fix: Sanatize HTTP client spans (#690)

Author: cleptric

src/Tracing/HttpClient/AbstractTraceableHttpClient.php

@@ -52,6 +52,12 @@ public function request(string $method, string $url, array $options = []): Respo
             $headers['sentry-trace'] = $parent->toTraceparent();
 
             $uri = new Uri($url);
+            $partialUri = Uri::fromParts([
+                'scheme' => $uri->getScheme(),
+                'host' => $uri->getHost(),
+                'port' => $uri->getPort(),
+                'path' => $uri->getPath(),
+            ]);
 
             // Check if the request destination is allow listed in the trace_propagation_targets option.
             $client = $this->hub->getClient();
@@ -65,14 +71,16 @@ public function request(string $method, string $url, array $options = []): Respo
 
             $options['headers'] = $headers;
 
-            $formattedUri = $this->formatUri($uri);
-
             $context = new SpanContext();
             $context->setOp('http.client');
-            $context->setDescription($method . ' ' . $formattedUri);
+            $context->setDescription($method . ' ' . (string) $partialUri);
             $context->setTags([
                 'http.method' => $method,
-                'http.url' => $formattedUri,
+                'http.url' => (string) $partialUri,
+            ]);
+            $context->setData([
+                'http.query' => $uri->getQuery(),
+                'http.fragment' => $uri->getFragment(),
             ]);
 
             $span = $parent->startChild($context);
@@ -111,10 +119,4 @@ public function setLogger(LoggerInterface $logger): void
             $this->client->setLogger($logger);
         }
     }
-
-    private function formatUri(Uri $uri): string
-    {
-        // Instead of relying on Uri::__toString, we only use a sub set of the URI
-        return Uri::composeComponents($uri->getScheme(), $uri->getHost(), $uri->getPath(), null, null);
-    }
 }

tests/Tracing/HttpClient/TraceableHttpClientTest.php

@@ -78,12 +78,17 @@ public function testRequest(): void
             'http.method' => 'GET',
             'http.url' => 'https://www.example.com/test-page',
         ];
+        $expectedData = [
+            'http.query' => 'foo=bar',
+            'http.fragment' => 'baz',
+        ];
 
         $this->assertCount(2, $spans);
         $this->assertNull($spans[1]->getEndTimestamp());
         $this->assertSame('http.client', $spans[1]->getOp());
         $this->assertSame('GET https://www.example.com/test-page', $spans[1]->getDescription());
         $this->assertSame($expectedTags, $spans[1]->getTags());
+        $this->assertSame($expectedData, $spans[1]->getData());
     }
 
     public function testRequestDoesNotContainBaggageHeader(): void