule.
Comments suppressed due to low confidence (1)

middleware.go:470

  • Renaming AllowRequestHeaders/AllowResponseHeaders to WithAllowedRequestHeaders/WithAllowedResponseHeaders is a breaking API change and currently leaves at least one in-repo caller still using the old names (example/server.go). Either update remaining call sites and/or keep deprecated wrapper functions with the old names to preserve backward compatibility for external users.
// WithAllowedRequestHeaders return an option to set allowed request headers.
// If empty, all headers are allowed.
func WithAllowedRequestHeaders(names []string) TracingMiddlewareOption {
	return func(tmo *tracingMiddlewareOptions) {
		tmo.AllowedRequestHeaders = toLowerStrings(names)
	}
}

// WithAllowedResponseHeaders return an option to set allowed response headers.
// If empty, all headers are allowed.
func WithAllowedResponseHeaders(names []string) TracingMiddlewareOption {
	return func(tmo *tracingMiddlewareOptions) {
		tmo.AllowedResponseHeaders = toLowerStrings(names)
	}
}

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread otelutils/utils.go
Comment thread otelutils/utils.go
Comment thread middleware.go Outdated
Comment thread otelutils/utils_test.go
Comment thread middleware_test.go
@hgiasac hgiasac merged commit 253b87a into main Apr 11, 2026
4 checks passed
@hgiasac hgiasac deleted the chore/upgrade-sdk branch April 11, 2026 08:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hgiasac