redisotel leaks passwords in traces

[Sovietaced]

Distributed traces for hello commands leak passwords. If there are other redis commands that include password they likely leak there too.

I realize there is an option to disable the statement but that makes the traces less useful and there should be a finite amount of commands that can accept passwords.

Expected Behavior

Passwords are obfuscated or not included.

Current Behavior

Passwords are leaked in the db.statement attribute.

{
  "value": "hello 3 auth default <redacted>",
  "key": "db.statement"
}

Possible Solution

1. Introspect command and remove password
2. Allow folks to configure filters for commands

Steps to Reproduce

[ndyakov]

Hello @Sovietaced, previously the hooks were not including the Hello command, but now they do. I would like the approach for redisotel to provide a way for users to configure a filter. @vmihailenco may take a look at this. At the meantime, feel free to open a PR for filtering the commands in redisotel. We are not actively working on the extra packages, the community is welcomed to contribute to them and we will review the PRs

[Sovietaced]

Hello @Sovietaced, previously the hooks were not including the Hello command, but now they do. I would like the approach for redisotel to provide a way for users to configure a filter. @vmihailenco may take a look at this. At the meantime, feel free to open a PR for filtering the commands in redisotel. We are not actively working on the extra packages, the community is welcomed to contribute to them and we will review the PRs

Sounds good. I'll file a pull request soon.