codetracer-python-recorder/src/trace_filter/engine.rs:i Address review comment

tzanko-matev · tzanko-matev · commit f78722bb3922 · 2025-10-24T15:37:10.000+03:00
Signed-off-by: Tzanko Matev &lt;tsanko@metacraft-labs.com&gt;
diff --git a/codetracer-python-recorder/src/trace_filter/engine.rs b/codetracer-python-recorder/src/trace_filter/engine.rs
@@ -253,8 +253,7 @@ impl TraceFilterEngine {
                     value_default = rule_value;
                 }
                 if !rule.value_patterns.is_empty() {
-                    let mut merged =
-                        Vec::with_capacity(rule.value_patterns.len() + patterns.len());
+                    let mut merged = Vec::with_capacity(rule.value_patterns.len() + patterns.len());
                     merged.extend(rule.value_patterns.iter().cloned());
                     merged.extend(patterns.into_iter());
                     patterns = merged;
@@ -404,10 +403,20 @@ impl ScopeContext {
             }
         });
 
-        let module_name = relative_path
+        let mut module_name = relative_path
             .as_deref()
             .and_then(|rel| module_from_relative(rel).map(|cow| cow.into_owned()));
 
+        if module_name.is_none() {
+            module_name = absolute_path
+                .as_deref()
+                .and_then(|abs| module_from_relative(abs).map(|cow| cow.into_owned()));
+        }
+
+        if module_name.is_none() && !qualname.is_empty() {
+            module_name = Some(qualname.to_string());
+        }
+
         let object_name = module_name
             .as_ref()
             .map(|module| format!("{}.{}", module, qualname))
@@ -473,12 +482,15 @@ fn module_from_relative(relative: &str) -> Option<Cow<'_, str>> {
     if relative.is_empty() {
         return None;
     }
-    let trimmed = relative.trim_start_matches("./");
+    let trimmed = relative.trim_start_matches("./").trim_start_matches('/');
     let without_suffix = trimmed.strip_suffix(".py").unwrap_or(trimmed);
     if without_suffix.is_empty() {
         return None;
     }
-    let mut parts: Vec<&str> = without_suffix.split('/').collect();
+    let mut parts: Vec<&str> = without_suffix
+        .split('/')
+        .filter(|segment| !segment.is_empty())
+        .collect();
     if let Some(last) = parts.last().copied() {
         if last == "__init__" {
             parts.pop();
@@ -509,6 +521,67 @@ mod tests {
     use std::io::Write;
     use tempfile::tempdir;
 
+    #[test]
+    fn builtin_redactions_apply_without_project_filter() -> RecorderResult<()> {
+        use std::path::PathBuf;
+
+        const BUILTIN_LABEL: &str = "builtin-default";
+        const BUILTIN_FILTER: &str =
+            include_str!("../../resources/trace_filters/builtin_default.toml");
+
+        let config =
+            TraceFilterConfig::from_inline_and_paths(&[(BUILTIN_LABEL, BUILTIN_FILTER)], &[])?;
+        assert_eq!(config.sources().len(), 1);
+
+        let mut inline_source = config.sources()[0].clone();
+        inline_source.project_root = PathBuf::from(".");
+
+        let rules = compile_rules(config.rules());
+        let mut value_default = config.default_value_action();
+        let mut patterns: Vec<CompiledValuePattern> = Vec::new();
+
+        let temp = tempdir().expect("temp dir");
+        let script_path = temp.path().join("app.py");
+        fs::write(&script_path, "print('placeholder')\n").expect("create script file");
+        let script_path = script_path.to_string_lossy().to_string();
+
+        let context = ScopeContext::derive(&script_path, "leak", &[inline_source]);
+        assert!(
+            context.relative_path.is_none(),
+            "expected unresolved relative path"
+        );
+        assert!(
+            context.module_name.is_some(),
+            "module name should be derived despite missing project filter"
+        );
+
+        for rule in rules.iter() {
+            if rule.matches(&context) {
+                if let Some(rule_value) = rule.value_default {
+                    value_default = rule_value;
+                }
+                if !rule.value_patterns.is_empty() {
+                    let mut merged = Vec::with_capacity(rule.value_patterns.len() + patterns.len());
+                    merged.extend(rule.value_patterns.iter().cloned());
+                    merged.extend(patterns.into_iter());
+                    patterns = merged;
+                }
+            }
+        }
+
+        let policy = ValuePolicy::new(value_default, patterns.into());
+
+        assert_eq!(
+            policy.decide(ValueKind::Local, "password"),
+            ValueAction::Redact
+        );
+        assert_eq!(
+            policy.decide(ValueKind::Arg, "password"),
+            ValueAction::Redact
+        );
+        Ok(())
+    }
+
     #[test]
     fn caches_resolution_and_applies_value_patterns() -> RecorderResult<()> {
         let (config, file_path) = filter_with_pkg_rule(
@@ -705,10 +778,7 @@ mod tests {
                 policy.decide(ValueKind::Local, "secret_token"),
                 ValueAction::Allow
             );
-            assert_eq!(
-                policy.decide(ValueKind::Local, "other"),
-                ValueAction::Allow
-            );
+            assert_eq!(policy.decide(ValueKind::Local, "other"), ValueAction::Allow);
             Ok(())
         })
     }
