From cb6cae397ec6b96a65755f33f6a20b64347e165f Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Fri, 11 Oct 2024 10:14:45 +0300 Subject: [PATCH 1/2] Lint fixes These are all in tests or test adjacent code, found with "cargo clippy --all-targets". Signed-off-by: Jussi Kukkonen --- src/cosign/mod.rs | 2 +- src/cosign/signature_layers.rs | 15 +++------------ src/crypto/certificate.rs | 34 ++++++++++++++-------------------- src/crypto/keyring.rs | 2 +- src/crypto/verification_key.rs | 15 +++------------ 5 files changed, 22 insertions(+), 46 deletions(-) diff --git a/src/cosign/mod.rs b/src/cosign/mod.rs index b364bf943b..3c7f4e53fd 100644 --- a/src/cosign/mod.rs +++ b/src/cosign/mod.rs @@ -337,7 +337,7 @@ TNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ const SIGNED_IMAGE: &str = "busybox:1.34"; pub(crate) fn get_fulcio_cert_pool() -> CertificatePool { - fn pem_to_der<'a>(input: &'a str) -> CertificateDer<'a> { + fn pem_to_der(input: &str) -> CertificateDer<'_> { let pem_cert = pem::parse(input).unwrap(); assert_eq!(pem_cert.tag(), "CERTIFICATE"); CertificateDer::from(pem_cert.into_contents()) diff --git a/src/cosign/signature_layers.rs b/src/cosign/signature_layers.rs index 879e548fd2..1fbc9dc226 100644 --- a/src/cosign/signature_layers.rs +++ b/src/cosign/signature_layers.rs @@ -693,10 +693,7 @@ JsB89BPhZYch0U0hKANx5TY+ncrm0s8bfJxxHoenAEFhwhuXeb4PqIrtoQ== ) .expect_err("Didn't get an error"); - let found = match error { - SigstoreError::SigstoreMediaTypeNotFoundError => true, - _ => false, - }; + let found = matches!(error, SigstoreError::SigstoreMediaTypeNotFoundError); assert!(found, "Got a different error type: {}", error); } @@ -725,10 +722,7 @@ JsB89BPhZYch0U0hKANx5TY+ncrm0s8bfJxxHoenAEFhwhuXeb4PqIrtoQ== ) .expect_err("Didn't get an error"); - let found = match error { - SigstoreError::SigstoreMediaTypeNotFoundError => true, - _ => false, - }; + let found = matches!(error, SigstoreError::SigstoreMediaTypeNotFoundError); assert!(found, "Got a different error type: {}", error); } @@ -758,10 +752,7 @@ JsB89BPhZYch0U0hKANx5TY+ncrm0s8bfJxxHoenAEFhwhuXeb4PqIrtoQ== ) .expect_err("Didn't get an error"); - let found = match error { - SigstoreError::SigstoreLayerDigestMismatchError => true, - _ => false, - }; + let found = matches!(error, SigstoreError::SigstoreLayerDigestMismatchError); assert!(found, "Got a different error type: {}", error); } diff --git a/src/crypto/certificate.rs b/src/crypto/certificate.rs index 8c02209e08..bfdb3b2110 100644 --- a/src/crypto/certificate.rs +++ b/src/crypto/certificate.rs @@ -351,10 +351,10 @@ mod tests { let cert = x509_cert::Certificate::from_der(pem.contents())?; let err = verify_key_usages(&cert).expect_err("Was supposed to return an error"); - let found = match err { - SigstoreError::CertificateWithoutDigitalSignatureKeyUsage => true, - _ => false, - }; + let found = matches!( + err, + SigstoreError::CertificateWithoutDigitalSignatureKeyUsage + ); assert!(found, "Didn't get expected error, got {:?} instead", err); Ok(()) @@ -376,10 +376,7 @@ mod tests { let cert = x509_cert::Certificate::from_der(pem.contents())?; let err = verify_key_usages(&cert).expect_err("Was supposed to return an error"); - let found = match err { - SigstoreError::CertificateWithoutCodeSigningKeyUsage => true, - _ => false, - }; + let found = matches!(err, SigstoreError::CertificateWithoutCodeSigningKeyUsage); assert!(found, "Didn't get expected error, got {:?} instead", err); Ok(()) @@ -402,10 +399,10 @@ mod tests { let cert = x509_cert::Certificate::from_der(pem.contents())?; let error = verify_has_san(&cert).expect_err("Didn't get an error"); - let found = match error { - SigstoreError::CertificateWithoutSubjectAlternativeName => true, - _ => false, - }; + let found = matches!( + error, + SigstoreError::CertificateWithoutSubjectAlternativeName + ); assert!(found, "Didn't get the expected error: {}", error); Ok(()) @@ -446,10 +443,7 @@ mod tests { let cert = x509_cert::Certificate::from_der(pem.contents())?; let err = verify_validity(&cert).expect_err("Was expecting an error"); - let found = match err { - SigstoreError::CertificateValidityError(_) => true, - _ => false, - }; + let found = matches!(err, SigstoreError::CertificateValidityError(_)); assert!(found, "Didn't get expected error, got {:?} instead", err); Ok(()) @@ -508,13 +502,13 @@ mod tests { let err = verify_expiration(&cert, integrated_time.timestamp()) .expect_err("Was expecting an error"); - let found = match err { + let found = matches!( + err, SigstoreError::CertificateIssuedAfterSignaturesSubmittedToRekor { integrated_time: _, not_after: _, - } => true, - _ => false, - }; + } + ); assert!(found, "Didn't get expected error, got {:?} instead", err); Ok(()) diff --git a/src/crypto/keyring.rs b/src/crypto/keyring.rs index d24e36496e..30c36f33af 100644 --- a/src/crypto/keyring.rs +++ b/src/crypto/keyring.rs @@ -129,7 +129,7 @@ mod tests { // Generate the key id. let mut hasher = sha2::Sha256::new(); - hasher.write(pub_key.as_slice()).unwrap(); + hasher.write_all(pub_key.as_slice()).unwrap(); let key_id: [u8; 32] = hasher.finalize().into(); // Check for success. diff --git a/src/crypto/verification_key.rs b/src/crypto/verification_key.rs index 5d877750c8..1293fc7667 100644 --- a/src/crypto/verification_key.rs +++ b/src/crypto/verification_key.rs @@ -425,10 +425,7 @@ mod tests { let err = verification_key .verify_signature(signature, msg.as_bytes()) .expect_err("Was expecting an error"); - let found = match err { - SigstoreError::PublicKeyVerificationError => true, - _ => false, - }; + let found = matches!(err, SigstoreError::PublicKeyVerificationError); assert!(found, "Didn't get expected error, got {:?} instead", err); } @@ -443,10 +440,7 @@ mod tests { let err = verification_key .verify_signature(signature, msg.as_bytes()) .expect_err("Was expecting an error"); - let found = match err { - SigstoreError::Base64DecodeError(_) => true, - _ => false, - }; + let found = matches!(err, SigstoreError::Base64DecodeError(_)); assert!(found, "Didn't get expected error, got {:?} instead", err); } @@ -468,10 +462,7 @@ JsB89BPhZYch0U0hKANx5TY+ncrm0s8bfJxxHoenAEFhwhuXeb4PqIrtoQ== let err = verification_key .verify_signature(signature, msg.as_bytes()) .expect_err("Was expecting an error"); - let found = match err { - SigstoreError::PublicKeyVerificationError => true, - _ => false, - }; + let found = matches!(err, SigstoreError::PublicKeyVerificationError); assert!(found, "Didn't get expected error, got {:?} instead", err); } From 32db82c62afa2a3bb1bb4d39d302b5e97f1a6cd2 Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Fri, 11 Oct 2024 16:29:06 +0300 Subject: [PATCH 2/2] build: lint tests too * Make sure tests are linted * Allow panic and unwrap in tests Signed-off-by: Jussi Kukkonen --- Makefile | 2 +- clippy.toml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 clippy.toml diff --git a/Makefile b/Makefile index c05cbf9a0c..7598888126 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ fmt: .PHONY: lint lint: - cargo clippy --workspace -- -D warnings + cargo clippy --all-targets -- -D warnings .PHONY: doc doc: diff --git a/clippy.toml b/clippy.toml new file mode 100644 index 0000000000..f69b4a67f9 --- /dev/null +++ b/clippy.toml @@ -0,0 +1,2 @@ +allow-unwrap-in-tests = true +allow-panic-in-tests = true