fix(libdd-trace-obfuscation): cargo clippy llm pass 1

Author: Eldolfin

libdd-trace-obfuscation/src/credit_cards.rs

@@ -2,7 +2,9 @@
 // SPDX-License-Identifier: Apache-2.0
 
 /// `is_card_number` checks if b could be a credit card number by checking the digit count and IIN
-/// prefix. If `validate_luhn` is true, the Luhn checksum is also applied to potential candidates.
+/// prefix.
+///
+/// If `validate_luhn` is true, the Luhn checksum is also applied to potential candidates.
 /// Note: This code is based on the code from datadog-agent/pkg/obfuscate/credit_cards.go
 pub fn is_card_number<T: AsRef<str>>(s: T, validate_luhn: bool) -> bool {
     let s = s.as_ref();
@@ -15,15 +17,14 @@ pub fn is_card_number<T: AsRef<str>>(s: T, validate_luhn: bool) -> bool {
     let mut len = 0;
     for c in s.chars() {
         // Only valid characters are 0-9, space (" ") and dash("-")
-        #[allow(clippy::unwrap_used)]
         match c {
             ' ' | '-' => continue,
             '0'..='9' => {
-                num_s[len] = c.to_digit(10).unwrap();
+                num_s[len] = u32::from(c) - u32::from('0');
                 len += 1;
             }
             _ => return false,
-        };
+        }
         if len > 16 {
             // too long for any known card number; stop looking
             return false;
@@ -38,13 +39,17 @@ pub fn is_card_number<T: AsRef<str>>(s: T, validate_luhn: bool) -> bool {
     let mut is_valid_iin = FuzzyBool::Maybe;
     let mut cs = num_s.iter();
 
-    #[allow(clippy::unwrap_used)]
-    let mut prefix: u32 = *cs.next().unwrap();
-    #[allow(clippy::unwrap_used)]
+    let Some(&first_digit) = cs.next() else {
+        return false;
+    };
+    let mut prefix = first_digit;
     while is_valid_iin == FuzzyBool::Maybe {
         is_valid_iin = valid_card_prefix(prefix);
 
-        prefix = 10 * prefix + cs.next().unwrap();
+        let Some(next_digit) = cs.next() else {
+            return false;
+        };
+        prefix = 10 * prefix + *next_digit;
     }
 
     if is_valid_iin == FuzzyBool::True && validate_luhn {
@@ -105,7 +110,7 @@ enum FuzzyBool {
 const fn valid_card_prefix(n: u32) -> FuzzyBool {
     // Validates IIN prefix possibilities
     // Source: https://www.regular-expressions.info/creditcard.html
-    if n > 699999 {
+    if n > 699_999 {
         // too long for any known prefix; stop looking
         return FuzzyBool::False;
     }
@@ -139,15 +144,15 @@ const fn valid_card_prefix(n: u32) -> FuzzyBool {
             _ => FuzzyBool::False,
         };
     }
-    if n < 100000 {
+    if n < 100_000 {
         return match n {
             22210..=27209 | 50000..=50999 | 56000..=58999 | 60000..=69999 => FuzzyBool::Maybe,
             _ => FuzzyBool::False,
         };
     }
-    if n < 1000000 {
+    if n < 1_000_000 {
         return match n {
-            222100..=272099 | 500000..=509999 | 560000..=589999 | 600000..=699999 => {
+            222_100..=272_099 | 500_000..=509_999 | 560_000..=589_999 | 600_000..=699_999 => {
                 FuzzyBool::True
             }
             _ => FuzzyBool::False,

libdd-trace-obfuscation/src/http.rs

@@ -147,15 +147,12 @@ pub fn obfuscate_url_string(
         }
     }
 
-    let uri = match UriRef::parse(pre.as_str()) {
-        Ok(u) => u,
-        Err(_) => {
-            return if remove_query_string || remove_path_digits {
-                "?".to_string()
-            } else {
-                url.to_string()
-            };
-        }
+    let Ok(uri) = UriRef::parse(pre.as_str()) else {
+        return if remove_query_string || remove_path_digits {
+            "?".to_string()
+        } else {
+            url.to_string()
+        };
     };
 
     let mut out = String::new();

libdd-trace-obfuscation/src/ip_address.rs

@@ -42,12 +42,13 @@ pub fn quantize_peer_ip_addresses<'a>(s: &'a str) -> Cow<'a, str> {
 
     let quantized_values = values
         .map(|v| {
-            if let Some(quantize_string) = quantize_ip(v) {
-                should_return_new_string = true;
-                Cow::from(quantize_string)
-            } else {
-                Cow::from(v)
-            }
+            quantize_ip(v).map_or_else(
+                || Cow::from(v),
+                |quantize_string| {
+                    should_return_new_string = true;
+                    Cow::from(quantize_string)
+                },
+            )
         })
         .collect::<Vec<Cow<'a, str>>>();
 
@@ -89,21 +90,22 @@ fn quantize_ip(s: &str) -> Option<String> {
 /// Split the ip prefix, can be either a provider specific prefix or a protocol
 fn split_prefix(s: &str) -> (&str, &str) {
     #[allow(clippy::unwrap_used)]
-    if let Some(tail) = s.strip_prefix("ip-") {
-        ("ip-", tail)
-    } else if let Some(protocol) = PREFIX_REGEX.find(s) {
-        s.split_at(protocol.end())
-    } else {
-        ("", s)
-    }
+    s.strip_prefix("ip-").map_or_else(
+        || {
+            PREFIX_REGEX
+                .find(s)
+                .map_or(("", s), |protocol| s.split_at(protocol.end()))
+        },
+        |tail| ("ip-", tail),
+    )
 }
 
 /// Check if `s` starts with a valid ip. If it does return Some((ip, suffix)), else return None.
 fn parse_ip(s: &str) -> Option<(&str, &str)> {
     for ch in s.chars() {
         // Determine the version of the ip
         match ch {
-            '0'..='9' => continue,
+            '0'..='9' => {}
             '.' | '-' | '_' => return parse_ip_v4(s, ch),
             ':' | 'A'..='F' | 'a'..='f' if s.parse::<Ipv6Addr>().is_ok() => {
                 return Some((s, ""));

libdd-trace-obfuscation/src/json.rs

@@ -4,8 +4,9 @@
 use crate::json_scanner::{Op, Scanner};
 use crate::obfuscation_config::{JsonObfuscatorConfig, JsonStringTransformer};
 
-/// Obfuscates a JSON string by replacing all leaf values with `"?"`, unless the value
-/// belongs to a key listed in `keep_keys`, in which case it is left verbatim.
+/// Obfuscates a JSON string by replacing all leaf values with `"?"`, unless the value belongs to a
+/// key listed in `keep_keys`, in which case it is left verbatim.
+///
 /// Keys in `transform_keys` have their string values passed through a transformer function
 /// (e.g. SQL obfuscation) instead of being replaced with `"?"`.
 ///
@@ -67,7 +68,7 @@ impl JsonObfuscator {
                         &mut buf,
                         &mut keeping,
                         &mut transforming_value,
-                        &mut keep_depth,
+                        keep_depth,
                         depth,
                         self.config.transformer.as_ref(),
                     );
@@ -79,7 +80,7 @@ impl JsonObfuscator {
                         &mut buf,
                         &mut keeping,
                         &mut transforming_value,
-                        &mut keep_depth,
+                        keep_depth,
                         depth,
                         self.config.transformer.as_ref(),
                     );
@@ -145,7 +146,7 @@ fn handle_value_done(
     buf: &mut String,
     keeping: &mut bool,
     transforming_value: &mut bool,
-    keep_depth: &mut usize,
+    keep_depth: usize,
     depth: usize,
     transformer: Option<&JsonStringTransformer>,
 ) {
@@ -161,7 +162,7 @@ fn handle_value_done(
             *transforming_value = false;
             buf.clear();
         }
-    } else if *keeping && depth < *keep_depth {
+    } else if *keeping && depth < keep_depth {
         *keeping = false;
     }
 }

libdd-trace-obfuscation/src/obfuscate.rs

@@ -101,7 +101,7 @@ pub fn obfuscate_span(span: &mut pb::Span, config: &ObfuscationConfig) {
                 .and_then(|dbms| TryInto::try_into(dbms).ok())
                 .unwrap_or_default();
             let obfuscated_query = crate::sql::obfuscate_sql(&span.resource, &config.sql, dbms);
-            span.resource = obfuscated_query.clone();
+            span.resource.clone_from(&obfuscated_query);
             span.meta.insert(TAG_SQLQUERY.to_owned(), obfuscated_query);
         }
         "elasticsearch" if config.elasticsearch.enabled => {

libdd-trace-obfuscation/src/obfuscation_config.rs

@@ -95,20 +95,26 @@ pub struct ObfuscationConfig {
 }
 
 impl ObfuscationConfig {
+    /// Builds the obfuscation config from environment variables.
+    ///
+    /// # Errors
+    ///
+    /// Returns an error if one of the regular expressions used by the config cannot be compiled.
     pub fn new() -> Result<Self, Box<dyn std::error::Error>> {
-        let tag_replace_rules: Option<Vec<ReplaceRule>> = match env::var("DD_APM_REPLACE_TAGS") {
-            Ok(replace_rules_str) => match replacer::parse_rules_from_string(&replace_rules_str) {
-                Ok(res) => {
-                    debug!("Successfully parsed DD_APM_REPLACE_TAGS: {res:?}");
-                    Some(res)
-                }
-                Err(e) => {
-                    error!("Failed to parse DD_APM_REPLACE_TAGS: {e}");
-                    None
-                }
-            },
-            Err(_) => None,
-        };
+        let tag_replace_rules: Option<Vec<ReplaceRule>> = env::var("DD_APM_REPLACE_TAGS")
+            .map_or_else(
+                |_| None,
+                |replace_rules_str| match replacer::parse_rules_from_string(&replace_rules_str) {
+                    Ok(res) => {
+                        debug!("Successfully parsed DD_APM_REPLACE_TAGS: {res:?}");
+                        Some(res)
+                    }
+                    Err(e) => {
+                        error!("Failed to parse DD_APM_REPLACE_TAGS: {e}");
+                        None
+                    }
+                },
+            );
         let http_remove_query_string =
             parse_env::bool("DD_APM_OBFUSCATION_HTTP_REMOVE_QUERY_STRING").unwrap_or(false);
         let http_remove_path_digits =

libdd-trace-obfuscation/src/redis.rs

@@ -128,13 +128,22 @@ fn obfuscate_redis_cmd<'a>(str: &mut String, cmd: &'a str, mut args: Vec<&'a str
                 args.clear();
                 args.push("?");
             }
-        b"ACL"
-            // Obfuscate all arguments after the subcommand:
+        b"ACL" | b"GEOHASH" | b"GEOPOS" | b"GEODIST" | b"LPUSH" | b"RPUSH" | b"SREM" | b"ZREM"
+        | b"SADD"
+            // Obfuscate all arguments after the first token:
             // • ACL SETUSER username on >password ~keys &channels +commands
             // • ACL GETUSER username
             // • ACL DELUSER username [username ...]
             // • ACL LIST
             // • ACL WHOAMI
+            // • GEOHASH key member [member ...]
+            // • GEOPOS key member [member ...]
+            // • GEODIST key member1 member2 [unit]
+            // • LPUSH key value [value ...]
+            // • RPUSH key value [value ...]
+            // • SREM key member [member ...]
+            // • ZREM key member [member ...]
+            // • SADD key member [member ...]
             if args.len() > 1 => {
                 args[1] = "?";
                 args.drain(2..);
@@ -177,20 +186,6 @@ fn obfuscate_redis_cmd<'a>(str: &mut String, cmd: &'a str, mut args: Vec<&'a str
             // • LINSERT key BEFORE|AFTER pivot value
             args = obfuscate_redis_args_n(args, 3);
         }
-        b"GEOHASH" | b"GEOPOS" | b"GEODIST" | b"LPUSH" | b"RPUSH" | b"SREM" | b"ZREM" | b"SADD"
-            // Obfuscate all arguments after the first one.
-            // • GEOHASH key member [member ...]
-            // • GEOPOS key member [member ...]
-            // • GEODIST key member1 member2 [unit]
-            // • LPUSH key value [value ...]
-            // • RPUSH key value [value ...]
-            // • SREM key member [member ...]
-            // • ZREM key member [member ...]
-            // • SADD key member [member ...]
-            if args.len() > 1 => {
-                args[1] = "?";
-                args.drain(2..);
-            }
         b"GEOADD" => {
             // Obfuscating every 3rd argument starting from first
             // • GEOADD key longitude latitude member [longitude latitude member ...]
@@ -278,9 +273,8 @@ pub fn remove_all_redis_args(redis_cmd: &str) -> String {
     let mut obfuscated_cmd = String::new();
 
     // If the redis command is empty, return immediately. Otherwise, store the command token.
-    let cmd = match redis_cmd_iter.next() {
-        Some(cmd) => cmd,
-        None => return obfuscated_cmd,
+    let Some(cmd) = redis_cmd_iter.next() else {
+        return obfuscated_cmd;
     };
     obfuscated_cmd.push_str(cmd);
 

libdd-trace-obfuscation/src/replacer.rs

@@ -109,6 +109,10 @@ pub fn replace_span_tags(span: &mut pb::Span, rules: &[ReplaceRule], scratch_spa
 /// `parse_rules_from_string` takes an array of rules, represented as an array of length 3 arrays
 /// holding the tag name, regex pattern, and replacement string as strings.
 /// * returns a vec of `ReplaceRules`
+///
+/// # Errors
+///
+/// Returns an error when the input is not valid JSON or a rule pattern is not a valid regex.
 pub fn parse_rules_from_string(
     // rules: &'a [[&'a str; 3]],
     rules: &str,