Add URL sanitization feature to redactionprocessor

Signed-off-by: Israel Blancas <[email protected]>

Author: iblancasa

.chloggen/41535.yaml

@@ -0,0 +1,27 @@
+# Use this changelog template to create an entry for release notes.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: enhancement
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: redactionprocessor
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: "Add support for URL sanitization in the redaction processor."
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+issues: [41535]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
+
+# If your change doesn't affect end users or the exported elements of any package,
+# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
+# Optional: The change log or logs in which this entry should be included.
+# e.g. '[user]' or '[user, api]'
+# Include 'user' if the change is relevant to end users.
+# Include 'api' if there is a change to a library API.
+# Default: '[user]'
+change_logs: []

processor/redactionprocessor/README.md

@@ -102,6 +102,20 @@ processors:
     # - `info` includes just the redacted key counts in the summary
     # - `silent` omits the summary attributes
     summary: debug
+    # url_sanitization configures URL sanitization to remove variable elements from the url, causing high cardinality issues
+    url_sanitization:
+      # enabled controls whether URL sanitization is active
+      enabled: true
+      # attributes is a list of attribute keys that contain URLs to be sanitized
+      attributes: ["http.url", "url"]
+      # max_segments is the maximum number of path segments to retain in the URL
+      max_segments: 4
+      # cache_size is used to cache valid elements from the url
+      cache_size: 1000
+      # replace_with is the string used to replace sanitized segments in the URL
+      replace_with: "***"
+      # sanitize_span_name controls whether to apply URL sanitization to span names
+      sanitize_span_name: true
 ```
 
 Refer to [config.yaml](./testdata/config.yaml) for how to fit the configuration
@@ -130,6 +144,8 @@ instead of masking them with a fixed string. By default, no hash function is use
 and masking with a fixed string is performed. The supported hash functions
 are `md5`, `sha1` and `sha3` (SHA-256).
 
+The `url_sanitization` configuration enables sanitization of URLs in specified attributes by removing potentially sensitive information like UUIDs, timestamps, and other non-essential path segments. When enabled, it processes URLs to retain only a configured maximum number of path segments and replaces the rest with a specified string. This is particularly useful for reducing cardinality in telemetry data while preserving the essential parts of URLs for troubleshooting.
+
 For example, if `notes` is on the list of allowed keys, then the `notes`
 attribute is retained. However, if there is a value such as a credit card
 number in the `notes` field that matched a regular expression on the list of

processor/redactionprocessor/config.go

@@ -10,6 +10,7 @@ import (
 	"strings"
 
 	"github.com/open-telemetry/opentelemetry-collector-contrib/processor/redactionprocessor/internal/db"
+	"github.com/open-telemetry/opentelemetry-collector-contrib/processor/redactionprocessor/internal/url"
 )
 
 var _ encoding.TextUnmarshaler = (*HashFunction)(nil)
@@ -69,6 +70,9 @@ type Config struct {
 	// information, while it is valuable when integrating and testing a new
 	// configuration. Possible values are `debug`, `info`, and `silent`.
 	Summary string `mapstructure:"summary"`
+
+	// URLSanitization is a flag to sanitize URLs by removing UUIDs, timestamps, and other non-essential information
+	URLSanitization url.URLSanitizationConfig `mapstructure:"url_sanitization"`
 }
 
 func (u HashFunction) String() string {

processor/redactionprocessor/go.mod

@@ -4,6 +4,7 @@ go 1.24
 
 require (
 	github.com/DataDog/datadog-agent/pkg/obfuscate v0.68.3
+	github.com/grafana/clusterurl v0.0.0-20250807194035-5e7bb040a64c
 	github.com/stretchr/testify v1.10.0
 	go.opentelemetry.io/collector/component v1.38.0
 	go.opentelemetry.io/collector/component/componenttest v0.132.0
@@ -21,6 +22,7 @@ require (
 )
 
 require (
+	github.com/AlessandroPomponio/go-gibberish v0.0.0-20191004143433-a2d4156f0396 // indirect
 	github.com/DataDog/datadog-agent/pkg/util/log v0.68.3 // indirect
 	github.com/DataDog/datadog-agent/pkg/util/scrubber v0.68.3 // indirect
 	github.com/DataDog/datadog-agent/pkg/version v0.68.3 // indirect
@@ -38,6 +40,7 @@ require (
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/hashicorp/go-version v1.7.0 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/knadh/koanf/maps v0.1.2 // indirect
 	github.com/knadh/koanf/providers/confmap v1.0.0 // indirect

processor/redactionprocessor/go.sum

@@ -0,0 +1,28 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package url // import "github.com/open-telemetry/opentelemetry-collector-contrib/processor/redactionprocessor/internal/url"
+
+import "errors"
+
+type URLSanitizationConfig struct {
+	Enabled bool `mapstructure:"enabled"`
+	// MaxSegments is the maximum number of segments in a path.
+	MaxSegments int `mapstructure:"max_segments"`
+	// ReplaceWith is the character that will replace the segments in a path.
+	ReplaceWith string `mapstructure:"replace_with"`
+	// CacheSize is the size of the cache for the classifier.
+	CacheSize int `mapstructure:"cache_size"`
+	// Attributes is the list of attributes that will be sanitized.
+	Attributes []string `mapstructure:"attributes"`
+	// SanitizeSpanName is a flag to sanitize the span name.
+	SanitizeSpanName bool `mapstructure:"sanitize_span_name"`
+}
+
+func (u *URLSanitizationConfig) Validate() error {
+	if len(u.ReplaceWith) > 1 {
+		return errors.New("replace_with must be a single character")
+	}
+
+	return nil
+}

processor/redactionprocessor/internal/url/config.go

@@ -0,0 +1,61 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package url // import "github.com/open-telemetry/opentelemetry-collector-contrib/processor/redactionprocessor/internal/url"
+
+import (
+	"fmt"
+
+	"github.com/grafana/clusterurl/clusterurl"
+)
+
+type URLSanitizer struct {
+	classifier *clusterurl.ClusterURLClassifier
+	attributes map[string]bool
+}
+
+func NewURLSanitizer(config URLSanitizationConfig) (*URLSanitizer, error) {
+	classifierConfig := clusterurl.DefaultConfig()
+	if config.CacheSize > 0 {
+		classifierConfig.CacheSize = config.CacheSize
+	}
+	if config.MaxSegments > 0 {
+		classifierConfig.MaxSegments = config.MaxSegments
+	}
+	if config.ReplaceWith != "" {
+		classifierConfig.ReplaceWith = config.ReplaceWith[0]
+	}
+
+	classifier, err := clusterurl.NewClusterURLClassifier(classifierConfig)
+	if err != nil {
+		return nil, fmt.Errorf("unable to create cluster URL classifier: %w", err)
+	}
+
+	attributes := make(map[string]bool)
+	for _, attribute := range config.Attributes {
+		attributes[attribute] = true
+	}
+
+	return &URLSanitizer{
+		classifier: classifier,
+		attributes: attributes,
+	}, nil
+}
+
+func (s *URLSanitizer) SanitizeAttributeURL(url, attributeKey string) string {
+	if url == "" {
+		return url
+	}
+
+	if _, ok := s.attributes[attributeKey]; ok {
+		return s.SanitizeURL(url)
+	}
+
+	return url
+}
+
+// SanitizeURL sanitizes the given URL by removing any gibberish words.
+// https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/blob/38ca7938595409b8ffe6b897c14a0e3280dd2941/pkg/components/transform/route/cluster.go#L48
+func (s *URLSanitizer) SanitizeURL(url string) string {
+	return s.classifier.ClusterURL(url)
+}

processor/redactionprocessor/internal/url/sanitizer.go

@@ -23,6 +23,7 @@ import (
 	"golang.org/x/crypto/sha3"
 
 	"github.com/open-telemetry/opentelemetry-collector-contrib/processor/redactionprocessor/internal/db"
+	"github.com/open-telemetry/opentelemetry-collector-contrib/processor/redactionprocessor/internal/url"
 )
 
 const attrValuesSeparator = ","
@@ -44,6 +45,8 @@ type redaction struct {
 	config *Config
 	// Logger
 	logger *zap.Logger
+	// URL sanitizer
+	urlSanitizer *url.URLSanitizer
 	// Database obfuscator
 	dbObfuscator *db.Obfuscator
 }
@@ -69,6 +72,13 @@ func newRedaction(ctx context.Context, config *Config, logger *zap.Logger) (*red
 		return nil, fmt.Errorf("failed to process allow list: %w", err)
 	}
 
+	var urlSanitizer *url.URLSanitizer
+	if config.URLSanitization.Enabled {
+		urlSanitizer, err = url.NewURLSanitizer(config.URLSanitization)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create URL sanitizer: %w", err)
+		}
+	}
 	dbObfuscator := db.NewObfuscator(config.DBSanitizer)
 
 	return &redaction{
@@ -80,6 +90,7 @@ func newRedaction(ctx context.Context, config *Config, logger *zap.Logger) (*red
 		hashFunction:      config.HashFunction,
 		config:            config,
 		logger:            logger,
+		urlSanitizer:      urlSanitizer,
 		dbObfuscator:      dbObfuscator,
 	}, nil
 }
@@ -129,6 +140,10 @@ func (s *redaction) processResourceSpan(ctx context.Context, rs ptrace.ResourceS
 
 			// Attributes can also be part of span events
 			s.processSpanEvents(ctx, span.Events())
+
+			if s.config.URLSanitization.SanitizeSpanName && s.urlSanitizer != nil {
+				span.SetName(s.urlSanitizer.SanitizeURL(span.Name()))
+			}
 		}
 	}
 }
@@ -401,6 +416,10 @@ func (s *redaction) processStringValueForAttribute(strVal, attributeKey string)
 		}
 	}
 
+	if s.urlSanitizer != nil {
+		strVal = s.urlSanitizer.SanitizeAttributeURL(strVal, attributeKey)
+	}
+
 	if s.dbObfuscator != nil {
 		obfuscatedQuery, err := s.dbObfuscator.ObfuscateAttribute(strVal, attributeKey)
 		if err != nil {
@@ -421,6 +440,10 @@ func (s *redaction) processStringValueForLogBody(strVal string) string {
 		}
 	}
 
+	if s.urlSanitizer != nil {
+		strVal = s.urlSanitizer.SanitizeURL(strVal)
+	}
+
 	if s.dbObfuscator != nil {
 		obfuscatedQuery, err := s.dbObfuscator.Obfuscate(strVal)
 		if err != nil {