sanitizeRemoteAddress extracts a span-safe identifier from an MCP URL before stamping it as `server.address`. The URL may legitimately contain credentials in userinfo (`https://user:token@host/`) or query params (`?api_key=...`); sending those to the trace backend would be a real exfiltration risk.
(rawURL string)
| 70 | // only when it's non-empty, so a sanitisation miss leaves the span |
| 71 | // without that attribute rather than leaking a raw URL. |
| 72 | func sanitizeRemoteAddress(rawURL string) string { |
| 73 | u, err := neturl.Parse(rawURL) |
| 74 | if err != nil || u.Host == "" { |
| 75 | return "" |
| 76 | } |
| 77 | return u.Host |
| 78 | } |
| 79 | |
| 80 | func (c *remoteMCPClient) Initialize(ctx context.Context, _ *gomcp.InitializeRequest) (*gomcp.InitializeResult, error) { |
| 81 | // Create HTTP client with OAuth support. We keep a reference to the |