Prevent loading plugins for incorrect module open-telemetry#626 (open-telemetry#653)

* fix: do not load plugin when they patch a different module than defined in config open-telemetry#626

Author: vmarchaud

packages/opentelemetry-api/src/trace/instrumentation/Plugin.ts

@@ -28,6 +28,11 @@ export interface Plugin<T = any> {
    */
   supportedVersions?: string[];
 
+  /**
+   * Name of the module that the plugin instrument.
+   */
+  moduleName: string;
+
   /**
    * Method that enables the instrumentation patch.
    * @param moduleExports The value of the `module.exports` property that would

packages/opentelemetry-core/src/trace/instrumentation/BasePlugin.ts

@@ -29,7 +29,7 @@ import * as path from 'path';
 /** This class represent the base to patch plugin. */
 export abstract class BasePlugin<T> implements Plugin<T> {
   supportedVersions?: string[];
-  readonly moduleName?: string; // required for internalFilesExports
+  abstract readonly moduleName: string; // required for internalFilesExports
   readonly version?: string; // required for internalFilesExports
   protected readonly _basedir?: string; // required for internalFilesExports
 

packages/opentelemetry-node/src/instrumentation/PluginLoader.ts

@@ -132,8 +132,16 @@ export class PluginLoader {
         // Expecting a plugin from module;
         try {
           const plugin: Plugin = require(modulePath).plugin;
-
           if (!utils.isSupportedVersion(version, plugin.supportedVersions)) {
+            this.logger.error(
+              `PluginLoader#load: Plugin ${name} only supports module ${plugin.moduleName} with the versions: ${plugin.supportedVersions}`
+            );
+            return exports;
+          }
+          if (plugin.moduleName !== name) {
+            this.logger.error(
+              `PluginLoader#load: Entry ${name} use a plugin that instruments ${plugin.moduleName}`
+            );
             return exports;
           }
 

packages/opentelemetry-node/test/instrumentation/PluginLoader.test.ts

@@ -93,6 +93,13 @@ const alreadyRequiredPlugins: Plugins = {
   },
 };
 
+const differentNamePlugins: Plugins = {
+  'random-module': {
+    enabled: true,
+    path: '@opentelemetry/plugin-http-module',
+  },
+};
+
 describe('PluginLoader', () => {
   const provider = new NoopTracerProvider();
   const logger = new NoopLogger();
@@ -243,6 +250,16 @@ describe('PluginLoader', () => {
       pluginLoader.load(alreadyRequiredPlugins);
       pluginLoader.unload();
     });
+
+    it('should not load a plugin that patches a different module that the one configured', () => {
+      const pluginLoader = new PluginLoader(provider, logger);
+      assert.strictEqual(pluginLoader['_plugins'].length, 0);
+      pluginLoader.load(differentNamePlugins);
+      // @ts-ignore only to trigger the loading of the plugin
+      const randomModule = require('random-module');
+      assert.strictEqual(pluginLoader['_plugins'].length, 0);
+      pluginLoader.unload();
+    });
   });
 
   describe('.unload()', () => {