chore: Added url obfuscation example (#292)

newrelic · Aug 28, 2024 · 82e6f09 · 82e6f09
1 parent 0a036fd
commit 82e6f09
Show file tree

Hide file tree

Showing 8 changed files with 131 additions and 0 deletions.
diff --git a/custom-instrumentation/README.md b/custom-instrumentation/README.md
@@ -12,6 +12,7 @@ This folder contains example applications using the [Agent API](https://newrelic
 * [Distributed tracing](./distributed-tracing/) - example application that demonstrates distributed tracing
 * [Segments](./segments) - example application that demonstrates how to use the [newrelic.startSegment API](https://newrelic.github.io/node-newrelic/API.html#startSegment) in a variety of cases: callback-based, promise-based, asyncronously, and syncronously
 * [Start Web Transaction](./start-web-transaction/) - example application that demonstrates how to use [newrelic.startWebTransaction](https://newrelic.github.io/node-newrelic/API.html#startWebTransaction).
+* [URL Obfuscation](./url-obfuscation) - example application that demonstrates how to use [url_obfuscation rules](https://docs.newrelic.com/docs/apm/agents/nodejs-agent/installation-configuration/nodejs-agent-configuration/#url-obfuscation) to scrub PII from span names and attributes.
 
 ## Purpose of Instrumentation
 

diff --git a/custom-instrumentation/url-obfuscation/README.md b/custom-instrumentation/url-obfuscation/README.md
@@ -0,0 +1,43 @@
+# Sample URL Obfuscation Application 
+
+This example provides an application that applies a url obfuscation rule to scrub email adddresses from external http calls using `fetch`. 
+
+## Getting Started
+
+1. Clone or fork this repository.
+2. Navigate to this example's sub directory
+   ```
+   cd newrelic-node-examples/custom-instrumentation/url-obfuscation
+   ```
+3. Install dependencies and run application.
+   ```
+   npm install
+   cp env.sample .env
+   # Fill out `NEW_RELIC_LICENSE_KEY` in .env and save 
+   # Start the application
+   npm start
+   ```
+4. The application will make a call to `https://httpbin.org/anything/[email protected]` 
+5. It will apply the url obfuscation rules from newrelic.js
+
+```js
+  url_obfuscation: {
+    enabled: true,
+    regex: {
+      pattern: '[\\w-\\.]+@([\\w-]+\\.)+[\\w-]{2,4}',
+      replacement: '***'
+    }
+  }
+```
+
+6. This will obfuscate the email address from both the span name and the `http.url` span attribute.
+
+This shows the span name obfuscates the email from the span name:
+
+   ![span-name](./images/span-name.png)
+
+
+This shows the `http.url` span attribute obfuscates the email:
+
+   ![span-attr](./images/span-attr.png)
+
diff --git a/custom-instrumentation/url-obfuscation/env.sample b/custom-instrumentation/url-obfuscation/env.sample
@@ -0,0 +1 @@
+NEW_RELIC_LICENSE_KEY=
diff --git a/custom-instrumentation/url-obfuscation/images/span-attr.png b/custom-instrumentation/url-obfuscation/images/span-attr.png
diff --git a/custom-instrumentation/url-obfuscation/images/span-name.png b/custom-instrumentation/url-obfuscation/images/span-name.png
diff --git a/custom-instrumentation/url-obfuscation/index.js b/custom-instrumentation/url-obfuscation/index.js
@@ -0,0 +1,13 @@
+'use strict'
+const newrelic = require('newrelic')
+
+
+async function main() {
+  await newrelic.startBackgroundTransaction('bg-tx', async() => {
+    const { status } = await fetch('https://httpbin.org/anything/[email protected]')
+    console.log(`Done making request, status code: ${status}`)
+  })
+  newrelic.shutdown({ collectPendingData: true }, () => process.exit(0))
+}
+
+main()
diff --git a/custom-instrumentation/url-obfuscation/newrelic.js b/custom-instrumentation/url-obfuscation/newrelic.js
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2024 New Relic Corporation. All rights reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+'use strict'
+
+/**
+ * New Relic agent configuration.
+ *
+ * See lib/config/default.js in the agent distribution for a more complete
+ * description of configuration variables and their potential values. */
+
+exports.config = {
+  app_name: ['Example Url Obfuscation App'],
+  logging: {
+    /**
+     * Level at which to log. 'trace' is most useful to New Relic when diagnosing
+     * issues with the agent, 'info' and higher will impose the least overhead on
+     * production applications.
+     */
+    level: 'trace'
+  },
+  /**
+   * When true, all request headers except for those listed in attributes.exclude
+   * will be captured for all traces, unless otherwise specified in a destination's
+   * attributes include/exclude lists.
+   */
+  url_obfuscation: {
+    enabled: true,
+    regex: {
+      pattern: '[\\w-\\.]+@([\\w-]+\\.)+[\\w-]{2,4}',
+      replacement: '***'
+    }
+  },
+  allow_all_headers: true,
+  attributes: {
+    /**
+     * Prefix of attributes to exclude from all destinations. Allows * as wildcard
+     * at end.
+     *
+     * NOTE: If excluding headers, they must be in camelCase form to be filtered.
+     *
+     * @env NEW_RELIC_ATTRIBUTES_EXCLUDE
+     */
+    exclude: [
+      'request.headers.cookie',
+      'request.headers.authorization',
+      'request.headers.proxyAuthorization',
+      'request.headers.setCookie*',
+      'request.headers.x*',
+      'response.headers.cookie',
+      'response.headers.authorization',
+      'response.headers.proxyAuthorization',
+      'response.headers.setCookie*',
+      'response.headers.x*'
+    ]
+  }
+}
diff --git a/custom-instrumentation/url-obfuscation/package.json b/custom-instrumentation/url-obfuscation/package.json
@@ -0,0 +1,14 @@
+{
+  "name": "url-obfuscation",
+  "version": "1.0.0",
+  "main": "index.js",
+  "scripts": {
+    "start": "node -r newrelic --env-file .env index.js"
+  },
+  "author": "",
+  "license": "ISC",
+  "description": "",
+  "dependencies": {
+    "newrelic": "^12.3.0"
+  }
+}