-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathclippy.toml
More file actions
35 lines (32 loc) · 3.58 KB
/
clippy.toml
File metadata and controls
35 lines (32 loc) · 3.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
disallowed-methods = [
{ path = "chrono::offset::Utc::now", reason = "inject ClockProvider instead of calling Utc::now() directly", allow-invalid = true },
{ path = "std::time::SystemTime::now", reason = "inject ClockProvider instead of calling SystemTime::now() directly", allow-invalid = true },
{ path = "std::env::var", reason = "use EnvironmentConfig abstraction instead of reading env vars directly", allow-invalid = true },
{ path = "uuid::Uuid::new_v4", reason = "Use UuidProvider::new_id() instead. Inject SystemUuidProvider in production and DeterministicUuidProvider in tests." },
# === DID/newtype construction: prefer parse() for external input ===
{ path = "auths_verifier::types::IdentityDID::new_unchecked", reason = "Use IdentityDID::parse() for external input. Use #[allow(clippy::disallowed_methods)] with INVARIANT comment for proven-safe paths.", allow-invalid = true },
{ path = "auths_verifier::types::DeviceDID::new_unchecked", reason = "Use DeviceDID::parse() for external input. Use #[allow(clippy::disallowed_methods)] with INVARIANT comment for proven-safe paths.", allow-invalid = true },
{ path = "auths_verifier::types::CanonicalDid::new_unchecked", reason = "Use CanonicalDid::parse() for external input. Use #[allow(clippy::disallowed_methods)] with INVARIANT comment for proven-safe paths.", allow-invalid = true },
{ path = "auths_verifier::core::CommitOid::new_unchecked", reason = "Use CommitOid::parse() for external input. Use #[allow(clippy::disallowed_methods)] with INVARIANT comment for proven-safe paths.", allow-invalid = true },
{ path = "auths_verifier::core::PublicKeyHex::new_unchecked", reason = "Use PublicKeyHex::parse() for external input. Use #[allow(clippy::disallowed_methods)] with INVARIANT comment for proven-safe paths.", allow-invalid = true },
# === Curve-agnostic refactor (fn-114) — ban Ed25519-hardcoded APIs ===
# Removed in fn-114.40 cleanup after all sweeps complete.
{ path = "ring::signature::Ed25519KeyPair::from_pkcs8", reason = "use TypedSignerKey::from_pkcs8 — dispatches on curve.", allow-invalid = true },
{ path = "ring::signature::Ed25519KeyPair::from_seed_unchecked", reason = "use auths_crypto::sign(&TypedSeed, msg).", allow-invalid = true },
{ path = "ring::signature::Ed25519KeyPair::generate_pkcs8", reason = "use inception::generate_keypair_for_init(curve).", allow-invalid = true },
{ path = "ring::signature::UnparsedPublicKey::new", reason = "use DevicePublicKey::verify — dispatches on curve.", allow-invalid = true },
{ path = "auths_crypto::parse_ed25519_seed", reason = "use parse_key_material — returns TypedSeed.", allow-invalid = true },
{ path = "auths_crypto::parse_ed25519_key_material", reason = "use parse_key_material — returns TypedSeed.", allow-invalid = true },
# === fn-128.T6 RNG discipline: OsRng only for security-sensitive randomness ===
# See docs/security/rng-policy.md. `rand::random()` and `rand::thread_rng()`
# can delegate to non-syscall-backed RNGs depending on feature resolution;
# the sanctioned sources are `rand::rngs::OsRng`,
# `p256::elliptic_curve::rand_core::OsRng`, and `ring::rand::SystemRandom`.
{ path = "rand::thread_rng", reason = "use rand::rngs::OsRng for security-sensitive randomness; see docs/security/rng-policy.md", allow-invalid = true },
{ path = "rand::random", reason = "use rand::rngs::OsRng explicitly; rand::random() may delegate to thread_rng.", allow-invalid = true },
]
disallowed-types = [
{ path = "rand::rngs::ThreadRng", reason = "use rand::rngs::OsRng; see docs/security/rng-policy.md" },
]
allow-unwrap-in-tests = true
allow-expect-in-tests = true