fix(spans): Scrub integer file extensions (#2856)

We've seen resource span descriptions like `http://domain.com/*.123` which cause high cardinality in the extension.
getsentry · Dec 15, 2023 · 901fb84 · 901fb84
1 parent 9f84edc
commit 901fb84
Showing 1 changed file with 33 additions and 8 deletions.
diff --git a/relay-event-normalization/src/normalize/span/description/mod.rs b/relay-event-normalization/src/normalize/span/description/mod.rs
@@ -293,13 +293,7 @@ fn scrub_resource_filename<'a>(ty: &str, path: &'a str) -> Cow<'a, str> {
  extension = "";
  }
 
- // Only accept short, clean file extensions.
- if let Some(invalid) = extension.bytes().position(|c| !c.is_ascii_alphanumeric()) {
- extension = &extension[..invalid];
- }
- if extension.len() > MAX_EXTENSION_LENGTH {
- extension = "";
- }
+ let extension = scrub_resource_file_extension(extension);
 
  let basename = if ty == "img" {
  Cow::Borrowed("*")
@@ -349,6 +343,30 @@ fn scrub_resource_segment(segment: &str) -> Cow<str> {
  segment
 }
 
+fn scrub_resource_file_extension(mut extension: &str) -> &str {
+ // Only accept short, clean file extensions.
+ let mut digits = 0;
+ for (i, byte) in extension.bytes().enumerate() {
+ if byte.is_ascii_digit() {
+ digits += 1;
+ }
+ if digits > 1 {
+ // Allow extensions like `.mp4`
+ return "*";
+ }
+ if !byte.is_ascii_alphanumeric() {
+ extension = &extension[..i];
+ break;
+ }
+ }
+
+ if extension.len() > MAX_EXTENSION_LENGTH {
+ extension = "*";
+ }
+
+ extension
+}
+
 #[cfg(test)]
 mod tests {
  use relay_protocol::Annotated;
@@ -718,7 +736,7 @@ mod tests {
  resource_script_with_long_extension,
  "/path/to/file.thisismycustomfileextension2000",
  "resource.script",
- "/*/file"
+ "/*/file.*"
  );
 
  span_description_test!(
@@ -735,6 +753,13 @@ mod tests {
  "/*/file"
  );
 
+ span_description_test!(
+ resource_img_extension,
+ "http://domain.com/something.123",
+ "resource.img",
+ "http://domain.com/*.*"
+ );
+
  span_description_test!(
  resource_img_embedded,
  "data:image/svg+xml;base64,PHN2ZyB4bW",