Skip to content

Rename isParameterizedQuery to isQuerySanitizationNeeded #15890

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Copilot wants to merge 5 commits into
base: main
Choose a base branch
from
+75 −75
Draft

Rename isParameterizedQuery to isQuerySanitizationNeeded #15890

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
a8196b5
Initial plan
Copilot Jan 17, 2026
1f2a552
Rename isParameterizedQuery to isQuerySanitizationNeeded with inverte…
Copilot Jan 17, 2026
ee53ab6
Fix R2DBC logic: use anyMatch instead of allMatch for sanitization check
Copilot Jan 17, 2026
3d3a905
Revert R2DBC to use allMatch to preserve original behavior
Copilot Jan 17, 2026
45dc6ea
fix
trask Jan 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .../opentelemetry/instrumentation/api/incubator/semconv/db/SqlClientAttributesExtractor.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,8 +103,8 @@ public void onStart(AttributesBuilder attributes, Context parentContext, REQUEST
if (isBatch) {
internalSet(attributes, DB_OPERATION_BATCH_SIZE, batchSize);
}
boolean parameterizedQuery = getter.isParameterizedQuery(request);
boolean shouldSanitize = statementSanitizationEnabled && !parameterizedQuery;
boolean shouldSanitize =
statementSanitizationEnabled && getter.isQuerySanitizationNeeded(request);
if (rawQueryTexts.size() == 1) {
String rawQueryText = rawQueryTexts.iterator().next();
SqlStatementInfo sanitizedStatement = SqlStatementSanitizerUtil.sanitize(rawQueryText);
Expand Down
12 changes: 6 additions & 6 deletions .../io/opentelemetry/instrumentation/api/incubator/semconv/db/SqlClientAttributesGetter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,15 +94,15 @@ default Map<String, String> getDbQueryParameters(REQUEST request) {
}

/**
* Returns whether the query is parameterized. Prepared statements are always considered
* parameterized even if no parameters are bound. By using a parameterized query the user is
* giving a strong signal that any sensitive data will be passed as parameter values, and so the
* query does not need to be sanitized. See <a
* Returns whether query sanitization is needed. Prepared statements are always considered
* parameterized and do not need sanitization. By using a parameterized query (e.g., prepared
* statement) the user is giving a strong signal that any sensitive data will be passed as
* parameter values, and so the query does not need to be sanitized. See <a
* href="https://github.com/open-telemetry/semantic-conventions/blob/main/docs/db/database-spans.md#sanitization-of-dbquerytext">sanitization
* of db.query.text</a>.
*/
// TODO: make this required to implement
default boolean isParameterizedQuery(REQUEST request) {
return false;
default boolean isQuerySanitizationNeeded(REQUEST request) {
return true;
}
}
6 changes: 3 additions & 3 deletions ...main/java/io/opentelemetry/javaagent/instrumentation/cassandra/v3_0/CassandraRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,13 @@
public abstract class CassandraRequest {

public static CassandraRequest create(
Session session, String queryText, boolean parameterizedQuery) {
return new AutoValue_CassandraRequest(session, queryText, parameterizedQuery);
Session session, String queryText, boolean sanitizationNeeded) {
return new AutoValue_CassandraRequest(session, queryText, sanitizationNeeded);
}

public abstract Session getSession();

public abstract String getQueryText();

public abstract boolean isParameterizedQuery();
public abstract boolean isQuerySanitizationNeeded();
}
4 changes: 2 additions & 2 deletions .../opentelemetry/javaagent/instrumentation/cassandra/v3_0/CassandraSqlAttributesGetter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ public InetSocketAddress getNetworkPeerInetSocketAddress(
}

@Override
public boolean isParameterizedQuery(CassandraRequest request) {
return request.isParameterizedQuery();
public boolean isQuerySanitizationNeeded(CassandraRequest request) {
return request.isQuerySanitizationNeeded();
}
}
16 changes: 8 additions & 8 deletions ...c/main/java/io/opentelemetry/javaagent/instrumentation/cassandra/v3_0/TracingSession.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ public ListenableFuture<Session> initAsync() {

@Override
public ResultSet execute(String query) {
CassandraRequest request = CassandraRequest.create(session, query, false);
CassandraRequest request = CassandraRequest.create(session, query, true);
Context context = instrumenter().start(Context.current(), request);
ResultSet resultSet;
try (Scope ignored = context.makeCurrent()) {
Expand All @@ -63,7 +63,7 @@ public ResultSet execute(String query) {

@Override
public ResultSet execute(String query, Object... values) {
CassandraRequest request = CassandraRequest.create(session, query, values.length > 0);
CassandraRequest request = CassandraRequest.create(session, query, values.length == 0);
Context context = instrumenter().start(Context.current(), request);
ResultSet resultSet;
try (Scope ignored = context.makeCurrent()) {
Expand All @@ -78,7 +78,7 @@ public ResultSet execute(String query, Object... values) {

@Override
public ResultSet execute(String query, Map<String, Object> values) {
CassandraRequest request = CassandraRequest.create(session, query, !values.isEmpty());
CassandraRequest request = CassandraRequest.create(session, query, values.isEmpty());
Context context = instrumenter().start(Context.current(), request);
ResultSet resultSet;
try (Scope ignored = context.makeCurrent()) {
Expand All @@ -95,7 +95,7 @@ public ResultSet execute(String query, Map<String, Object> values) {
public ResultSet execute(Statement statement) {
String query = getQuery(statement);
CassandraRequest request =
CassandraRequest.create(session, query, statement instanceof BoundStatement);
CassandraRequest.create(session, query, !(statement instanceof BoundStatement));
Context context = instrumenter().start(Context.current(), request);
ResultSet resultSet;
try (Scope ignored = context.makeCurrent()) {
Expand All @@ -110,7 +110,7 @@ public ResultSet execute(Statement statement) {

@Override
public ResultSetFuture executeAsync(String query) {
CassandraRequest request = CassandraRequest.create(session, query, false);
CassandraRequest request = CassandraRequest.create(session, query, true);
Context context = instrumenter().start(Context.current(), request);
try (Scope ignored = context.makeCurrent()) {
ResultSetFuture future = session.executeAsync(query);
Expand All @@ -121,7 +121,7 @@ public ResultSetFuture executeAsync(String query) {

@Override
public ResultSetFuture executeAsync(String query, Object... values) {
CassandraRequest request = CassandraRequest.create(session, query, values.length > 0);
CassandraRequest request = CassandraRequest.create(session, query, values.length == 0);
Context context = instrumenter().start(Context.current(), request);
try (Scope ignored = context.makeCurrent()) {
ResultSetFuture future = session.executeAsync(query, values);
Expand All @@ -132,7 +132,7 @@ public ResultSetFuture executeAsync(String query, Object... values) {

@Override
public ResultSetFuture executeAsync(String query, Map<String, Object> values) {
CassandraRequest request = CassandraRequest.create(session, query, !values.isEmpty());
CassandraRequest request = CassandraRequest.create(session, query, values.isEmpty());
Context context = instrumenter().start(Context.current(), request);
try (Scope ignored = context.makeCurrent()) {
ResultSetFuture future = session.executeAsync(query, values);
Expand All @@ -145,7 +145,7 @@ public ResultSetFuture executeAsync(String query, Map<String, Object> values) {
public ResultSetFuture executeAsync(Statement statement) {
String query = getQuery(statement);
CassandraRequest request =
CassandraRequest.create(session, query, statement instanceof BoundStatement);
CassandraRequest.create(session, query, !(statement instanceof BoundStatement));
Context context = instrumenter().start(Context.current(), request);
try (Scope ignored = context.makeCurrent()) {
ResultSetFuture future = session.executeAsync(statement);
Expand Down
6 changes: 3 additions & 3 deletions ...main/java/io/opentelemetry/javaagent/instrumentation/cassandra/v4_0/CassandraRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,13 @@
public abstract class CassandraRequest {

public static CassandraRequest create(
Session session, String queryText, boolean parameterizedQuery) {
return new AutoValue_CassandraRequest(session, queryText, parameterizedQuery);
Session session, String queryText, boolean sanitizationNeeded) {
return new AutoValue_CassandraRequest(session, queryText, sanitizationNeeded);
}

public abstract Session getSession();

public abstract String getQueryText();

public abstract boolean isParameterizedQuery();
public abstract boolean isQuerySanitizationNeeded();
}
4 changes: 2 additions & 2 deletions .../opentelemetry/javaagent/instrumentation/cassandra/v4_0/CassandraSqlAttributesGetter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ public InetSocketAddress getNetworkPeerInetSocketAddress(
}

@Override
public boolean isParameterizedQuery(CassandraRequest request) {
return request.isParameterizedQuery();
public boolean isQuerySanitizationNeeded(CassandraRequest request) {
return request.isQuerySanitizationNeeded();
}
}
8 changes: 4 additions & 4 deletions ...ain/java/io/opentelemetry/javaagent/instrumentation/cassandra/v4_0/TracingCqlSession.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ static CqlSession wrapSession(CqlSession session) {
}

private static ResultSet execute(CqlSession session, String query) {
CassandraRequest request = CassandraRequest.create(session, query, false);
CassandraRequest request = CassandraRequest.create(session, query, true);
Context context = instrumenter().start(Context.current(), request);
ResultSet resultSet;
try (Scope ignored = context.makeCurrent()) {
Expand All @@ -87,7 +87,7 @@ private static ResultSet execute(CqlSession session, String query) {
private static ResultSet execute(CqlSession session, Statement<?> statement) {
String query = getQuery(statement);
CassandraRequest request =
CassandraRequest.create(session, query, statement instanceof BoundStatement);
CassandraRequest.create(session, query, !(statement instanceof BoundStatement));
Context context = instrumenter().start(Context.current(), request);
ResultSet resultSet;
try (Scope ignored = context.makeCurrent()) {
Expand All @@ -104,12 +104,12 @@ private static CompletionStage<AsyncResultSet> executeAsync(
CqlSession session, Statement<?> statement) {
String query = getQuery(statement);
CassandraRequest request =
CassandraRequest.create(session, query, statement instanceof BoundStatement);
CassandraRequest.create(session, query, !(statement instanceof BoundStatement));
return executeAsync(request, () -> session.executeAsync(statement));
}

private static CompletionStage<AsyncResultSet> executeAsync(CqlSession session, String query) {
CassandraRequest request = CassandraRequest.create(session, query, false);
CassandraRequest request = CassandraRequest.create(session, query, true);
return executeAsync(request, () -> session.executeAsync(query));
}

Expand Down
6 changes: 3 additions & 3 deletions ...brary/src/main/java/io/opentelemetry/instrumentation/cassandra/v4_4/CassandraRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,13 @@
public abstract class CassandraRequest {

public static CassandraRequest create(
Session session, String queryText, boolean parameterizedQuery) {
return new AutoValue_CassandraRequest(session, queryText, parameterizedQuery);
Session session, String queryText, boolean sanitizationNeeded) {
return new AutoValue_CassandraRequest(session, queryText, sanitizationNeeded);
}

public abstract Session getSession();

public abstract String getQueryText();

public abstract boolean isParameterizedQuery();
public abstract boolean isQuerySanitizationNeeded();
}
4 changes: 2 additions & 2 deletions ...in/java/io/opentelemetry/instrumentation/cassandra/v4_4/CassandraSqlAttributesGetter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ public InetSocketAddress getNetworkPeerInetSocketAddress(
}

@Override
public boolean isParameterizedQuery(CassandraRequest request) {
return request.isParameterizedQuery();
public boolean isQuerySanitizationNeeded(CassandraRequest request) {
return request.isQuerySanitizationNeeded();
}
}
8 changes: 4 additions & 4 deletions ...rary/src/main/java/io/opentelemetry/instrumentation/cassandra/v4_4/TracingCqlSession.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ CqlSession wrapSession(CqlSession session) {
}

private ResultSet execute(CqlSession session, String query) {
CassandraRequest request = CassandraRequest.create(session, query, false);
CassandraRequest request = CassandraRequest.create(session, query, true);
Context context = instrumenter.start(Context.current(), request);
ResultSet resultSet;
try (Scope ignored = context.makeCurrent()) {
Expand All @@ -102,7 +102,7 @@ private ResultSet execute(CqlSession session, String query) {
private ResultSet execute(CqlSession session, Statement<?> statement) {
String query = getQuery(statement);
CassandraRequest request =
CassandraRequest.create(session, query, statement instanceof BoundStatement);
CassandraRequest.create(session, query, !(statement instanceof BoundStatement));
Context context = instrumenter.start(Context.current(), request);
ResultSet resultSet;
try (Scope ignored = context.makeCurrent()) {
Expand All @@ -118,12 +118,12 @@ private ResultSet execute(CqlSession session, Statement<?> statement) {
private CompletionStage<AsyncResultSet> executeAsync(CqlSession session, Statement<?> statement) {
String query = getQuery(statement);
CassandraRequest request =
CassandraRequest.create(session, query, statement instanceof BoundStatement);
CassandraRequest.create(session, query, !(statement instanceof BoundStatement));
return executeAsync(request, () -> session.executeAsync(statement));
}

private CompletionStage<AsyncResultSet> executeAsync(CqlSession session, String query) {
CassandraRequest request = CassandraRequest.create(session, query, false);
CassandraRequest request = CassandraRequest.create(session, query, true);
return executeAsync(request, () -> session.executeAsync(query));
}

Expand Down
4 changes: 2 additions & 2 deletions ...aagent/src/main/java/io/opentelemetry/javaagent/instrumentation/jdbc/JdbcAdviceScope.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,14 +78,14 @@ private static DbRequest createBatchRequest(Statement statement) {
}
Long batchSize = JdbcData.getPreparedStatementBatchSize((PreparedStatement) statement);
Map<String, String> parameters = JdbcData.getParameters((PreparedStatement) statement);
return DbRequest.create(statement, sql, batchSize, parameters, true);
return DbRequest.create(statement, sql, batchSize, parameters, false);
} else {
JdbcData.StatementBatchInfo batchInfo = JdbcData.getStatementBatchInfo(statement);
if (batchInfo == null) {
return DbRequest.create(statement, null);
} else {
return DbRequest.create(
statement, batchInfo.getStatements(), batchInfo.getBatchSize(), false);
statement, batchInfo.getStatements(), batchInfo.getBatchSize(), true);
}
}
}
Expand Down
32 changes: 16 additions & 16 deletions .../jdbc/library/src/main/java/io/opentelemetry/instrumentation/jdbc/internal/DbRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,12 +34,12 @@ public static DbRequest create(
JdbcData.preparedStatement.get(statement),
null,
preparedStatementParameters,
true);
false);
}

@Nullable
public static DbRequest create(Statement statement, String dbStatementString) {
return create(statement, dbStatementString, null, emptyMap(), false);
return create(statement, dbStatementString, null, emptyMap(), true);
}

@Nullable
Expand All @@ -48,7 +48,7 @@ public static DbRequest create(
String dbStatementString,
Long batchSize,
Map<String, String> preparedStatementParameters,
boolean parameterizedQuery) {
boolean sanitizationNeeded) {
Connection connection = connectionFromStatement(statement);
if (connection == null) {
return null;
Expand All @@ -59,48 +59,48 @@ public static DbRequest create(
dbStatementString,
batchSize,
preparedStatementParameters,
parameterizedQuery);
sanitizationNeeded);
}

public static DbRequest create(
Statement statement,
Collection<String> queryTexts,
Long batchSize,
boolean parameterizedQuery) {
boolean sanitizationNeeded) {
Connection connection = connectionFromStatement(statement);
if (connection == null) {
return null;
}

return create(extractDbInfo(connection), queryTexts, batchSize, emptyMap(), parameterizedQuery);
return create(extractDbInfo(connection), queryTexts, batchSize, emptyMap(), sanitizationNeeded);
}

public static DbRequest create(DbInfo dbInfo, String queryText, boolean parameterizedQuery) {
return create(dbInfo, queryText, null, emptyMap(), parameterizedQuery);
public static DbRequest create(DbInfo dbInfo, String queryText, boolean sanitizationNeeded) {
return create(dbInfo, queryText, null, emptyMap(), sanitizationNeeded);
}

public static DbRequest create(
DbInfo dbInfo,
String queryText,
Long batchSize,
Map<String, String> preparedStatementParameters,
boolean parameterizedQuery) {
boolean sanitizationNeeded) {
return create(
dbInfo,
Collections.singletonList(queryText),
batchSize,
preparedStatementParameters,
parameterizedQuery);
sanitizationNeeded);
}

public static DbRequest create(
DbInfo dbInfo,
Collection<String> queryTexts,
Long batchSize,
Map<String, String> preparedStatementParameters,
boolean parameterizedQuery) {
boolean sanitizationNeeded) {
return create(
dbInfo, queryTexts, batchSize, null, preparedStatementParameters, parameterizedQuery);
dbInfo, queryTexts, batchSize, null, preparedStatementParameters, sanitizationNeeded);
}

private static DbRequest create(
Expand All @@ -109,9 +109,9 @@ private static DbRequest create(
Long batchSize,
String operation,
Map<String, String> preparedStatementParameters,
boolean parameterizedQuery) {
boolean sanitizationNeeded) {
return new AutoValue_DbRequest(
dbInfo, queryTexts, batchSize, operation, preparedStatementParameters, parameterizedQuery);
dbInfo, queryTexts, batchSize, operation, preparedStatementParameters, sanitizationNeeded);
}

@Nullable
Expand All @@ -125,7 +125,7 @@ public static DbRequest createTransaction(Connection connection, String operatio
}

public static DbRequest createTransaction(DbInfo dbInfo, String operation) {
return create(dbInfo, Collections.emptyList(), null, operation, emptyMap(), false);
return create(dbInfo, Collections.emptyList(), null, operation, emptyMap(), true);
}

public abstract DbInfo getDbInfo();
Expand All @@ -141,5 +141,5 @@ public static DbRequest createTransaction(DbInfo dbInfo, String operation) {

public abstract Map<String, String> getPreparedStatementParameters();

public abstract boolean isParameterizedQuery();
public abstract boolean isQuerySanitizationNeeded();
}
4 changes: 2 additions & 2 deletions ...ry/src/main/java/io/opentelemetry/instrumentation/jdbc/internal/JdbcAttributesGetter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,8 +72,8 @@ public Map<String, String> getDbQueryParameters(DbRequest request) {
}

@Override
public boolean isParameterizedQuery(DbRequest request) {
return request.isParameterizedQuery();
public boolean isQuerySanitizationNeeded(DbRequest request) {
return request.isQuerySanitizationNeeded();
}

@Nullable
Expand Down
Loading
Loading