From 0a7cf5abf177a7384b5ec6eecfd7091439a5ccd0 Mon Sep 17 00:00:00 2001
From: Tyler Yahn <MrAlias@users.noreply.github.com>
Date: Mon, 28 Mar 2022 07:35:09 -0700
Subject: [PATCH] Document Resource options that potentially leak secrets
 (#2727)

The WithProcess and WithProcessCommandArgs options contain command line
arguments as resource attributes. These could potentially expose user
secrets. Document this fact so users better understand the implications
of using these options.
---
 sdk/resource/config.go | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/sdk/resource/config.go b/sdk/resource/config.go
index 09f30d571..8e212b121 100644
--- a/sdk/resource/config.go
+++ b/sdk/resource/config.go
@@ -110,7 +110,16 @@ func WithOSDescription() Option {
 }
 
 // WithProcess adds all the Process attributes to the configured Resource.
-// See individual WithProcess* functions to configure specific attributes.
+//
+// Warning! This option will include process command line arguments. If these
+// contain sensitive information it will be included in the exported resource.
+//
+// This option is equivalent to calling WithProcessPID,
+// WithProcessExecutableName, WithProcessExecutablePath,
+// WithProcessCommandArgs, WithProcessOwner, WithProcessRuntimeName,
+// WithProcessRuntimeVersion, and WithProcessRuntimeDescription. See each
+// option function for information about what resource attributes each
+// includes.
 func WithProcess() Option {
 	return WithDetectors(
 		processPIDDetector{},
@@ -143,7 +152,11 @@ func WithProcessExecutablePath() Option {
 }
 
 // WithProcessCommandArgs adds an attribute with all the command arguments (including
-// the command/executable itself) as received by the process the configured Resource.
+// the command/executable itself) as received by the process to the configured
+// Resource.
+//
+// Warning! This option will include process command line arguments. If these
+// contain sensitive information it will be included in the exported resource.
 func WithProcessCommandArgs() Option {
 	return WithDetectors(processCommandArgsDetector{})
 }