fix: sanitize attributes inputs

[legendecas]

Which problem is this PR solving?

Fixes #2713

Short description of the changes

• Sanitize all attributes inputs, including Link in Span constructor, and Event in Span.addEvent.

Type of change

• Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

• Tracer.startSpan with invliad Link attributes.
• Span.addEvent with invalid attributes.

Checklist:

• Followed the style guidelines of this project
• Unit tests have been added
• Documentation has been updated

[codecov]

Codecov Report

Merging #2881 (bb24d38) into main (14bd6f9) will decrease coverage by 0.02%.
The diff coverage is 94.44%.

@@            Coverage Diff             @@
##             main    #2881      +/-   ##
==========================================
- Coverage   93.33%   93.30%   -0.03%     
==========================================
  Files         165      165              
  Lines        5594     5605      +11     
  Branches     1176     1178       +2     
==========================================
+ Hits         5221     5230       +9     
- Misses        373      375       +2     

Impacted Files	Coverage Δ
...metry-core/src/trace/sampler/ParentBasedSampler.ts	83.87% <ø> (ø)
...ges/opentelemetry-exporter-zipkin/src/transform.ts	100.00% <ø> (ø)
packages/opentelemetry-resources/src/Resource.ts	100.00% <ø> (ø)
...ckages/opentelemetry-core/src/common/attributes.ts	93.33% <88.23%> (-3.97%)	⬇️
packages/opentelemetry-sdk-trace-base/src/Span.ts	99.18% <100.00%> (+<0.01%)	⬆️
...ackages/opentelemetry-sdk-trace-base/src/Tracer.ts	98.43% <100.00%> (+0.05%)	⬆️
...ackages/opentelemetry-shim-opentracing/src/shim.ts	94.25% <100.00%> (ø)

[dyladan]

githuc :)

Suggested change

	* [#2881](https://github.com/open-telemetry/opentelemetry-js/pull/2881) fix: sanitize attributes inputs ([@legendecas](https://githuc.com/legendecas))
	* [#2881](https://github.com/open-telemetry/opentelemetry-js/pull/2881) fix: sanitize attributes inputs ([@legendecas](https://github.com/legendecas))

[dyladan]

I wonder if we should consider a less elaborate changelog format?

This might be good enough? Maybe name/handle is even optional?

* Change explanation here #000 @dyladan 

[legendecas]

I'd agree the current form is kinda verbose :) I'd be happy to shorten the entries.

[legendecas]

@dyladan updated :)

[morigs]

As far as I understand, the invalid attributes will be dropped silently. Perhaps this should be documented somewhere, because this can cause a lot of confusion imo. Or perhaps it's possible to log an attribute's dropping event?

[legendecas]

As far as I understand, the invalid attributes will be dropped silently. Perhaps this should be documented somewhere, because this can cause a lot of confusion imo. Or perhaps it's possible to log an attribute's dropping event?

We're already dropping invalid attributes at Tracer.startSpan already: https://github.com/open-telemetry/opentelemetry-js/blob/main/packages/opentelemetry-sdk-trace-base/src/Tracer.ts#L96. However, when setting attributes with Span.setAttribute or Span.setAttributes, the dropped attribute is been logged: https://github.com/open-telemetry/opentelemetry-js/blob/main/packages/opentelemetry-sdk-trace-base/src/Span.ts#L99.

I'm fine with adding more diagnostics.

[morigs]

Yeah, this is exactly what I mean. IMO it's a good idea)

[MSNev]

Minor perf and minification improvements by reordering
return key && typeof === 'string';

[legendecas]

I didn't find there is any big perf difference between the two flavors: https://jsbench.me/30l1ntj53a/1

TBO, I think checking the length is more explicit and easier to read.

[vmarchaud]

apart from nit lgtm

[dyladan]

Sorry I thought I already approved this. LGTM