fix: harden otel_middleware against malformed input and telemetry leaks

maxisbey · maxisbey · commit 3853a6d9071c · 2026-06-09T10:06:24.000Z
- extract_trace_context returns None on a malformed carrier instead of
  letting the propagator's TypeError fail the request
- params validation failures set the sanitized wire message as span
  status instead of recording the pydantic error (which carries client
  input values)
- jsonrpc.request.id is str() on client spans to match the server span
diff --git a/src/mcp/server/runner.py b/src/mcp/server/runner.py
@@ -128,6 +128,10 @@ async def wrapped(
             except MCPError as e:
                 span.set_status(StatusCode.ERROR, e.error.message)
                 raise
+            except ValidationError:
+                # Mirror the sanitized wire response; pydantic messages carry client input.
+                span.set_status(StatusCode.ERROR, "Invalid request parameters")
+                raise
             except Exception as e:
                 span.record_exception(e)
                 span.set_status(StatusCode.ERROR, str(e))
diff --git a/src/mcp/shared/_otel.py b/src/mcp/shared/_otel.py
@@ -40,6 +40,13 @@ def inject_trace_context(meta: dict[str, Any]) -> None:
     inject(meta)
 
 
-def extract_trace_context(meta: dict[str, Any]) -> Context:
-    """Extract W3C trace context from a `_meta` dict."""
-    return extract(meta)
+def extract_trace_context(meta: dict[str, Any]) -> Context | None:
+    """Extract W3C trace context from a `_meta` dict.
+
+    Returns `None` when the carrier is malformed; telemetry parsing must
+    never fail the request it annotates.
+    """
+    try:
+        return extract(meta)
+    except (TypeError, ValueError):
+        return None
diff --git a/src/mcp/shared/jsonrpc_dispatcher.py b/src/mcp/shared/jsonrpc_dispatcher.py
@@ -334,7 +334,7 @@ async def send_raw_request(
             with otel_span(
                 span_name,
                 kind=SpanKind.CLIENT,
-                attributes={"mcp.method.name": method, "jsonrpc.request.id": request_id},
+                attributes={"mcp.method.name": method, "jsonrpc.request.id": str(request_id)},
             ):
                 # Inject W3C trace context into _meta (SEP-414). With a no-op
                 # tracer this writes nothing, but `_meta` itself is still
diff --git a/src/mcp/shared/session.py b/src/mcp/shared/session.py
@@ -218,7 +218,7 @@ async def send_request(
             with otel_span(
                 span_name,
                 kind=SpanKind.CLIENT,
-                attributes={"mcp.method.name": request.method, "jsonrpc.request.id": request_id},
+                attributes={"mcp.method.name": request.method, "jsonrpc.request.id": str(request_id)},
             ):
                 # Inject W3C trace context into _meta (SEP-414).
                 meta: dict[str, Any] = request_data.setdefault("params", {}).setdefault("_meta", {})
diff --git a/tests/server/test_runner.py b/tests/server/test_runner.py
@@ -790,6 +790,42 @@ async def test_otel_trace_context_propagates_client_to_server(server: SrvT, span
     assert client_span.context is not None and server_span.context is not None
     assert server_span.parent.span_id == client_span.context.span_id
     assert server_span.context.trace_id == client_span.context.trace_id
+    assert client_span.attributes is not None and server_span.attributes is not None
+    assert client_span.attributes["jsonrpc.request.id"] == server_span.attributes["jsonrpc.request.id"]
+
+
+@pytest.mark.anyio
+async def test_otel_middleware_malformed_traceparent_degrades_to_no_parent(server: SrvT, spans: SpanCapture):
+    """A non-string traceparent in `_meta` must not fail the request; the
+    server span simply gets no parent."""
+
+    def break_traceparent(next_on_request: OnRequest) -> OnRequest:
+        async def wrapped(dctx: DispatchContext[Any], method: str, params: Any) -> dict[str, Any]:
+            mangled = {"_meta": {"traceparent": 123}} if method == "tools/list" else params
+            return await next_on_request(dctx, method, mangled)
+
+        return wrapped
+
+    async with connected_runner(server, dispatch_middleware=[break_traceparent, otel_middleware]) as (client, _):
+        spans.clear()
+        await client.send_raw_request("tools/list", None)
+    [server_span] = [s for s in spans.finished() if s.kind == SpanKind.SERVER]
+    assert server_span.parent is None
+
+
+@pytest.mark.anyio
+async def test_otel_middleware_validation_failure_sets_sanitized_status(server: SrvT, spans: SpanCapture):
+    """Malformed params set the sanitized wire message as span status and do
+    not record the pydantic exception (it carries client input)."""
+    async with connected_runner(server, dispatch_middleware=[otel_middleware]) as (client, _):
+        spans.clear()
+        with pytest.raises(MCPError) as exc:
+            await client.send_raw_request("tools/call", {"name": 123})
+    assert exc.value.error.code == INVALID_PARAMS
+    [span] = [s for s in spans.finished() if s.kind == SpanKind.SERVER]
+    assert span.status.status_code == StatusCode.ERROR
+    assert span.status.description == "Invalid request parameters"
+    assert not span.events
 
 
 @pytest.mark.anyio
