instana
diff --git a/‎env_config.go‎
Lines changed: 152 additions & 0 deletions b/‎env_config.go‎
Lines changed: 152 additions & 0 deletions
diff --git a/‎env_config_internal_test.go‎
Lines changed: 135 additions & 0 deletions b/‎env_config_internal_test.go‎
Lines changed: 135 additions & 0 deletions
@@ -6,11 +6,18 @@ package instana
 import (
 	"errors"
 	"fmt"
+	"os"
+	"path/filepath"
 	"strconv"
 	"strings"
 	"time"
+
+	"github.com/stretchr/testify/assert/yaml"
 )
 
+// MaxEnvValueSize is the maximum size of the value of an environment variable.
+const MaxEnvValueSize = 32 * 1024
+
 // parseInstanaTags parses the tags string passed via INSTANA_TAGS.
 // The tag string is a comma-separated list of keys optionally followed by an '=' character and a string value:
 //
@@ -107,3 +114,148 @@ func parseInstanaTimeout(s string) (time.Duration, error) {
 
 	return time.Duration(ms) * time.Millisecond, nil
 }
+
+// parseInstanaTracingDisable processes the INSTANA_TRACING_DISABLE environment variable value
+// and updates the TracerOptions.Disable map accordingly.
+//
+// When the value is a boolean (true/false), the whole tracing feature is disabled/enabled.
+// When a list of category or type names is specified, only those will be disabled.
+//
+// Examples:
+// INSTANA_TRACING_DISABLE=true - disables all tracing
+// INSTANA_TRACING_DISABLE="logging" - disables logging category
+func parseInstanaTracingDisable(value string, opts *TracerOptions) {
+	// Initialize the Disable map if it doesn't exist
+	if opts.DisableSpans == nil {
+		opts.DisableSpans = make(map[string]bool)
+	}
+
+	// Trim spaces from the value
+	value = strings.TrimSpace(value)
+
+	// if it's a boolean value, disable all categories
+	if strings.EqualFold(value, "true") {
+		opts.DisableAllCategories()
+		return
+	}
+
+	// if it's not a boolean value, process as a comma-separated list and disable each category.
+	items := strings.Split(value, ",")
+	for _, item := range items {
+		item = strings.TrimSpace(item)
+		if item != "" {
+			opts.DisableSpans[item] = true
+		}
+	}
+}
+
+// parseConfigFile reads and parses the YAML configuration file at the given path
+// and updates the TracerOptions accordingly.
+//
+// The YAML file must follow this format:
+// tracing:
+//   disable:
+//     - logging: true
+
+func parseConfigFile(path string, opts *TracerOptions) error {
+	// Validate the file path and security considerations
+	absPath, err := validateFile(path)
+	if err != nil {
+		return fmt.Errorf("config file validation failed for %s: %w", path, err)
+	}
+
+	// Read the file with proper error handling
+	data, err := os.ReadFile(absPath)
+	if err != nil {
+		return fmt.Errorf("failed to read config file: %w", err)
+	}
+
+	type Config struct {
+		Tracing struct {
+			Disable []map[string]bool `yaml:"disable"`
+		} `yaml:"tracing"`
+	}
+
+	var config Config
+	if err := yaml.Unmarshal(data, &config); err != nil {
+		return fmt.Errorf("failed to parse YAML: %w", err)
+	}
+
+	if opts.DisableSpans == nil {
+		opts.DisableSpans = make(map[string]bool)
+	}
+
+	// Add the categories configured in the YAML file to the Disable map
+	for _, disableMap := range config.Tracing.Disable {
+		for category, enabled := range disableMap {
+			if enabled {
+				opts.DisableSpans[category] = true
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// validateFile ensures the given config file path is safe and usable.
+// Security considerations:
+// - Resolves symlinks to prevent symlink attacks
+// - Ensures the path exists and is a regular file
+// - Enforces a reasonable file size limit to avoid DoS
+// - Warns if file permissions are too permissive (world-readable)
+func validateFile(path string) (absPath string, err error) {
+	// Resolve symlinks to avoid symlink attacks
+	realPath, err := filepath.EvalSymlinks(path)
+	if err != nil {
+		return absPath, fmt.Errorf("failed to resolve config file path: %w", err)
+	}
+
+	// Get absolute normalized path
+	absPath, err = filepath.Abs(realPath)
+	if err != nil {
+		return absPath, fmt.Errorf("failed to get absolute path: %w", err)
+	}
+
+	// Check if the path exists and is a regular file
+	fileInfo, err := os.Stat(absPath)
+	if err != nil {
+		return absPath, fmt.Errorf("failed to access config file: %w", err)
+	}
+
+	// Ensure it's a regular file, not a directory or special file
+	if !fileInfo.Mode().IsRegular() {
+		return absPath, fmt.Errorf("config path is not a regular file: %s", absPath)
+	}
+
+	// Enforce a maximum file size
+	const maxFileSize = 1 * 1024 * 1024 // 1MB
+	if fileInfo.Size() > maxFileSize {
+		return absPath, fmt.Errorf("config file too large: %d bytes (max allowed: %d bytes)",
+			fileInfo.Size(), maxFileSize)
+	}
+
+	// Warn if the file is world-readable (optional hardening)
+	if fileInfo.Mode().Perm()&0004 != 0 {
+		defaultLogger.Warn("config file is world-readable, consider restricting permissions: ", absPath)
+	}
+
+	return absPath, nil
+}
+
+// LookupValidatedEnv retrieves the value of the environment variable named by key.
+// It validates if env value exceeds the configured MaxEnvValueSize limit.
+// On success, it returns the variable's value.
+func lookupValidatedEnv(key string) (string, bool) {
+	envVal, ok := os.LookupEnv(key)
+	if !ok {
+		return "", false
+	}
+
+	if len(envVal) > MaxEnvValueSize {
+		defaultLogger.Error(fmt.Errorf("value of %q exceeds safe limit (%d bytes)", key, MaxEnvValueSize))
+		return "", false
+	}
+
+	return envVal, true
+}
@@ -5,7 +5,11 @@ package instana
 
 import (
 	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
 	"regexp"
+	"strings"
 	"testing"
 	"time"
 
@@ -146,3 +150,134 @@ func TestParseInstanaTimeout_Error(t *testing.T) {
 		})
 	}
 }
+
+func TestValidateFile(t *testing.T) {
+	tempDir := t.TempDir()
+
+	validFilePath := filepath.Join(tempDir, "valid.txt")
+	err := os.WriteFile(validFilePath, []byte("test content"), 0644)
+	if err != nil {
+		t.Fatalf("Failed to create test file: %v", err)
+	}
+
+	tests := []struct {
+		name          string
+		getPathFn     func() (string, error)
+		expectedError bool
+		errorContains string
+	}{
+		{
+			name: "Valid file",
+			getPathFn: func() (string, error) {
+				return validFilePath, nil
+			},
+			expectedError: false,
+		},
+		{
+			name: "Non-existent file",
+			getPathFn: func() (string, error) {
+				return filepath.Join(tempDir, "nonexistent.txt"), nil
+			},
+			expectedError: true,
+			errorContains: "no such file or directory",
+		},
+		{
+			name: "Symlink to valid file",
+			getPathFn: func() (string, error) {
+				symlinkPath := filepath.Join(tempDir, "symlink.txt")
+				err = os.Symlink(validFilePath, symlinkPath)
+				if err != nil {
+					return "", fmt.Errorf("Skipping symlink test, could not create symlink: %v", err)
+				}
+				return symlinkPath, nil
+			},
+			expectedError: false,
+		},
+		{
+			name: "Directory instead of file",
+			getPathFn: func() (string, error) {
+				dirPath := filepath.Join(tempDir, "testdir")
+				err = os.Mkdir(dirPath, 0755)
+				if err != nil {
+					return "", fmt.Errorf("Failed to create test directory: %v", err)
+				}
+				return dirPath, nil
+			},
+			expectedError: true,
+			errorContains: "not a regular file",
+		},
+		{
+			name: "File too large",
+			getPathFn: func() (string, error) {
+				fpath := filepath.Join(tempDir, "big.conf")
+				f, err := os.Create(fpath)
+				if err != nil {
+					return "", fmt.Errorf("Failed to create test file: %v", err)
+				}
+				defer f.Close()
+				err = f.Truncate(1024*1024 + 1) // >1MB
+				if err != nil {
+					return "", fmt.Errorf("Failed to truncate test file: %v", err)
+				}
+				return fpath, nil
+			},
+			expectedError: true,
+			errorContains: "config file too large",
+		},
+		{
+			name: "World-readable file",
+			getPathFn: func() (string, error) {
+				worldReadablePath := filepath.Join(tempDir, "world-readable.txt")
+				err = os.WriteFile(worldReadablePath, []byte("world-readable content"), 0644)
+				if err != nil {
+					return "", fmt.Errorf("Failed to create world-readable test file: %v", err)
+				}
+				return worldReadablePath, nil
+			},
+			expectedError: false, // This should not error, but will log a warning
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			path, err := tt.getPathFn()
+			if err != nil {
+				t.Skip(err)
+			}
+			absPath, err := validateFile(path)
+
+			if (err != nil) != tt.expectedError {
+				if tt.expectedError {
+					t.Errorf("Expected error but got none")
+				} else {
+					t.Errorf("Expected no error but got: %v", err)
+				}
+			}
+
+			// If am error is expected, check that it contains the expected text
+			if tt.expectedError && err != nil && tt.errorContains != "" {
+				if !strings.Contains(err.Error(), tt.errorContains) {
+					t.Errorf("Error message '%s' does not contain '%s'", err.Error(), tt.errorContains)
+				}
+			}
+
+			// For successful cases, check that the returned path is absolute
+			if !tt.expectedError && err == nil {
+				if !filepath.IsAbs(absPath) {
+					t.Errorf("Expected absolute path, got: %s", absPath)
+				}
+
+				// For the symlink case, verify it was resolved
+				if tt.name == "Symlink to valid file" {
+					// The resolved path should be an absolute path to the target file
+					// Note: On macOS, /var/folders may resolve to /private/var/folders
+					// so just check that the base filename matches
+					if filepath.Base(absPath) != filepath.Base(validFilePath) {
+						t.Errorf("Symlink not properly resolved. Got: %s, Expected file with basename: %s",
+							absPath, filepath.Base(validFilePath))
+					}
+				}
+			}
+		})
+	}
+}