do not extract endpoint from path for 404s (#1069)

brharrington · web-flow · commit 2b2e651e9322 · 2023-08-02T14:19:12.000-05:00
This can lead to a large set of endpoints for things
like security scans. Logs should be used to track down
those paths.
diff --git a/spectator-ext-ipc/src/main/java/com/netflix/spectator/ipc/IpcLogEntry.java b/spectator-ext-ipc/src/main/java/com/netflix/spectator/ipc/IpcLogEntry.java
@@ -639,7 +639,7 @@ private IpcAttemptFinal getAttemptFinal() {
 
   private String getEndpoint() {
     return (endpoint == null)
-        ? (path == null) ? "unknown" : PathSanitizer.sanitize(path)
+        ? (path == null || httpStatus == 404) ? "unknown" : PathSanitizer.sanitize(path)
         : endpoint;
   }
 
diff --git a/spectator-ext-ipc/src/test/java/com/netflix/spectator/ipc/IpcLogEntryTest.java b/spectator-ext-ipc/src/test/java/com/netflix/spectator/ipc/IpcLogEntryTest.java
@@ -225,6 +225,17 @@ public void endpointViaUri() {
     Assertions.assertEquals("_api_v1_-", actual);
   }
 
+  @Test
+  public void endpointViaUri404() {
+    String path = "/api/v1/1234567890";
+    String actual = (String) entry
+        .withUri(URI.create(path))
+        .withHttpStatus(404)
+        .convert(this::toMap)
+        .get("endpoint");
+    Assertions.assertEquals("unknown", actual);
+  }
+
   @Test
   public void clientNode() {
     String expected = "i-12345";

Original file line number	Diff line number	Diff line change
`@@ -639,7 +639,7 @@ private IpcAttemptFinal getAttemptFinal() {`
`639`	`639`
`640`	`640`	`private String getEndpoint() {`
`641`	`641`	`return (endpoint == null)`
`642`		`- ? (path == null) ? "unknown" : PathSanitizer.sanitize(path)`
	`642`	`+ ? (path == null \|\| httpStatus == 404) ? "unknown" : PathSanitizer.sanitize(path)`
`643`	`643`	`: endpoint;`
`644`	`644`	`}`
`645`	`645`