[OneCollector] Limit response body size read (#4117)

Co-authored-by: Rajkumar Rangaraj <rajrang@microsoft.com>

Author: martincostello

src/OpenTelemetry.Exporter.OneCollector/CHANGELOG.md

@@ -5,6 +5,10 @@
 * Updated OpenTelemetry core component version(s) to `1.15.2`.
   ([#4080](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/pull/4080))
 
+* Limit how much of the response body is read when export fails using the HTTP
+  JSON transport and informational logging is enabled.
+  ([#4117](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/pull/4117))
+
 ## 1.15.0
 
 Released 2026-Jan-21

src/OpenTelemetry.Exporter.OneCollector/Internal/Transports/HttpJsonPostTransport.cs

@@ -103,10 +103,10 @@ public bool Send(in TransportSendRequest sendRequest)
                 request.Headers.TryAddWithoutValidation("NoResponseBody", "true");
             }
 
-            using var response = this.httpClient.Send(
-                request,
-                infoLoggingEnabled ? HttpCompletionOption.ResponseContentRead : HttpCompletionOption.ResponseHeadersRead,
-                CancellationToken.None);
+            var cancellationToken = CancellationToken.None;
+            var completionOption = HttpCompletionOption.ResponseHeadersRead;
+
+            using var response = this.httpClient.Send(request, completionOption, cancellationToken);
 
             if (response.IsSuccessStatusCode)
             {
@@ -130,11 +130,14 @@ public bool Send(in TransportSendRequest sendRequest)
             }
             else
             {
-                response.Headers.TryGetValues("Collector-Error", out var collectorErrors);
+                _ = response.Headers.TryGetValues("Collector-Error", out var collectorErrors);
+
+                string? errorDetails = null;
 
-                var errorDetails = infoLoggingEnabled
-                    ? response.Content.ReadAsStringAsync().GetAwaiter().GetResult()
-                    : null;
+                if (infoLoggingEnabled)
+                {
+                    errorDetails = HttpClientHelpers.TryGetResponseBodyAsString(response, cancellationToken);
+                }
 
                 OneCollectorExporterEventSource.Log.WriteHttpTransportErrorResponseReceivedEventIfEnabled(
                     this.Description,

src/OpenTelemetry.Exporter.OneCollector/Internal/Transports/IHttpClient.cs

@@ -38,14 +38,12 @@ public HttpClientWrapper(HttpClient httpClient)
     public HttpResponseMessage Send(
         HttpRequestMessage request,
         HttpCompletionOption completionOption,
-        CancellationToken cancellationToken)
-    {
+        CancellationToken cancellationToken) =>
 #if NET
-        return this.synchronousSendSupportedByCurrentPlatform
+        this.synchronousSendSupportedByCurrentPlatform
             ? this.httpClient.Send(request, completionOption, cancellationToken)
             : this.httpClient.SendAsync(request, completionOption, cancellationToken).GetAwaiter().GetResult();
 #else
-        return this.httpClient.SendAsync(request, completionOption, cancellationToken).GetAwaiter().GetResult();
+        this.httpClient.SendAsync(request, completionOption, cancellationToken).GetAwaiter().GetResult();
 #endif
-    }
 }

src/OpenTelemetry.Exporter.OneCollector/OpenTelemetry.Exporter.OneCollector.csproj

@@ -41,6 +41,7 @@
   <ItemGroup>
     <Compile Include="$(RepoRoot)\src\Shared\ExceptionExtensions.cs" Link="Includes\ExceptionExtensions.cs" />
     <Compile Include="$(RepoRoot)\src\Shared\Guard.cs" Link="Includes\Guard.cs" />
+    <Compile Include="$(RepoRoot)\src\Shared\HttpClientHelpers.cs" Link="Includes\HttpClientHelpers.cs" />
     <Compile Include="$(RepoRoot)\src\Shared\IsExternalInit.cs" Link="Includes\IsExternalInit.cs" />
     <Compile Include="$(RepoRoot)\src\Shared\Lock.cs" Link="Includes\Lock.cs" />
   </ItemGroup>

src/Shared/HttpClientHelpers.cs

@@ -0,0 +1,151 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+#if NET
+using System.Buffers;
+#endif
+using System.Text;
+
+namespace System.Net.Http;
+
+internal static class HttpClientHelpers
+{
+    private const int DefaultMessageSizeLimit = 4 * 1024 * 1024; // 4MiB
+
+    internal static string? TryGetResponseBodyAsString(HttpResponseMessage? httpResponse, CancellationToken cancellationToken)
+        => GetResponseBodyAsString(allowTruncation: true, DefaultMessageSizeLimit, httpResponse, cancellationToken);
+
+    internal static string? GetResponseBodyAsString(HttpResponseMessage? httpResponse, CancellationToken cancellationToken)
+        => GetResponseBodyAsString(allowTruncation: false, DefaultMessageSizeLimit, httpResponse, cancellationToken);
+
+    private static string? GetResponseBodyAsString(
+        bool allowTruncation,
+        int limit,
+        HttpResponseMessage? httpResponse,
+        CancellationToken cancellationToken)
+    {
+        if (httpResponse?.Content is null)
+        {
+            return null;
+        }
+
+        if (cancellationToken.IsCancellationRequested)
+        {
+            if (allowTruncation)
+            {
+                return null;
+            }
+
+            cancellationToken.ThrowIfCancellationRequested();
+        }
+
+        try
+        {
+#if NET
+            var stream = httpResponse.Content.ReadAsStream(cancellationToken);
+#else
+            var stream = httpResponse.Content.ReadAsStreamAsync().GetAwaiter().GetResult();
+#endif
+
+            var length = GetBufferLength(stream, limit);
+
+#if NET
+            var buffer = ArrayPool<byte>.Shared.Rent(length);
+#else
+            var buffer = new byte[length];
+#endif
+
+            try
+            {
+                var totalRead = 0;
+
+                // Read raw bytes so the size limit applies to bytes rather than characters
+                while (totalRead < limit && !cancellationToken.IsCancellationRequested)
+                {
+                    var bytesRead = stream.Read(buffer, totalRead, length - totalRead);
+
+                    if (bytesRead is 0)
+                    {
+                        break;
+                    }
+
+                    totalRead += bytesRead;
+                }
+
+                // We've read exactly limit bytes. Check if there's more data.
+                var probe = new byte[1];
+
+#if NETFRAMEWORK || NETSTANDARD
+                var extra = stream.Read(probe, 0, 1);
+#else
+                var extra = stream.Read(probe);
+#endif
+
+                if (extra > 0 && !allowTruncation)
+                {
+                    // + 1: we read exactly MaxMessageSize bytes and confirmed at least one more byte exists.
+                    throw new InvalidOperationException($"Response body exceeded the size limit of {limit} bytes.");
+                }
+
+                if (!allowTruncation)
+                {
+                    cancellationToken.ThrowIfCancellationRequested();
+                }
+
+                // Decode using the charset from the response content headers, if available
+                var encoding = GetEncoding(httpResponse.Content.Headers.ContentType?.CharSet);
+                var result = encoding.GetString(buffer, 0, totalRead);
+
+                if (extra > 0)
+                {
+                    result += "[TRUNCATED]";
+                }
+
+                return result;
+            }
+            finally
+            {
+#if NET
+                ArrayPool<byte>.Shared.Return(buffer, clearArray: true);
+#endif
+            }
+        }
+        catch (Exception) when (allowTruncation)
+        {
+            return null;
+        }
+    }
+
+    private static int GetBufferLength(Stream stream, int limit)
+    {
+        try
+        {
+            // Avoid allocating an overly large buffer if the stream is smaller than the size limit
+            return stream.Length < limit ? (int)stream.Length : limit;
+        }
+        catch (Exception)
+        {
+            // Not all Stream types support Length, so default to the maximum
+            return limit;
+        }
+    }
+
+    private static Encoding GetEncoding(string? name)
+    {
+        Encoding encoding = Encoding.UTF8;
+
+        if (!string.IsNullOrWhiteSpace(name))
+        {
+            try
+            {
+                encoding = Encoding.GetEncoding(name);
+            }
+            catch (Exception)
+            {
+                // Invalid encoding name
+            }
+        }
+
+        return encoding;
+    }
+}