Fix issue when percent encoded octet sequences don't match the UTF-8 …

…encoding schema

CHANGELOG.md

@@ -42,6 +42,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 - Fix panic in baggage creation when a member contains 0x80 char in key or value. (#5494)
 - Correct comments for the priority of the `WithEndpoint` and `WithEndpointURL` options and their coresponding environment variables in  in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`. (#5508)
 - Fix stale timestamps reported by the lastvalue aggregation. (#5517)
+- Baggage propagation - replace invalid percent-encoded octet sequences with replacement char. (#)
 
 ## [1.27.0/0.49.0/0.3.0] 2024-05-21
 

baggage/baggage.go

@@ -304,9 +304,32 @@ func parseMember(member string) (Member, error) {
 	if err != nil {
 		return newInvalidMember(), fmt.Errorf("%w: %v", errInvalidValue, err)
 	}
+
+	if !utf8.ValidString(value) {
+		// Handle invalid UTF-8 sequences
+		// Replace them with a replacement code point or handle them as needed
+		invalidSeq := findInvalidUTF8Sequence(value)
+		// Replace invalid sequence with a replacement code point
+		value = strings.ReplaceAll(value, invalidSeq, "�")
+	}
+
 	return Member{key: key, value: value, properties: props, hasData: true}, nil
 }
 
+func findInvalidUTF8Sequence(input string) string {
+	invalidSequence := ""
+	for i := 0; i < len(input); i++ {
+		r, size := utf8.DecodeRuneInString(input[i:])
+
+		if r == utf8.RuneError && size == 1 {
+			// RuneError indicates an invalid UTF-8 sequence
+			invalidSequence += input[i : i+size]
+		}
+	}
+
+	return invalidSequence
+}
+
 // validate ensures m conforms to the W3C Baggage specification.
 // A key must be an ASCII string, returning an error otherwise.
 func (m Member) validate() error {

baggage/baggage_test.go

@@ -9,6 +9,7 @@ import (
 	"slices"
 	"strings"
 	"testing"
+	"unicode/utf8"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -469,6 +470,13 @@ func TestBaggageParse(t *testing.T) {
 			in:   tooManyMembers,
 			err:  errMemberNumber,
 		},
+		{
+			name: "percent-encoded octet sequences do not match the UTF-8 encoding scheme",
+			in:   "k=aa%ffcc",
+			want: baggage.List{
+				"k": {Value: "aa�cc"},
+			},
+		},
 	}
 
 	for _, tc := range testcases {
@@ -480,6 +488,47 @@ func TestBaggageParse(t *testing.T) {
 	}
 }
 
+func TestBaggageParseValue(t *testing.T) {
+	testcases := []struct {
+		name          string
+		in            string
+		valueWant     string
+		valueWantSize int
+	}{
+		{
+			name:          "percent encoded octet sequence matches UTF-8 encoding scheme",
+			in:            "k=aa%26cc",
+			valueWant:     "aa&cc",
+			valueWantSize: 5,
+		},
+		{
+			name:          "percent encoded octet sequence doesn't match UTF-8 encoding scheme",
+			in:            "k=aa%ffcc",
+			valueWant:     "aa�cc",
+			valueWantSize: 7,
+		},
+		{
+			name:          "raw value",
+			in:            "k=aacc",
+			valueWant:     "aacc",
+			valueWantSize: 4,
+		},
+	}
+
+	for _, tc := range testcases {
+		t.Run(tc.name, func(t *testing.T) {
+			b, err := Parse(tc.in)
+			assert.Empty(t, err)
+
+			val := b.Members()[0].Value()
+
+			assert.EqualValues(t, val, tc.valueWant)
+			assert.Equal(t, len(val), tc.valueWantSize)
+			assert.True(t, utf8.ValidString(val))
+		})
+	}
+}
+
 func TestBaggageString(t *testing.T) {
 	testcases := []struct {
 		name    string