fix: Use raw string values instead of repr() for str types in display_string

kgilpin · claude · kgilpin · commit f9945dc0f7cc · 2026-03-31T19:43:28.000-04:00
When APPMAP_DISPLAY_PARAMS=true, repr() wraps string values in quotes
(e.g. 'my-api-key'), which breaks the scanner's secret-in-log substring
matching. By using the raw string value directly for str types, the
recorded value matches what appears in log messages, enabling proper
secret leak detection.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/_appmap/event.py b/_appmap/event.py
@@ -61,7 +61,7 @@ def display_string(val, has_labels=False):
     value = None
     if _should_display(has_labels):
         try:
-            value = repr(val)
+            value = val if isinstance(val, str) else repr(val)
         except Exception:  # pylint: disable=broad-except
             pass
 
diff --git a/_appmap/test/data/expected.appmap.json b/_appmap/test/data/expected.appmap.json
@@ -23,7 +23,7 @@
     {
       "return_value": {
         "class": "builtins.str",
-        "value": "'ExampleClass.static_method\\n...\\n'"
+        "value": "ExampleClass.static_method\n...\n"
       },
       "parent_id": 1,
       "id": 2,
@@ -49,7 +49,7 @@
     {
       "return_value": {
         "class": "builtins.str",
-        "value": "'ClassMethodMixin#class_method, cls ExampleClass'"
+        "value": "ClassMethodMixin#class_method, cls ExampleClass"
       },
       "parent_id": 3,
       "id": 4,
@@ -75,7 +75,7 @@
     {
       "return_value": {
         "class": "builtins.str",
-        "value": "'Super#instance_method'"
+        "value": "Super#instance_method"
       },
       "parent_id": 5,
       "id": 6,
@@ -127,7 +127,7 @@
           "name": "data",
           "kind": "req",
           "class": "builtins.str",
-          "value": "'ExampleClass.call_yaml'"
+          "value": "ExampleClass.call_yaml"
         }
       ],
       "id": 10,
@@ -144,7 +144,7 @@
           "name": "data",
           "kind": "req",
           "class": "builtins.str",
-          "value": "'ExampleClass.call_yaml'"
+          "value": "ExampleClass.call_yaml"
         },
         {
           "name": "stream",
@@ -176,7 +176,7 @@
     {
       "return_value": {
         "class": "builtins.str",
-        "value": "'ExampleClass.call_yaml\\n...\\n'"
+        "value": "ExampleClass.call_yaml\n...\n"
       },
       "parent_id": 11,
       "id": 12,
@@ -190,7 +190,7 @@
           "name": "data",
           "kind": "req",
           "class": "builtins.str",
-          "value": "'ExampleClass.call_yaml'"
+          "value": "ExampleClass.call_yaml"
         },
         {
           "name": "stream",
@@ -222,7 +222,7 @@
     {
       "return_value": {
         "class": "builtins.str",
-        "value": "'ExampleClass.call_yaml\\n...\\n'"
+        "value": "ExampleClass.call_yaml\n...\n"
       },
       "parent_id": 13,
       "id": 14,
@@ -334,4 +334,4 @@
       ]
     }
   ]
-}
+}
diff --git a/_appmap/test/data/pytest/expected/pytest-numpy1-no-test-cases.appmap.json b/_appmap/test/data/pytest/expected/pytest-numpy1-no-test-cases.appmap.json
@@ -56,7 +56,7 @@
     {
       "return_value": {
         "class": "builtins.str",
-        "value": "'Hello'"
+        "value": "Hello"
       },
       "parent_id": 2,
       "id": 3,
@@ -83,7 +83,7 @@
     {
       "return_value": {
         "class": "builtins.str",
-        "value": "'world!'"
+        "value": "world!"
       },
       "parent_id": 4,
       "id": 5,
@@ -93,7 +93,7 @@
     {
       "return_value": {
         "class": "builtins.str",
-        "value": "'Hello world!'"
+        "value": "Hello world!"
       },
       "parent_id": 1,
       "id": 6,
@@ -239,4 +239,4 @@
       ]
     }
   ]
-}
+}
diff --git a/_appmap/test/data/pytest/expected/pytest-numpy1.appmap.json b/_appmap/test/data/pytest/expected/pytest-numpy1.appmap.json
@@ -66,7 +66,7 @@
     },
     {
       "return_value": {
-        "value": "'Hello'",
+        "value": "Hello",
         "class": "builtins.str"
       },
       "parent_id": 3,
@@ -93,7 +93,7 @@
     },
     {
       "return_value": {
-        "value": "'world!'",
+        "value": "world!",
         "class": "builtins.str"
       },
       "parent_id": 5,
@@ -103,7 +103,7 @@
     },
     {
       "return_value": {
-        "value": "'Hello world!'",
+        "value": "Hello world!",
         "class": "builtins.str"
       },
       "parent_id": 2,
@@ -278,4 +278,4 @@
       ]
     }
   ]
-}
+}
diff --git a/_appmap/test/data/pytest/expected/pytest-numpy2-no-test-cases.appmap.json b/_appmap/test/data/pytest/expected/pytest-numpy2-no-test-cases.appmap.json
@@ -56,7 +56,7 @@
     {
       "return_value": {
         "class": "builtins.str",
-        "value": "'Hello'"
+        "value": "Hello"
       },
       "parent_id": 2,
       "id": 3,
@@ -83,7 +83,7 @@
     {
       "return_value": {
         "class": "builtins.str",
-        "value": "'world!'"
+        "value": "world!"
       },
       "parent_id": 4,
       "id": 5,
@@ -93,7 +93,7 @@
     {
       "return_value": {
         "class": "builtins.str",
-        "value": "'Hello world!'"
+        "value": "Hello world!"
       },
       "parent_id": 1,
       "id": 6,
@@ -239,4 +239,4 @@
       ]
     }
   ]
-}
+}
diff --git a/_appmap/test/data/pytest/expected/pytest-numpy2.appmap.json b/_appmap/test/data/pytest/expected/pytest-numpy2.appmap.json
@@ -66,7 +66,7 @@
     },
     {
       "return_value": {
-        "value": "'Hello'",
+        "value": "Hello",
         "class": "builtins.str"
       },
       "parent_id": 3,
@@ -93,7 +93,7 @@
     },
     {
       "return_value": {
-        "value": "'world!'",
+        "value": "world!",
         "class": "builtins.str"
       },
       "parent_id": 5,
@@ -103,7 +103,7 @@
     },
     {
       "return_value": {
-        "value": "'Hello world!'",
+        "value": "Hello world!",
         "class": "builtins.str"
       },
       "parent_id": 2,
@@ -278,4 +278,4 @@
       ]
     }
   ]
-}
+}
diff --git a/_appmap/test/data/unittest/expected/pytest.appmap.json b/_appmap/test/data/unittest/expected/pytest.appmap.json
@@ -53,12 +53,14 @@
         "class": "simple.Simple",
         "value": "<simple.Simple object at 0xabcdef>"
       },
-      "parameters": [{
-        "class": "builtins.str",
-        "kind": "req",
-        "name": "bang",
-        "value": "'!'"
-      }],
+      "parameters": [
+        {
+          "class": "builtins.str",
+          "kind": "req",
+          "name": "bang",
+          "value": "!"
+        }
+      ],
       "id": 2,
       "event": "call",
       "thread_id": 1
@@ -83,7 +85,7 @@
     {
       "return_value": {
         "class": "builtins.str",
-        "value": "'Hello'"
+        "value": "Hello"
       },
       "parent_id": 3,
       "id": 4,
@@ -110,7 +112,7 @@
     {
       "return_value": {
         "class": "builtins.str",
-        "value": "'world'"
+        "value": "world"
       },
       "parent_id": 5,
       "id": 6,
@@ -120,7 +122,7 @@
     {
       "return_value": {
         "class": "builtins.str",
-        "value": "'Hello world!'"
+        "value": "Hello world!"
       },
       "parent_id": 2,
       "id": 7,
diff --git a/_appmap/test/data/unittest/expected/unittest-no-test-cases.appmap.json b/_appmap/test/data/unittest/expected/unittest-no-test-cases.appmap.json
@@ -35,7 +35,7 @@
       "parameters": [
         {
           "kind": "req",
-          "value": "'!'",
+          "value": "!",
           "name": "bang",
           "class": "builtins.str"
         }
@@ -67,7 +67,7 @@
     },
     {
       "return_value": {
-        "value": "'Hello'",
+        "value": "Hello",
         "class": "builtins.str"
       },
       "parent_id": 2,
@@ -94,7 +94,7 @@
     },
     {
       "return_value": {
-        "value": "'world'",
+        "value": "world",
         "class": "builtins.str"
       },
       "parent_id": 4,
@@ -104,7 +104,7 @@
     },
     {
       "return_value": {
-        "value": "'Hello world!'",
+        "value": "Hello world!",
         "class": "builtins.str"
       },
       "parent_id": 1,
@@ -145,4 +145,4 @@
       ]
     }
   ]
-}
+}
diff --git a/_appmap/test/data/unittest/expected/unittest.appmap.json b/_appmap/test/data/unittest/expected/unittest.appmap.json
@@ -53,12 +53,14 @@
         "class": "simple.Simple",
         "value": "<simple.Simple object at 0xabcdef>"
       },
-      "parameters": [{
-        "class": "builtins.str",
-        "kind": "req",
-        "name": "bang",
-        "value": "'!'"
-      }],
+      "parameters": [
+        {
+          "class": "builtins.str",
+          "kind": "req",
+          "name": "bang",
+          "value": "!"
+        }
+      ],
       "id": 2,
       "event": "call",
       "thread_id": 1
@@ -83,7 +85,7 @@
     {
       "return_value": {
         "class": "builtins.str",
-        "value": "'Hello'"
+        "value": "Hello"
       },
       "parent_id": 3,
       "id": 4,
@@ -110,7 +112,7 @@
     {
       "return_value": {
         "class": "builtins.str",
-        "value": "'world'"
+        "value": "world"
       },
       "parent_id": 5,
       "id": 6,
@@ -120,7 +122,7 @@
     {
       "return_value": {
         "class": "builtins.str",
-        "value": "'Hello world!'"
+        "value": "Hello world!"
       },
       "parent_id": 2,
       "id": 7,
diff --git a/_appmap/test/test_events.py b/_appmap/test/test_events.py
@@ -129,11 +129,11 @@ def test_labeled_params_displayed_by_default(self):
 
         assert result == "hello"
         call_event = r.events[0]
-        # Parameter value should be the repr, not the opaque object string
-        assert call_event.parameters[0]["value"] == "'hello'"
+        # Parameter value should be the raw string, not repr-quoted
+        assert call_event.parameters[0]["value"] == "hello"
         # Return value should also be displayed
         return_event = r.events[1]
-        assert return_event.return_value["value"] == "'hello'"
+        assert return_event.return_value["value"] == "hello"
 
     @pytest.mark.appmap_enabled(env={"APPMAP_DISPLAY_PARAMS": "false", "APPMAP_DISPLAY_LABELED_PARAMS": "false"})
     def test_labeled_params_not_displayed_when_disabled(self):
diff --git a/_appmap/test/test_http.py b/_appmap/test/test_http.py
@@ -29,8 +29,8 @@ def test_http_client_capture(mock_requests, events):
     }
     message = request.message
     assert message[0] == DictIncluding({"name": "q", "value": "['one', 'two']"})
-    assert (message[1] == DictIncluding({"name": "q2", "value": "'🦠'"})) or (
-        message[1] == DictIncluding({"name": "q2", "value": "'\\U0001f9a0'"})
+    assert (message[1] == DictIncluding({"name": "q2", "value": "🦠"})) or (
+        message[1] == DictIncluding({"name": "q2", "value": "\\U0001f9a0"})
     )
 
     assert events[3].http_client_response == DictIncluding(
diff --git a/_appmap/test/test_params.py b/_appmap/test/test_params.py
diff --git a/_appmap/test/web_framework.py b/_appmap/test/web_framework.py

Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@`
`56`	`56`	`{`
`57`	`57`	`"return_value": {`
`58`	`58`	`"class": "builtins.str",`
`59`		`- "value": "'Hello'"`
	`59`	`+ "value": "Hello"`
`60`	`60`	`},`
`61`	`61`	`"parent_id": 2,`
`62`	`62`	`"id": 3,`
`@@ -83,7 +83,7 @@`
`83`	`83`	`{`
`84`	`84`	`"return_value": {`
`85`	`85`	`"class": "builtins.str",`
`86`		`- "value": "'world!'"`
	`86`	`+ "value": "world!"`
`87`	`87`	`},`
`88`	`88`	`"parent_id": 4,`
`89`	`89`	`"id": 5,`
`@@ -93,7 +93,7 @@`
`93`	`93`	`{`
`94`	`94`	`"return_value": {`
`95`	`95`	`"class": "builtins.str",`
`96`		`- "value": "'Hello world!'"`
	`96`	`+ "value": "Hello world!"`
`97`	`97`	`},`
`98`	`98`	`"parent_id": 1,`
`99`	`99`	`"id": 6,`
`@@ -239,4 +239,4 @@`
`239`	`239`	`]`
`240`	`240`	`}`
`241`	`241`	`]`
`242`		`-}`
	`242`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@`
`66`	`66`	`},`
`67`	`67`	`{`
`68`	`68`	`"return_value": {`
`69`		`- "value": "'Hello'",`
	`69`	`+ "value": "Hello",`
`70`	`70`	`"class": "builtins.str"`
`71`	`71`	`},`
`72`	`72`	`"parent_id": 3,`
`@@ -93,7 +93,7 @@`
`93`	`93`	`},`
`94`	`94`	`{`
`95`	`95`	`"return_value": {`
`96`		`- "value": "'world!'",`
	`96`	`+ "value": "world!",`
`97`	`97`	`"class": "builtins.str"`
`98`	`98`	`},`
`99`	`99`	`"parent_id": 5,`
`@@ -103,7 +103,7 @@`
`103`	`103`	`},`
`104`	`104`	`{`
`105`	`105`	`"return_value": {`
`106`		`- "value": "'Hello world!'",`
	`106`	`+ "value": "Hello world!",`
`107`	`107`	`"class": "builtins.str"`
`108`	`108`	`},`
`109`	`109`	`"parent_id": 2,`
`@@ -278,4 +278,4 @@`
`278`	`278`	`]`
`279`	`279`	`}`
`280`	`280`	`]`
`281`		`-}`
	`281`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@`
`35`	`35`	`"parameters": [`
`36`	`36`	`{`
`37`	`37`	`"kind": "req",`
`38`		`- "value": "'!'",`
	`38`	`+ "value": "!",`
`39`	`39`	`"name": "bang",`
`40`	`40`	`"class": "builtins.str"`
`41`	`41`	`}`
`@@ -67,7 +67,7 @@`
`67`	`67`	`},`
`68`	`68`	`{`
`69`	`69`	`"return_value": {`
`70`		`- "value": "'Hello'",`
	`70`	`+ "value": "Hello",`
`71`	`71`	`"class": "builtins.str"`
`72`	`72`	`},`
`73`	`73`	`"parent_id": 2,`
`@@ -94,7 +94,7 @@`
`94`	`94`	`},`
`95`	`95`	`{`
`96`	`96`	`"return_value": {`
`97`		`- "value": "'world'",`
	`97`	`+ "value": "world",`
`98`	`98`	`"class": "builtins.str"`
`99`	`99`	`},`
`100`	`100`	`"parent_id": 4,`
`@@ -104,7 +104,7 @@`
`104`	`104`	`},`
`105`	`105`	`{`
`106`	`106`	`"return_value": {`
`107`		`- "value": "'Hello world!'",`
	`107`	`+ "value": "Hello world!",`
`108`	`108`	`"class": "builtins.str"`
`109`	`109`	`},`
`110`	`110`	`"parent_id": 1,`
`@@ -145,4 +145,4 @@`
`145`	`145`	`]`
`146`	`146`	`}`
`147`	`147`	`]`
`148`		`-}`
	`148`	`+}`