MCPcopy
hub / github.com/docker/docker-agent / sanitizeRemoteAddress

Function sanitizeRemoteAddress

pkg/tools/mcp/remote.go:72–78  ·  view source on GitHub ↗

sanitizeRemoteAddress extracts a span-safe identifier from an MCP URL before stamping it as `server.address`. The URL may legitimately contain credentials in userinfo (`https://user:token@host/`) or query params (`?api_key=...`); sending those to the trace backend would be a real exfiltration risk.

(rawURL string)

Source from the content-addressed store, hash-verified

70// only when it's non-empty, so a sanitisation miss leaves the span
71// without that attribute rather than leaking a raw URL.
72func sanitizeRemoteAddress(rawURL string) string {
73 u, err := neturl.Parse(rawURL)
74 if err != nil || u.Host == "" {
75 return ""
76 }
77 return u.Host
78}
79
80func (c *remoteMCPClient) Initialize(ctx context.Context, _ *gomcp.InitializeRequest) (*gomcp.InitializeResult, error) {
81 // Create HTTP client with OAuth support. We keep a reference to the

Callers 2

newRemoteClientFunction · 0.85

Calls 1

ParseMethod · 0.80

Tested by 1