Issue apm agent with backend requests username:password@url

Hi,

we are making a request to an external service with basic auth in the url e.g. like https://fooUser:fooPwd@url

with apm agent not started this works very fine. with apm agent started we are getting an unauth from the external service and apm is logging this external request (in Metadata) the request is logged as https://url

Also managed to pass the credentatials via headers, is this the expected behaviour or an bug?

Best Martin

@Klauck That definitely sounds like a bug. The APM agent shouldn't be changing the behaviour of your code. My guess is that is comes down to the particular way your code is using the HTTP library you are using. Are you able to provide some details?

  • A snippet of code or a small reproduction case that shows how the HTTP request is being made.
  • The version of node and of any relevant node packages being used.

Thanks Mick,
I created a quick test and the problem occurs there as well
If commenting 2. line of server.js, authentication is made successfully
Cheers

Martin
Node version v16.13.2
APM Sever: docker.elastic.co/apm/apm-server:7.13.1

package.json

{
  "scripts": {
    "start": "node server.js"
  },
  "dependencies": {
    "elastic-apm-node": "^3.41.1",
    "express": "4.18.2",
    "got": "11.8.1"
  }
}

server.js:

const apm = require("elastic-apm-node");
apm.start({ serviceName: 'test' });
const express = require('express')
const got = require("got");
const app = express()
app.get('/', (req, res) => {
  const apiUrl = 'https://authenticationtest.com/HTTPAuth/'
  const call = got.extend({
    username: 'user',
    password: 'pass',
    prefixUrl: apiUrl,
    retry: { methods: ["GET"], },
  });
  call.get().then(data => {
    // user/password was provided, but maybe wrong (if you change line 10)
    res.send(data.body.includes('Login Failure') ? 'NOK' : 'OK')
  }).catch(error => {
    // user/password was not even provided
    res.send(error.message)
  })
})
app.listen(3000, () => { console.log(`App listening on port 3000`) })

@Klauck Thanks very much for the reproduction case!

After finding the bug in the APM agent causing this, I found an issue that I'd already opened a long while back for this: instrumentation of `http{s}.request()` has a few edge case issues · Issue #2044 · elastic/apm-agent-nodejs · GitHub

I've created a PR to fix this: fix: instrumentation of `http|https.request|get` has a few edge cases by trentm · Pull Request #3090 · elastic/apm-agent-nodejs · GitHub
I will get that in early next week and get a release out with the fix.

Well happy I could contribute a bit.

Many thanks, Mick

elastic-apm-node@3.42.0 is released with a fix for this now. Thanks, again.