GrepRules
Sign inPublish rule
Explore/cve-2026-41178-unconditional-noop-tracerprovider

CVE-2026-41178: Unconditional Noop Tracerprovider

Unconditionally returning a hardcoded empty struct from `TracerProvider()` can disable auto-instrumentation and create observability blind spots. A provider derived from a span should respect context or auto-instrumentation configurations rather than dropping traces globally.

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0Goβ
greprules fetch cve-2026-41178-unconditional-noop-tracerprovider --engine opengrep

Description

Unconditionally returning a hardcoded empty struct from `TracerProvider()` can disable auto-instrumentation and create observability blind spots. A provider derived from a span should respect context or auto-instrumentation configurations rather than dropping traces globally.

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Quality signals
145 downloads0 direct145 via packs
· 0 stars · Quality score 68How quality works
Included packs
2 packs