Skip to content

Maintenance: update warning log in Tracer to better format segment name #1749

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
1 of 2 tasks
dreamorosi opened this issue Oct 18, 2023 · 2 comments · Fixed by #1750
Closed
1 of 2 tasks

Maintenance: update warning log in Tracer to better format segment name #1749

dreamorosi opened this issue Oct 18, 2023 · 2 comments · Fixed by #1750
Assignees
@dreamorosi
Labels
completed This item is complete and has been merged/shipped internal PRs that introduce changes in governance, tech debt and chores (linting setup, baseline, etc.) tracer This item relates to the Tracer Utility

Comments

@dreamorosi
Copy link
Contributor

Summary

The Tracer utility logs a warning when it can't manipulate a segment, this is done to avoid throwing an error and blocking customer code. The log includes the name of the segment that threw an error.

Currently the name of the segment is included using string concatenation with a non-literal variable. We should update this to use constant values for the format string, and leverage the language (i.e. util.format('hello %s', 'Alice'); or console.warn('hello %s', 'Bob');), so that the value is handled properly.

Why is this needed?

According to Semgrep guidance:

Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message.

Which area does this relate to?

Tracer

Solution

See recommendation in section above.

Acknowledgment

Future readers

Please react with 👍 and your use case to help us understand customer demand.
@dreamorosi dreamorosi added tracer This item relates to the Tracer Utility internal PRs that introduce changes in governance, tech debt and chores (linting setup, baseline, etc.) confirmed The scope is clear, ready for implementation labels Oct 18, 2023
@dreamorosi dreamorosi self-assigned this Oct 18, 2023
@dreamorosi dreamorosi mentioned this issue Oct 18, 2023
Merged
9 tasks
@dreamorosi dreamorosi linked a pull request Oct 18, 2023 that will close this issue
chore(tracer): update warning to better format segment name #1750
Merged
9 tasks
@github-project-automation github-project-automation bot moved this from Working on it to Coming soon in Powertools for AWS Lambda (TypeScript) Oct 18, 2023
@github-actions
Copy link
Contributor

⚠️ COMMENT VISIBILITY WARNING ⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@github-actions github-actions bot added pending-release This item has been merged and will be released soon and removed confirmed The scope is clear, ready for implementation labels Oct 18, 2023
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Nov 1, 2023

This is now released under v1.14.1 version!

@github-actions github-actions bot added completed This item is complete and has been merged/shipped and removed pending-release This item has been merged and will be released soon labels Nov 1, 2023
@dreamorosi dreamorosi moved this from Coming soon to Shipped in Powertools for AWS Lambda (TypeScript) Nov 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dreamorosi dreamorosi

Labels
completed This item is complete and has been merged/shipped internal PRs that introduce changes in governance, tech debt and chores (linting setup, baseline, etc.) tracer This item relates to the Tracer Utility
Projects
Powertools for AWS Lambda (TypeScript)
Status: Shipped
Milestone
No milestone
1 participant
@dreamorosi