Addresses review comment on ObservabilityUtils.java for key-only query parameter redaction and fixes HttpJsonClientCallsTest test failure.

diegomarquezp · diegomarquezp · commit 186bb85be4fe · 2026-03-26T14:07:55.000-04:00
diff --git a/sdk-platform-java/gax-java/gax-httpjson/src/test/java/com/google/api/gax/httpjson/HttpJsonClientCallsTest.java b/sdk-platform-java/gax-java/gax-httpjson/src/test/java/com/google/api/gax/httpjson/HttpJsonClientCallsTest.java
@@ -93,7 +93,9 @@ void setUp() throws IOException {
   @Test
   void testValidUniverseDomain() {
     HttpJsonClientCalls.newCall(descriptor, callContext);
-    Mockito.verify(mockChannel, Mockito.times(1)).newCall(descriptor, callOptions);
+    HttpJsonCallOptions expectedCallOptions =
+        callOptions.toBuilder().setTracer(callContext.getTracer()).build();
+    Mockito.verify(mockChannel, Mockito.times(1)).newCall(descriptor, expectedCallOptions);
   }
 
   // This test is when the universe domain does not match
diff --git a/sdk-platform-java/gax-java/gax/src/main/java/com/google/api/gax/tracing/ObservabilityUtils.java b/sdk-platform-java/gax-java/gax/src/main/java/com/google/api/gax/tracing/ObservabilityUtils.java
@@ -42,17 +42,15 @@
 
 final class ObservabilityUtils {
 
-  private ObservabilityUtils() {
-  }
+  private ObservabilityUtils() {}
 
   /** Constant for redacted values. */
   private static final String REDACTED_VALUE = "REDACTED";
 
   /**
-   * A set of lowercase query parameter keys whose values should be
-   * redacted in URLs for observability. These include direct credentials
-   * (access keys), cryptographic signatures (to prevent replay attacks
-   * or leak of authorization), and session identifiers (like upload_id).
+   * A set of lowercase query parameter keys whose values should be redacted in URLs for
+   * observability. These include direct credentials (access keys), cryptographic signatures (to
+   * prevent replay attacks or leak of authorization), and session identifiers (like upload_id).
    */
   private static final ImmutableSet<String> SENSITIVE_QUERY_KEYS =
       ImmutableSet.of(
@@ -66,27 +64,24 @@ private ObservabilityUtils() {
           "api_key"); // API Keys
 
   /**
-   * Sanitizes an HTTP URL by redacting sensitive query parameters and
-   * credentials in the user-info component. If the provided URL cannot
-   * be parsed (e.g. invalid syntax), it returns the original string.
+   * Sanitizes an HTTP URL by redacting sensitive query parameters and credentials in the user-info
+   * component. If the provided URL cannot be parsed (e.g. invalid syntax), it returns the original
+   * string.
    *
-   * <p>This sanitization process conforms to the recommendations in footnote 3
-   * of the OpenTelemetry semantic conventions for HTTP URL attributes:
+   * <p>This sanitization process conforms to the recommendations in footnote 3 of the OpenTelemetry
+   * semantic conventions for HTTP URL attributes:
    * https://opentelemetry.io/docs/specs/semconv/registry/attributes/url/
    *
    * <ul>
    *   <li><i>"url.full MUST NOT contain credentials passed via URL in form of
-   *       https://user:pass@example.com/. In such case username and password
-   *       SHOULD be redacted and attribute's value SHOULD be
-   *       https://REDACTED:REDACTED@example.com/."</i>
-   *       - Handled by stripping the raw user info component.
-   *   <li><i>"url.full SHOULD capture the absolute URL when it is available
-   *       (or can be reconstructed)."</i>
-   *       - Handled by parsing and rebuilding the generic URI.
-   *   <li><i>"When a query string value is redacted, the query string key
-   *       SHOULD still be preserved, e.g.
-   *       https://www.example.com/path?color=blue&sig=REDACTED."</i>
-   *       - Handled by the redactSensitiveQueryValues method.
+   *       https://user:pass@example.com/. In such case username and password SHOULD be redacted and
+   *       attribute's value SHOULD be https://REDACTED:REDACTED@example.com/."</i> - Handled by
+   *       stripping the raw user info component.
+   *   <li><i>"url.full SHOULD capture the absolute URL when it is available (or can be
+   *       reconstructed)."</i> - Handled by parsing and rebuilding the generic URI.
+   *   <li><i>"When a query string value is redacted, the query string key SHOULD still be
+   *       preserved, e.g. https://www.example.com/path?color=blue&sig=REDACTED."</i> - Handled by
+   *       the redactSensitiveQueryValues method.
    * </ul>
    *
    * @param url the raw URL string
@@ -96,9 +91,7 @@ static String sanitizeUrlFull(final String url) {
     try {
       java.net.URI uri = new java.net.URI(url);
       String sanitizedUserInfo =
-          uri.getRawUserInfo() != null
-              ? REDACTED_VALUE + ":" + REDACTED_VALUE
-              : null;
+          uri.getRawUserInfo() != null ? REDACTED_VALUE + ":" + REDACTED_VALUE : null;
       String sanitizedQuery = redactSensitiveQueryValues(uri.getRawQuery());
       java.net.URI sanitizedUri =
           new java.net.URI(
@@ -118,16 +111,14 @@ static String sanitizeUrlFull(final String url) {
   /**
    * Redacts the values of sensitive keys within a raw URI query string.
    *
-   * <p>This logic splits the query string by the {@code &} delimiter
-   * without full URL decoding, ensures only values belonging to predefined
-   * sensitive keys are replaced with {@code REDACTED_VALUE}.
-   * The check is strictly case-insensitive.
+   * <p>This logic splits the query string by the {@code &} delimiter without full URL decoding,
+   * ensures only values belonging to predefined sensitive keys are replaced with {@code
+   * REDACTED_VALUE}. The check is strictly case-insensitive.
    *
-   * <p>Note regarding Footnote 3: The OpenTelemetry spec recommends
-   * case-sensitive matching for query parameters. However, we intentionally
-   * utilize case-insensitive matching (by lowercasing all query keys)
-   * to prevent credentials bypassing validation when sent with mixed
-   * casings (e.g., Sig=..., API_KEY=...).
+   * <p>Note regarding Footnote 3: The OpenTelemetry spec recommends case-sensitive matching for
+   * query parameters. However, we intentionally utilize case-insensitive matching (by lowercasing
+   * all query keys) to prevent credentials bypassing validation when sent with mixed casings (e.g.,
+   * Sig=..., API_KEY=...).
    *
    * @param rawQuery the raw query string from a java.net.URI
    * @return a reconstructed query sequence with sensitive values redacted
@@ -142,13 +133,13 @@ private static String redactSensitiveQueryValues(final String rawQuery) {
             .map(
                 param -> {
                   int equalsIndex = param.indexOf('=');
-                  String key = equalsIndex >= 0
-                      ? param.substring(0, equalsIndex)
-                      : param;
+                  if (equalsIndex < 0) {
+                    return param;
+                  }
+                  String key = param.substring(0, equalsIndex);
                   // Case-insensitive match utilizing the fact that all
                   // predefined keys are in lowercase
-                  if (SENSITIVE_QUERY_KEYS.contains(
-                      key.toLowerCase(java.util.Locale.US))) {
+                  if (SENSITIVE_QUERY_KEYS.contains(key.toLowerCase())) {
                     return key + "=" + REDACTED_VALUE;
                   }
                   return param;
@@ -172,8 +163,7 @@ static String extractStatus(@Nullable final Throwable error) {
     } else if (error instanceof CancellationException) {
       statusString = StatusCode.Code.CANCELLED.toString();
     } else if (error instanceof ApiException) {
-      statusString =
-          ((ApiException) error).getStatusCode().getCode().toString();
+      statusString = ((ApiException) error).getStatusCode().getCode().toString();
     } else {
       statusString = StatusCode.Code.UNKNOWN.toString();
     }
diff --git a/sdk-platform-java/gax-java/gax/src/test/java/com/google/api/gax/tracing/ObservabilityUtilsTest.java b/sdk-platform-java/gax-java/gax/src/test/java/com/google/api/gax/tracing/ObservabilityUtilsTest.java
@@ -136,6 +136,13 @@ void testSanitizeUrlFull_redactsSensitiveQueryParameters_caseInsensitive() {
             "https://example.com/some/path?upload_Id=REDACTED&AWSAccessKeyId=REDACTED&foo=bar&API_KEY=REDACTED");
   }
 
+  @Test
+  void testSanitizeUrlFull_handlesKeyOnlyParameters() {
+    String url = "https://example.com/some/path?api_key&foo=bar";
+    String sanitized = ObservabilityUtils.sanitizeUrlFull(url);
+    assertThat(sanitized).isEqualTo("https://example.com/some/path?api_key&foo=bar");
+  }
+
   @Test
   void testSanitizeUrlFull_handlesMalformedUrl() {
     String url = "invalid::url:";
