diff --git a/Cargo.toml b/Cargo.toml index 45b57dde..d0cf8674 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -110,24 +110,14 @@ version = "0.2" result_large_err = "allow" ptr_arg = "allow" let_and_return = "allow" -if_same_then_else = "allow" should_implement_trait = "allow" new_without_default = "allow" -vec_init_then_push = "allow" -nonminimal_bool = "allow" -cmp_owned = "allow" field_reassign_with_default = "allow" await_holding_lock = "allow" -manual_strip = "allow" -comparison_chain = "allow" -unnecessary_get_then_check = "allow" too_many_arguments = "allow" -module_inception = "allow" unnecessary_unwrap = "allow" collapsible_match = "allow" large_enum_variant = "allow" -manual_flatten = "allow" -regex_creation_in_loops = "allow" unnecessary_map_or = "allow" [[bin]] diff --git a/src/cli/command/format.rs b/src/cli/command/format.rs index a06f3862..291f6a47 100644 --- a/src/cli/command/format.rs +++ b/src/cli/command/format.rs @@ -10,6 +10,10 @@ use serde_json::{json, Map, Value}; use crate::{api::secret::Secret, errors::RvError, rv_error_string}; +lazy_static! { + static ref UNDERSCORE_REGEX: Regex = Regex::new(r"_(\w)").unwrap(); +} + #[derive(Args)] #[group(required = false, multiple = true)] pub struct OutputOptions { @@ -133,8 +137,7 @@ pub fn convert_keys(value: &Value) -> Value { Value::Object(map) => { let mut new_map = Map::new(); for (key, value) in map { - let new_key = Regex::new(r"_(\w)") - .unwrap() + let new_key = UNDERSCORE_REGEX .replace_all(&key.to_string(), |caps: ®ex::Captures| { let captured_char = caps.get(1).unwrap().as_str(); format!(" {}", captured_char.to_ascii_uppercase()) diff --git a/src/cli/command/server.rs b/src/cli/command/server.rs index 7c7629bd..4b2e4072 100644 --- a/src/cli/command/server.rs +++ b/src/cli/command/server.rs @@ -117,7 +117,6 @@ impl Server { let log_file = std::fs::OpenOptions::new() .read(true) - .append(true) .create(true) .truncate(false) @@ -213,9 +212,7 @@ impl Server { } if listener.tls_require_and_verify_client_cert { - builder.set_verify_callback(SslVerifyMode::PEER | SslVerifyMode::FAIL_IF_NO_PEER_CERT, move |p, _x| { - p - }); + builder.set_verify_callback(SslVerifyMode::PEER | SslVerifyMode::FAIL_IF_NO_PEER_CERT, move |p, _x| p); if !listener.tls_client_ca_file.is_empty() { let mut store = X509StoreBuilder::new()?; diff --git a/src/cli/config.rs b/src/cli/config.rs index 046fb345..e0b8fb6f 100644 --- a/src/cli/config.rs +++ b/src/cli/config.rs @@ -262,18 +262,16 @@ fn load_config_dir(dir: &str) -> Result { let mut paths: Vec = Vec::new(); if let Ok(entries) = fs::read_dir(dir) { - for entry in entries { - if let Ok(entry) = entry { - let path = entry.path(); - if !path.is_file() { - continue; - } + for entry in entries.flatten() { + let path = entry.path(); + if !path.is_file() { + continue; + } - if let Some(ext) = path.extension() { - if ext == "hcl" || ext == "json" { - let filename = path.to_string_lossy().into_owned(); - paths.push(filename); - } + if let Some(ext) = path.extension() { + if ext == "hcl" || ext == "json" { + let filename = path.to_string_lossy().into_owned(); + paths.push(filename); } } } diff --git a/src/core.rs b/src/core.rs index 394873cb..ed590559 100644 --- a/src/core.rs +++ b/src/core.rs @@ -396,11 +396,7 @@ impl Core { // Perform initial setup self.hmac_key = self.barrier.derive_hmac_key()?; - self.mounts.load_or_default( - self.barrier.as_storage(), - Some(&self.hmac_key), - self.mount_entry_hmac_level, - )?; + self.mounts.load_or_default(self.barrier.as_storage(), Some(&self.hmac_key), self.mount_entry_hmac_level)?; self.setup_mounts()?; @@ -436,7 +432,9 @@ impl Core { } if err.is_none() { - if let Err(e) = self.handle_post_route_phase(&handlers, req, &mut resp).await { err = Some(e) } + if let Err(e) = self.handle_post_route_phase(&handlers, req, &mut resp).await { + err = Some(e) + } } } diff --git a/src/http/sys.rs b/src/http/sys.rs index 67b03a04..6ed1ea49 100644 --- a/src/http/sys.rs +++ b/src/http/sys.rs @@ -107,10 +107,8 @@ async fn sys_init_put_request_handler( let mut core = core.write()?; let result = core.init(&seal_config)?; - let resp = InitResponse { - keys: result.secret_shares.iter().map(hex::encode).collect(), - root_token: result.root_token, - }; + let resp = + InitResponse { keys: result.secret_shares.iter().map(hex::encode).collect(), root_token: result.root_token }; Ok(response_json_ok(None, resp)) } diff --git a/src/logical/field.rs b/src/logical/field.rs index d2368d38..eb8f2163 100644 --- a/src/logical/field.rs +++ b/src/logical/field.rs @@ -72,9 +72,7 @@ impl FieldTrait for Value { } if let Some(secs_str) = self.as_str() { - if secs_str.parse::().ok().is_some() { - return true; - } else if parse_duration(secs_str).is_ok() { + if secs_str.parse::().ok().is_some() || parse_duration(secs_str).is_ok() { return true; } } diff --git a/src/metrics/middleware.rs b/src/metrics/middleware.rs index 630c7bc1..b609dca8 100644 --- a/src/metrics/middleware.rs +++ b/src/metrics/middleware.rs @@ -36,7 +36,7 @@ pub async fn metrics_midleware( let path = req.path().to_string(); let method = match *req.method() { Method::GET => MetricsMethod::GET, - _ if req.method().to_string() == "LIST" => MetricsMethod::LIST, + _ if *req.method() == "LIST" => MetricsMethod::LIST, Method::POST => MetricsMethod::POST, Method::PUT => MetricsMethod::PUT, Method::DELETE => MetricsMethod::DELETE, diff --git a/src/modules/auth/mod.rs b/src/modules/auth/mod.rs index 0875a76a..f749c2b0 100644 --- a/src/modules/auth/mod.rs +++ b/src/modules/auth/mod.rs @@ -261,8 +261,7 @@ impl AuthModule { pub fn load_auth(&self, hmac_key: Option<&[u8]>, hmac_level: MountEntryHMACLevel) -> Result<(), RvError> { let router_store = self.router_store.read()?; - if router_store.mounts.load(self.barrier.as_storage(), AUTH_CONFIG_PATH, hmac_key, hmac_level).is_err() - { + if router_store.mounts.load(self.barrier.as_storage(), AUTH_CONFIG_PATH, hmac_key, hmac_level).is_err() { router_store.mounts.set_default(DEFAULT_AUTH_MOUNTS.to_vec(), hmac_key)?; router_store.mounts.persist(AUTH_CONFIG_PATH, self.barrier.as_storage())?; } diff --git a/src/modules/credential/approle/path_role.rs b/src/modules/credential/approle/path_role.rs index 4e976371..6780a52c 100644 --- a/src/modules/credential/approle/path_role.rs +++ b/src/modules/credential/approle/path_role.rs @@ -889,28 +889,29 @@ or 'secret_id_ttl' option on the role, and/or the backend mount's maximum TTL va } pub fn role_paths(&self) -> Vec { - let mut paths: Vec = Vec::with_capacity(21); - paths.push(self.role_path()); - paths.push(self.role_name_path()); - paths.push(self.role_policies_path()); - paths.push(self.role_local_secret_ids_path()); - paths.push(self.role_bound_cidr_list_path()); - paths.push(self.role_secret_id_bound_cidrs_path()); - paths.push(self.role_token_bound_cidrs_path()); - paths.push(self.role_bind_secret_id_path()); - paths.push(self.role_secret_id_num_uses_path()); - paths.push(self.role_secret_id_ttl_path()); - paths.push(self.role_period_path()); - paths.push(self.role_token_num_uses_path()); - paths.push(self.role_token_ttl_path()); - paths.push(self.role_token_max_ttl_path()); - paths.push(self.role_role_id_path()); - paths.push(self.role_secret_id_path()); - paths.push(self.role_secret_id_lookup_path()); - paths.push(self.role_secret_id_destroy_path()); - paths.push(self.role_secret_id_accessor_lookup_path()); - paths.push(self.role_secret_id_accessor_destroy_path()); - paths.push(self.role_custom_secret_id_path()); + let paths: Vec = vec![ + self.role_path(), + self.role_name_path(), + self.role_policies_path(), + self.role_local_secret_ids_path(), + self.role_bound_cidr_list_path(), + self.role_secret_id_bound_cidrs_path(), + self.role_token_bound_cidrs_path(), + self.role_bind_secret_id_path(), + self.role_secret_id_num_uses_path(), + self.role_secret_id_ttl_path(), + self.role_period_path(), + self.role_token_num_uses_path(), + self.role_token_ttl_path(), + self.role_token_max_ttl_path(), + self.role_role_id_path(), + self.role_secret_id_path(), + self.role_secret_id_lookup_path(), + self.role_secret_id_destroy_path(), + self.role_secret_id_accessor_lookup_path(), + self.role_secret_id_accessor_destroy_path(), + self.role_custom_secret_id_path(), + ]; paths } } @@ -1897,9 +1898,7 @@ impl AppRoleBackendInner { return Err(RvError::ErrResponse("num_uses cannot be negative".to_string())); } // If the specified num_uses is higher than the role's secret_id_num_uses, throw an error rather than implicitly overriding - if (num_uses == 0 && role.secret_id_num_uses > 0) - || (role.secret_id_num_uses > 0 && num_uses > role.secret_id_num_uses) - { + if role.secret_id_num_uses > 0 && (num_uses == 0 || num_uses > role.secret_id_num_uses) { return Err(RvError::ErrResponse( "num_uses cannot be higher than the role's secret_id_num_uses".to_string(), )); diff --git a/src/modules/policy/acl.rs b/src/modules/policy/acl.rs index 95415d50..4eb230dc 100644 --- a/src/modules/policy/acl.rs +++ b/src/modules/policy/acl.rs @@ -356,7 +356,10 @@ impl ACL { if bare_mount && i == path_parts.len() - 2 { let joined_path = segments.join("/") + "/"; - if joined_path.starts_with(path) && permissions.capabilities_bitmap & Capability::Deny.to_bits() == 0 && permissions.capabilities_bitmap > 0 { + if joined_path.starts_with(path) + && permissions.capabilities_bitmap & Capability::Deny.to_bits() == 0 + && permissions.capabilities_bitmap > 0 + { return Some(permissions.clone()); } skip = true; diff --git a/src/modules/policy/mod.rs b/src/modules/policy/mod.rs index f0080494..d65cbbf4 100644 --- a/src/modules/policy/mod.rs +++ b/src/modules/policy/mod.rs @@ -15,6 +15,7 @@ use crate::{ logical::{Backend, Request, Response}, }; +#[allow(clippy::module_inception)] pub mod policy; pub use policy::{Permissions, Policy, PolicyPathRules, PolicyType}; diff --git a/src/modules/policy/policy.rs b/src/modules/policy/policy.rs index 53e48d0c..ef4ced9f 100644 --- a/src/modules/policy/policy.rs +++ b/src/modules/policy/policy.rs @@ -400,7 +400,9 @@ impl Permissions { _ => return Ok(ret), }; - if self.capabilities_bitmap & cap.to_bits() == 0 && (req.operation != Operation::Write || self.capabilities_bitmap & Capability::Create.to_bits() == 0) { + if self.capabilities_bitmap & cap.to_bits() == 0 + && (req.operation != Operation::Write || self.capabilities_bitmap & Capability::Create.to_bits() == 0) + { return Ok(ret); } @@ -453,7 +455,7 @@ impl Permissions { return Ok(ret); } - if self.denied_parameters.get("*").is_some() { + if self.denied_parameters.contains_key("*") { return Ok(ret); } @@ -465,7 +467,7 @@ impl Permissions { } } - let allowed_all = self.allowed_parameters.get("*").is_some(); + let allowed_all = self.allowed_parameters.contains_key("*"); if self.allowed_parameters.is_empty() || (allowed_all && self.allowed_parameters.len() == 1) { ret.capabilities_bitmap = self.capabilities_bitmap; diff --git a/src/modules/policy/policy_store.rs b/src/modules/policy/policy_store.rs index 5ac7c115..424a5dcb 100644 --- a/src/modules/policy/policy_store.rs +++ b/src/modules/policy/policy_store.rs @@ -400,12 +400,8 @@ impl PolicyStore { keys.retain(|s| !NON_ASSIGNABLE_POLICIES.iter().any(|&x| s == x)); Ok(keys) } - PolicyType::Rgp | PolicyType::Egp => { - view.get_keys() - } - _ => { - Err(rv_error_string!("invalid type of policy")) - } + PolicyType::Rgp | PolicyType::Egp => view.get_keys(), + _ => Err(rv_error_string!("invalid type of policy")), } } diff --git a/src/mount.rs b/src/mount.rs index 3d967959..640e8253 100644 --- a/src/mount.rs +++ b/src/mount.rs @@ -112,8 +112,7 @@ impl MountEntry { let mut msg = format!("{}-{}-{}-{}", self.table, self.path, self.logical_type, self.description); if let Some(options) = &self.options { - let options_btree: BTreeMap = - options.iter().map(|(k, v)| (k.clone(), v.clone())).collect(); + let options_btree: BTreeMap = options.iter().map(|(k, v)| (k.clone(), v.clone())).collect(); for (key, value) in options_btree.iter() { msg = format!("{}-{}:{}", msg, key, value); } diff --git a/src/shamir.rs b/src/shamir.rs index d35d3aa9..34f3f9d2 100644 --- a/src/shamir.rs +++ b/src/shamir.rs @@ -283,15 +283,20 @@ impl ShamirSecret { fn add_polynomials(a: &[u8], b: &[u8]) -> Vec { let mut a = a.to_owned(); let mut b = b.to_owned(); - if a.len() < b.len() { - let mut t = vec![0; b.len() - a.len()]; - a.append(&mut t); - } else if a.len() > b.len() { - let mut t = vec![0; a.len() - b.len()]; - b.append(&mut t); + + match a.len().cmp(&b.len()) { + std::cmp::Ordering::Less => { + let mut t = vec![0; b.len() - a.len()]; + a.append(&mut t); + } + std::cmp::Ordering::Greater => { + let mut t = vec![0; a.len() - b.len()]; + b.append(&mut t); + } + std::cmp::Ordering::Equal => {} } - let mut results: Vec = vec![]; + let mut results: Vec = vec![]; for i in 0..a.len() { results.push(ShamirSecret::gf256_add(a[i], b[i])); } diff --git a/src/storage/physical/file.rs b/src/storage/physical/file.rs index a9e54458..f6058be6 100644 --- a/src/storage/physical/file.rs +++ b/src/storage/physical/file.rs @@ -41,8 +41,8 @@ impl Backend for FileBackend { for entry in entries { let entry = entry?; let name = entry.file_name().to_string_lossy().into_owned(); - if name.starts_with('_') { - names.push(name[1..].to_owned()); + if let Some(stripped) = name.strip_prefix('_') { + names.push(stripped.to_owned()); } else { names.push(name + "/"); } diff --git a/src/utils/kv_builder.rs b/src/utils/kv_builder.rs index ffbf9b45..27a9a04c 100644 --- a/src/utils/kv_builder.rs +++ b/src/utils/kv_builder.rs @@ -23,7 +23,7 @@ impl KvPairParse for Vec { let parsed_value = if value.starts_with('@') { // Read from file - let file_path = &value[1..]; + let file_path = value.strip_prefix('@').unwrap(); match fs::read_to_string(file_path) { Ok(content) => Value::String(content), Err(err) => { diff --git a/src/utils/policy.rs b/src/utils/policy.rs index 49530a7d..7dfc6612 100644 --- a/src/utils/policy.rs +++ b/src/utils/policy.rs @@ -46,11 +46,10 @@ pub fn sanitize_policies(policies: &mut Vec, add_default: bool) { // the "default" policy out of its comparisons as it may be added later by core // after a set of policies has been saved by a backend. pub fn equivalent_policies(a: &Vec, b: &Vec) -> bool { - if a.is_empty() && b.is_empty() { - return true; - } else if a.is_empty() && b.len() == 1 && b[0] == "default" { - return true; - } else if b.is_empty() && a.len() == 1 && a[0] == "default" { + if (a.is_empty() && b.is_empty()) + || (a.is_empty() && b.len() == 1 && b[0] == "default") + || (b.is_empty() && a.len() == 1 && a[0] == "default") + { return true; } else if a.is_empty() || b.is_empty() { return false;