fix(libdd-trace-obfuscation): cargo clippy fix with all lints

[Eldolfin]

What does this PR do?

Applies a restrictive workspace Clippy/Rust lint config and opts in libdd-trace-obfuscation, fixing the resulting crate-local lints without changing the behavior.

Motivation

Tighten lint coverage incrementally by starting with a single crate.

Additional Notes

How to test the change?

CI passing is sufficient validation.

[github-actions]

📚 Documentation Check Results

⚠️ 655 documentation warning(s) found

📦 libdd-trace-obfuscation - 655 warning(s)

---

Updated: 2026-05-15 14:46:41 UTC | Commit: 902aac4 | missing-docs job results

[github-actions]

Clippy Allow Annotation Report

Comparing clippy allow annotations between branches:

• Base Branch: origin/main
• PR Branch: origin/oscarld/restrictive-clippy-on-trace-obfuscation

Summary by Rule

Rule	Base Branch	PR Branch	Change
unwrap_used	8	3	✅ -5 (-62.5%)
Total	8	3	✅ -5 (-62.5%)

Annotation Counts by File

File	Base Branch	PR Branch	Change
libdd-trace-obfuscation/benches/benchmarks/replace_trace_tags_bench.rs	0	1	⚠️ +1 (N/A)
libdd-trace-obfuscation/src/credit_cards.rs	4	0	✅ -4 (-100.0%)
libdd-trace-obfuscation/src/ip_address.rs	3	1	✅ -2 (-66.7%)
libdd-trace-obfuscation/src/replacer.rs	1	1	No change (0%)

Annotation Stats by Crate

Crate	Base Branch	PR Branch	Change
clippy-annotation-reporter	5	5	No change (0%)
datadog-ffe-ffi	1	1	No change (0%)
datadog-ipc	21	21	No change (0%)
datadog-live-debugger	6	6	No change (0%)
datadog-live-debugger-ffi	10	10	No change (0%)
datadog-profiling-replayer	4	4	No change (0%)
datadog-remote-config	3	3	No change (0%)
datadog-sidecar	57	57	No change (0%)
libdd-common	13	13	No change (0%)
libdd-common-ffi	12	12	No change (0%)
libdd-data-pipeline	5	5	No change (0%)
libdd-ddsketch	2	2	No change (0%)
libdd-dogstatsd-client	1	1	No change (0%)
libdd-profiling	13	13	No change (0%)
libdd-telemetry	20	20	No change (0%)
libdd-tinybytes	4	4	No change (0%)
libdd-trace-normalization	2	2	No change (0%)
libdd-trace-obfuscation	8	3	✅ -5 (-62.5%)
libdd-trace-stats	1	1	No change (0%)
libdd-trace-utils	15	15	No change (0%)
Total	203	198	✅ -5 (-2.5%)

About This Report

This report tracks Clippy allow annotations for specific rules, showing how they've changed in this PR. Decreasing the number of these annotations generally improves code quality.

[github-actions]

🔒 Cargo Deny Results

⚠️ 4 issue(s) found, showing only errors (advisories, bans, sources)

📦 libdd-trace-obfuscation - 4 error(s)

Show output

error[unsound]: Rand is unsound with a custom logger using `rand::rng()`
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:182:1
    │
182 │ rand 0.8.5 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ unsound advisory detected
    │
    ├ ID: RUSTSEC-2026-0097
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0097
    ├ It has been reported (by @lopopolo) that the `rand` library is [unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library) (i.e. that safe code using the public API can cause Undefined Behaviour) when all the following conditions are met:
      
      - The `log` and `thread_rng` features are enabled
      - A [custom logger](https://docs.rs/log/latest/log/#implementing-a-logger) is defined
      - The custom logger accesses `rand::rng()` (previously `rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`) methods on `ThreadRng`
      - The `ThreadRng` (attempts to) reseed while called from the custom logger (this happens every 64 kB of generated data)
      - Trace-level logging is enabled or warn-level logging is enabled and the random source (the `getrandom` crate) is unable to provide a new seed
      
      `TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe` code to cast `*mut BlockRng<ReseedingCore>` to `&mut BlockRng<ReseedingCore>`. When all the above conditions are met this results in an aliased mutable reference, violating the Stacked Borrows rules. Miri is able to detect this violation in sample code. Since construction of [aliased mutable references is Undefined Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html), the behaviour of optimized builds is hard to predict.
    ├ Announcement: https://github.com/rust-random/rand/pull/1763
    ├ Solution: Upgrade to >=0.10.1 OR <0.10.0, >=0.9.3 OR <0.9.0, >=0.8.6 (try `cargo update -p rand`)
    ├ rand v0.8.5
      ├── (dev) libdd-common v4.0.0
      │   ├── libdd-capabilities-impl v1.0.0
      │   │   └── libdd-trace-utils v3.0.1
      │   │       ├── libdd-trace-obfuscation v2.0.0
      │   │       └── (dev) libdd-trace-utils v3.0.1 (*)
      │   ├── libdd-trace-obfuscation v2.0.0 (*)
      │   └── libdd-trace-utils v3.0.1 (*)
      ├── (dev) libdd-trace-normalization v2.0.0
      │   └── libdd-trace-utils v3.0.1 (*)
      ├── libdd-trace-utils v3.0.1 (*)
      └── proptest v1.5.0
          └── (dev) libdd-tinybytes v1.1.0
              ├── (dev) libdd-tinybytes v1.1.0 (*)
              └── libdd-trace-utils v3.0.1 (*)

error[vulnerability]: Name constraints for URI names were incorrectly accepted
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:206:1
    │
206 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0098
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0098
    ├ Name constraints for URI names were ignored and therefore accepted.
      
      Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented.  URI name constraints are now rejected unconditionally.
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-965h-392x-2mh5](https://github.com/rustls/webpki/security/advisories/GHSA-965h-392x-2mh5). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.0.0
          │       ├── libdd-capabilities-impl v1.0.0
          │       │   └── libdd-trace-utils v3.0.1
          │       │       ├── libdd-trace-obfuscation v2.0.0
          │       │       └── (dev) libdd-trace-utils v3.0.1 (*)
          │       ├── libdd-trace-obfuscation v2.0.0 (*)
          │       └── libdd-trace-utils v3.0.1 (*)
          ├── libdd-common v4.0.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.0.0 (*)

error[vulnerability]: Name constraints were accepted for certificates asserting a wildcard name
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:206:1
    │
206 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0099
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0099
    ├ Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name.
      
      This was incorrect because, given a name constraint of `accept.example.com`, `*.example.com` could feasibly allow a name of `reject.example.com` which is outside the constraint.
      This is very similar to [CVE-2025-61727](https://go.dev/issue/76442).
      
      Since name constraints are restrictions on otherwise properly-issued certificates, this bug is reachable only after signature verification and requires misissuance to exploit.
      
      This vulnerability is identified as [GHSA-xgp8-3hg3-c2mh](https://github.com/rustls/webpki/security/advisories/GHSA-xgp8-3hg3-c2mh). Thank you to @1seal for the report.
    ├ Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.0.0
          │       ├── libdd-capabilities-impl v1.0.0
          │       │   └── libdd-trace-utils v3.0.1
          │       │       ├── libdd-trace-obfuscation v2.0.0
          │       │       └── (dev) libdd-trace-utils v3.0.1 (*)
          │       ├── libdd-trace-obfuscation v2.0.0 (*)
          │       └── libdd-trace-utils v3.0.1 (*)
          ├── libdd-common v4.0.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.0.0 (*)

error[vulnerability]: Reachable panic in certificate revocation list parsing
    ┌─ /home/runner/work/libdatadog/libdatadog/Cargo.lock:206:1
    │
206 │ rustls-webpki 0.103.10 registry+https://github.com/rust-lang/crates.io-index
    │ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ security vulnerability detected
    │
    ├ ID: RUSTSEC-2026-0104
    ├ Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0104
    ├ A panic was reachable when parsing certificate revocation lists via [`BorrowedCertRevocationList::from_der`]
      or [`OwnedCertRevocationList::from_der`].  This was the result of mishandling a syntactically valid empty
      `BIT STRING` appearing in the `onlySomeReasons` element of a `IssuingDistributionPoint` CRL extension.
      
      This panic is reachable prior to a CRL's signature being verified.
      
      Applications that do not use CRLs are not affected.
      
      Thank you to @tynus3 for the report.
    ├ Solution: Upgrade to >=0.103.13, <0.104.0-alpha.1 OR >=0.104.0-alpha.7 (try `cargo update -p rustls-webpki`)
    ├ rustls-webpki v0.103.10
      └── rustls v0.23.37
          ├── hyper-rustls v0.27.7
          │   └── libdd-common v4.0.0
          │       ├── libdd-capabilities-impl v1.0.0
          │       │   └── libdd-trace-utils v3.0.1
          │       │       ├── libdd-trace-obfuscation v2.0.0
          │       │       └── (dev) libdd-trace-utils v3.0.1 (*)
          │       ├── libdd-trace-obfuscation v2.0.0 (*)
          │       └── libdd-trace-utils v3.0.1 (*)
          ├── libdd-common v4.0.0 (*)
          └── tokio-rustls v0.26.0
              ├── hyper-rustls v0.27.7 (*)
              └── libdd-common v4.0.0 (*)

advisories FAILED, bans ok, sources ok

---

Updated: 2026-05-15 14:48:44 UTC | Commit: 902aac4 | dependency-check job results

[codecov-commenter]

Codecov Report

❌ Patch coverage is 57.02128% with 101 lines in your changes missing coverage. Please review.
✅ Project coverage is 72.69%. Comparing base (500c147) to head (cdc145d).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1947      +/-   ##
==========================================
- Coverage   72.69%   72.69%   -0.01%     
==========================================
  Files         452      452              
  Lines       74886    74876      -10     
==========================================
- Hits        54438    54428      -10     
  Misses      20448    20448              

Components	Coverage Δ
libdd-crashtracker	65.29% <ø> (-0.02%)	⬇️
libdd-crashtracker-ffi	37.56% <ø> (ø)
libdd-alloc	98.77% <ø> (ø)
libdd-data-pipeline	86.00% <ø> (ø)
libdd-data-pipeline-ffi	71.04% <ø> (ø)
libdd-common	79.81% <ø> (ø)
libdd-common-ffi	74.41% <ø> (ø)
libdd-telemetry	73.37% <ø> (ø)
libdd-telemetry-ffi	31.36% <ø> (ø)
libdd-dogstatsd-client	82.64% <ø> (ø)
datadog-ipc	76.17% <ø> (-0.05%)	⬇️
libdd-profiling	81.57% <ø> (ø)
libdd-profiling-ffi	64.51% <ø> (ø)
libdd-sampling	97.46% <ø> (ø)
datadog-sidecar	28.97% <ø> (ø)
datdog-sidecar-ffi	9.08% <ø> (ø)
spawn-worker	48.86% <ø> (ø)
libdd-tinybytes	93.16% <ø> (ø)
libdd-trace-normalization	81.71% <ø> (ø)
libdd-trace-obfuscation	87.30% <57.02%> (-0.10%)	⬇️
libdd-trace-protobuf	68.25% <ø> (ø)
libdd-trace-utils	89.59% <ø> (ø)
libdd-tracer-flare	86.88% <ø> (ø)
libdd-log	74.83% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[datadog-prod-us1-5]

🎉 All green!

❄️ No new flaky tests detected
🧪 All tests passed

🎯 Code Coverage (details)
• Patch Coverage: 57.02%
• Overall Coverage: 72.69% (-0.00%)

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: cdc145d | Docs | Datadog PR Page | Give us feedback!}

[dd-octo-sts]

Artifact Size Benchmark Report

aarch64-alpine-linux-musl

Artifact	Baseline	Commit	Change
/aarch64-alpine-linux-musl/lib/libdatadog_profiling.so	7.57 MB	7.57 MB	0% (0 B) 👌
/aarch64-alpine-linux-musl/lib/libdatadog_profiling.a	81.84 MB	81.84 MB	+0% (+224 B) 👌

aarch64-unknown-linux-gnu

Artifact	Baseline	Commit	Change
/aarch64-unknown-linux-gnu/lib/libdatadog_profiling.so	10.01 MB	10.01 MB	0% (0 B) 👌
/aarch64-unknown-linux-gnu/lib/libdatadog_profiling.a	98.03 MB	98.03 MB	+0% (+224 B) 👌

libdatadog-x64-windows

Artifact	Baseline	Commit	Change
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.dll	24.49 MB	24.49 MB	-0% (-512 B) 👌
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.lib	79.87 KB	79.87 KB	0% (0 B) 👌
/libdatadog-x64-windows/debug/dynamic/datadog_profiling_ffi.pdb	180.28 MB	180.25 MB	--.01% (-32.00 KB) 💪
/libdatadog-x64-windows/debug/static/datadog_profiling_ffi.lib	914.23 MB	914.25 MB	+0% (+19.61 KB) 👌
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.dll	7.73 MB	7.73 MB	0% (0 B) 👌
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.lib	79.87 KB	79.87 KB	0% (0 B) 👌
/libdatadog-x64-windows/release/dynamic/datadog_profiling_ffi.pdb	23.16 MB	23.16 MB	0% (0 B) 👌
/libdatadog-x64-windows/release/static/datadog_profiling_ffi.lib	45.36 MB	45.36 MB	+0% (+50 B) 👌

libdatadog-x86-windows

Artifact	Baseline	Commit	Change
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.dll	21.09 MB	21.09 MB	-0% (-512 B) 👌
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.lib	81.11 KB	81.11 KB	0% (0 B) 👌
/libdatadog-x86-windows/debug/dynamic/datadog_profiling_ffi.pdb	184.35 MB	184.35 MB	0% (0 B) 👌
/libdatadog-x86-windows/debug/static/datadog_profiling_ffi.lib	900.35 MB	900.37 MB	+0% (+22.18 KB) 👌
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.dll	5.99 MB	5.99 MB	0% (0 B) 👌
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.lib	81.11 KB	81.11 KB	0% (0 B) 👌
/libdatadog-x86-windows/release/dynamic/datadog_profiling_ffi.pdb	24.80 MB	24.80 MB	0% (0 B) 👌
/libdatadog-x86-windows/release/static/datadog_profiling_ffi.lib	42.85 MB	42.85 MB	+0% (+74 B) 👌

x86_64-alpine-linux-musl

Artifact	Baseline	Commit	Change
/x86_64-alpine-linux-musl/lib/libdatadog_profiling.a	72.93 MB	72.93 MB	+0% (+232 B) 👌
/x86_64-alpine-linux-musl/lib/libdatadog_profiling.so	8.42 MB	8.42 MB	0% (0 B) 👌

x86_64-unknown-linux-gnu

Artifact	Baseline	Commit	Change
/x86_64-unknown-linux-gnu/lib/libdatadog_profiling.a	90.70 MB	90.70 MB	+0% (+232 B) 👌
/x86_64-unknown-linux-gnu/lib/libdatadog_profiling.so	10.06 MB	10.06 MB	0% (0 B) 👌

[Eldolfin]

?

[ekump]

Where did this come from? The current released version is 2.0.0. @iunanua any idea?

[Eldolfin]

Reverted. 🫣

[Eldolfin]

Looking closer, adding the #[must_use] to fix the clippy::must_use_candidate attribute is considered a breaking change from the semver checks perspective.

[Aaalibaba42]

Overall this is great, glancing over the thing a little, I just don't like the ubiquitous 111_222_333 formatting given we are an ID heavy codebase, we rarely would have raw numbers above 999 compared to the numbers of times they would be IDs we don't want to format this way.

[yannham]

I don't feel too comfortable stamping this 1k+ line change PR because it's a mix of trivial, semantic-preserving style changes (basically clippy --fix, as announced in the PR title) and two non trivial refactorings in the scanner and elsewhere (splitting huge functions into smaller ones). Would that be possible to split off those two refactorings first as two independent PRs (even it's just moving code around, it'll make it easier to make sure the changes are OK), and keep the final PR to be only the clippy-fix-like easy to review changes?

[yannham]

Why is this enum made public? It's changing the public API

[yannham]

Same question

[Eldolfin]

I think these are from this lint: redundant_pub_crate. Not a game changing lint, but the (crate) is indeed useless because this module is already private so it won't show up as public anyway.

[Eldolfin]

I don't feel too comfortable stamping this 1k+ line change PR because it's a mix of trivial, semantic-preserving style changes (basically clippy --fix, as announced in the PR title) and two non trivial refactorings in the scanner and elsewhere (splitting huge functions into smaller ones). Would that be possible to split off those two refactorings first as two independent PRs first (even it's just moving code around, it'll make it easier to make sure the changes are OK), and keep the final PR to be only the clippy-fix-like easy to review changes?

@yannham I agree, this could have been split into 2 PRs, I can still relatively easily split it now because this refactor is mostly contained in a single commit (bb56e9b).

On the other hand this crate is so heavily tested that I personally feel confortable merging this refactor without thinking too much about it (the full testsuite is not in this repo, but there is 303 sql test cases and 27 json obfuscation test cases accros different configs to give an idea).

Lmk if you still think it's important do split it knowing that. Anyway, I'll try to go in smaller steps for crates I'm not as familiar with 👍🏽

BTW: the too_many_lines lint can be configured to change the default threshold (default is 100 lines). I feel like the default is already reasonable but lmk if you think otherwise !

[yannham]

I don't want to block this PR on splitting, and there are already a bunch of approves. However it's always good to get a second pair of eyes on the code, so even when you're confident on the change, we should strive to make reviews easy (or it kinda defeats the purpose to review in the first place). Let this be a reminder for our future selfs 🙂