Clippy

Cargo.toml

@@ -1,7 +1,26 @@
 [workspace]
+resolver = "2"
 members = [
     "security-framework-sys",
     "security-framework",
     "iostest",
     "systest"
 ]
+
+[workspace.lints.clippy]
+pedantic = { level = "warn", priority = -100 }
+cast_possible_truncation = "allow"
+cast_possible_wrap = "allow"
+cast_sign_loss = "allow"
+if_not_else = "allow"
+inline_always = "allow"
+items_after_statements = "allow"
+iter_not_returning_iterator = "allow"
+map_unwrap_or = "allow"
+missing_errors_doc = "allow"
+missing_panics_doc = "allow"
+module_name_repetitions = "allow"
+redundant_closure_for_method_calls = "allow"
+similar_names = "allow"
+unnested_or_patterns = "allow"
+wildcard_imports = "allow"

iostest/Cargo.toml

@@ -18,3 +18,6 @@ serial_test = "2.0.0"
 
 [package.metadata.release]
 release = false
+
+[lints]
+workspace = true

iostest/src/lib.rs

@@ -10,8 +10,7 @@
 //! linked and used for testing.
 
 use security_framework::passwords::{
-    delete_generic_password, delete_internet_password,
-    get_generic_password, get_internet_password,
+    delete_generic_password, delete_internet_password, get_generic_password, get_internet_password,
     set_generic_password, set_internet_password,
 };
 use security_framework_sys::base::errSecItemNotFound;

security-framework-sys/Cargo.toml

@@ -30,3 +30,6 @@ targets = ["x86_64-apple-darwin", "aarch64-apple-ios"]
 
 [badges]
 maintenance = { status = "looking-for-maintainer" }
+
+[lints]
+workspace = true

security-framework/Cargo.toml

@@ -48,6 +48,9 @@ OSX_10_15 = ["OSX_10_14", "security-framework-sys/OSX_10_15"]
 
 nightly = [] # not used, doesn't do anything, only for back compat
 
+[lints]
+workspace = true
+
 [[example]]
 name = "client"
 

security-framework/examples/find_internet_password.rs

@@ -29,8 +29,7 @@ fn main() {
             eprintln!("Account was found in the Keychain, but user denied access");
         }
         Err(err) => {
-            eprintln!("Password not found. Open Keychain Access.app and add internet password for '{}' at 'https://{}': {:?}",
-                username, hostname, err);
+            eprintln!("Password not found. Open Keychain Access.app and add internet password for '{username}' at 'https://{hostname}': {err:?}");
         }
     }
 }}

security-framework/examples/set_internet_password.rs

@@ -20,14 +20,13 @@ fn main() {
         password,
     );
     match res {
-        Ok(_) => {
+        Ok(()) => {
             println!(
-                "Password set for {}@{}. You can read it using find_internet_password example",
-                username, hostname
+                "Password set for {username}@{hostname}. You can read it using find_internet_password example"
             );
         }
         Err(err) => {
-            eprintln!("Could not set password: {:?}", err);
+            eprintln!("Could not set password: {err:?}");
         }
     }
 }}

security-framework/src/authorization.rs

@@ -6,6 +6,7 @@
 ///   arguments.
 /// * `AuthorizationCopyRightsAsync`
 /// * Provide constants for well known item names
+
 use crate::base::{Error, Result};
 #[cfg(all(target_os = "macos", feature = "job-bless"))]
 use core_foundation::base::Boolean;
@@ -19,13 +20,12 @@ use core_foundation::error::CFErrorRef;
 use core_foundation::string::{CFString, CFStringRef};
 use security_framework_sys::authorization as sys;
 use security_framework_sys::base::errSecConversionError;
-use std::convert::TryFrom;
 use std::ffi::{CStr, CString};
 use std::fs::File;
 use std::mem::MaybeUninit;
 use std::os::raw::c_void;
 use std::ptr::addr_of;
-use std::{convert::TryInto, marker::PhantomData};
+use std::marker::PhantomData;
 use sys::AuthorizationExternalForm;
 
 macro_rules! optional_str_to_cfref {
@@ -280,7 +280,7 @@ impl TryFrom<AuthorizationExternalForm> for Authorization {
 
         let auth = Authorization {
             handle: unsafe { handle.assume_init() },
-            free_flags: Default::default(),
+            free_flags: Flags::default(),
         };
 
         Ok(auth)
@@ -291,6 +291,7 @@ impl Authorization {
     /// Creates an authorization object which has no environment or associated
     /// rights.
     #[inline]
+    #[allow(clippy::should_implement_trait)]
     pub fn default() -> Result<Self> {
         Self::new(None, None, Default::default())
     }
@@ -305,6 +306,7 @@ impl Authorization {
     /// icon or prompt data to be used in the authentication dialog box. In
     /// macOS 10.4 and later, you can also pass a user name and password in
     /// order to authorize a user without user interaction.
+    #[allow(clippy::unnecessary_cast)]
     pub fn new(
         // FIXME: this should have been by reference
         rights: Option<AuthorizationItemSetStorage>,
@@ -687,14 +689,8 @@ mod tests {
 
     fn create_credentials_env() -> Result<AuthorizationItemSetStorage> {
         let set = AuthorizationItemSetBuilder::new()
-            .add_string(
-                "username",
-                option_env!("USER").expect("You must set the USER environment variable"),
-            )?
-            .add_string(
-                "password",
-                option_env!("PASSWORD").expect("You must set the PASSWORD environment varible"),
-            )?
+            .add_string("username", std::env::var("USER").expect("You must set the USER environment variable"))?
+            .add_string("password", std::env::var("PASSWORD").expect("You must set the PASSWORD environment varible"))?
             .build();
 
         Ok(set)
@@ -721,7 +717,7 @@ mod tests {
 
     #[test]
     fn test_create_authorization_with_credentials() -> Result<()> {
-        if option_env!("PASSWORD").is_none() {
+        if std::env::var_os("PASSWORD").is_none() {
             return Ok(());
         }
 
@@ -755,7 +751,7 @@ mod tests {
     /// This test will only pass if its process has a valid code signature.
     #[test]
     fn test_modify_authorization_database() -> Result<()> {
-        if option_env!("PASSWORD").is_none() {
+        if std::env::var_os("PASSWORD").is_none() {
             return Ok(());
         }
 
@@ -790,7 +786,7 @@ mod tests {
     /// This test will succeed if authorization popup is approved.
     #[test]
     fn test_execute_with_privileges() -> Result<()> {
-        if option_env!("PASSWORD").is_none() {
+        if std::env::var_os("PASSWORD").is_none() {
             return Ok(());
         }
 

security-framework/src/base.rs

@@ -78,7 +78,7 @@ impl fmt::Display for Error {
     #[cold]
     fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
         if let Some(message) = self.message() {
-            write!(fmt, "{}", message)
+            write!(fmt, "{message}")
         } else {
             write!(fmt, "error code {}", self.code())
         }

security-framework/src/item.rs

@@ -171,7 +171,7 @@ impl ItemSearchOptions {
     }
 
     /// Search only for keys of the specified class. Also sets self.class to
-    /// ItemClass::key().
+    /// `ItemClass::key()`.
     #[inline(always)]
     pub fn key_class(&mut self, key_class: KeyClass) -> &mut Self {
         self.class(ItemClass::key());
@@ -427,7 +427,7 @@ unsafe fn get_item(item: CFTypeRef) -> SearchResult {
     } else if type_id == SecIdentity::type_id() {
         Reference::Identity(SecIdentity::wrap_under_get_rule(item as *mut _))
     } else {
-        panic!("Got bad type from SecItemCopyMatching: {}", type_id);
+        panic!("Got bad type from SecItemCopyMatching: {type_id}");
     };
 
     SearchResult::Ref(reference)
@@ -519,7 +519,7 @@ impl SearchResult {
                         ),
                         _ => String::from("unknown"),
                     };
-                    retmap.insert(format!("{}", keycfstr), val);
+                    retmap.insert(format!("{keycfstr}"), val);
                 }
                 Some(retmap)
             },
@@ -617,11 +617,11 @@ pub enum ItemAddValue {
 
 /// Type of Ref to add to the keychain.
 pub enum AddRef {
-    /// SecKey
+    /// `SecKey`
     Key(SecKey),
-    /// SecIdentity
+    /// `SecIdentity`
     Identity(SecIdentity),
-    /// SecCertificate
+    /// `SecCertificate`
     Certificate(SecCertificate),
 }
 

security-framework/src/lib.rs

@@ -2,6 +2,7 @@
 #![warn(missing_docs)]
 #![allow(non_upper_case_globals)]
 #![allow(clippy::manual_non_exhaustive)] // MSRV
+#![allow(clippy::bad_bit_mask)] // bitflags
 
 #[macro_use]
 extern crate core_foundation;

security-framework/src/os/macos/certificate.rs

@@ -8,7 +8,6 @@ use core_foundation::dictionary::CFDictionary;
 use core_foundation::error::CFError;
 use core_foundation::string::CFString;
 use security_framework_sys::certificate::*;
-use std::convert::TryInto;
 use std::os::raw::c_void;
 use std::ptr;
 

security-framework/src/os/macos/code_signing.rs

@@ -443,7 +443,7 @@ mod test {
             task_info(
                 mach_task_self(),
                 TASK_AUDIT_TOKEN,
-                token.as_mut_ptr() as *mut c_void,
+                token.as_mut_ptr().cast::<c_void>(),
                 &mut token_len,
             )
         };

security-framework/src/os/macos/digest_transform.rs

@@ -8,7 +8,7 @@ use core_foundation_sys::base::CFTypeRef;
 use core_foundation_sys::data::CFDataRef;
 use core_foundation_sys::string::CFStringRef;
 use security_framework_sys::digest_transform::*;
-use security_framework_sys::transform::*;
+use security_framework_sys::transform::kSecTransformInputAttributeName;
 use std::ptr;
 
 use crate::os::macos::transform::SecTransform;

security-framework/src/os/macos/encrypt_transform.rs

@@ -7,7 +7,7 @@ use core_foundation::string::CFString;
 use core_foundation_sys::data::CFDataRef;
 use core_foundation_sys::string::CFStringRef;
 use security_framework_sys::encrypt_transform::*;
-use security_framework_sys::transform::*;
+use security_framework_sys::transform::kSecTransformInputAttributeName;
 use std::ptr;
 
 use crate::key::SecKey;

security-framework/src/os/macos/identity.rs

@@ -30,7 +30,7 @@ impl SecIdentityExt for SecIdentity {
         unsafe {
             let mut identity = ptr::null_mut();
             cvt(SecIdentityCreateWithCertificate(
-                if keychains.len() > 0 {keychains.as_CFTypeRef()} else {ptr::null()},
+                if !keychains.is_empty() {keychains.as_CFTypeRef()} else {ptr::null()},
                 certificate.as_concrete_TypeRef(),
                 &mut identity,
             ))?;

security-framework/src/os/macos/import_export.rs

@@ -215,7 +215,7 @@ impl<'a> ImportOptions<'a> {
                             .keys
                             .push(SecKey::wrap_under_get_rule(item.as_CFTypeRef() as *mut _));
                     } else {
-                        panic!("Got bad type from SecItemImport: {}", type_id);
+                        panic!("Got bad type from SecItemImport: {type_id}");
                     }
                 }
             }

security-framework/src/os/macos/keychain.rs

@@ -28,6 +28,7 @@ impl SecKeychain {
     /// Creates a `SecKeychain` object corresponding to the user's default
     /// keychain.
     #[inline]
+    #[allow(clippy::should_implement_trait)]
     pub fn default() -> Result<Self> {
         unsafe {
             let mut keychain = ptr::null_mut();
@@ -74,7 +75,7 @@ impl SecKeychain {
                 self.as_concrete_TypeRef(),
                 len as u32,
                 ptr,
-                use_password as Boolean,
+                Boolean::from(use_password),
             ))
         }
     }
@@ -178,7 +179,7 @@ impl CreateOptions {
                 path_name.as_ptr(),
                 password_len,
                 password,
-                self.prompt_user as Boolean,
+                Boolean::from(self.prompt_user),
                 access,
                 &mut keychain,
             ))?;
@@ -209,7 +210,7 @@ impl KeychainSettings {
     /// Defaults to `false`.
     #[inline(always)]
     pub fn set_lock_on_sleep(&mut self, lock_on_sleep: bool) {
-        self.0.lockOnSleep = lock_on_sleep as Boolean;
+        self.0.lockOnSleep = Boolean::from(lock_on_sleep);
     }
 
     /// Sets the interval of time in seconds after which the keychain is

security-framework/src/os/macos/mod.rs

@@ -26,7 +26,7 @@ pub mod test {
     use std::io::prelude::*;
     use std::path::Path;
 
-    pub fn identity(dir: &Path) -> SecIdentity {
+    #[must_use] pub fn identity(dir: &Path) -> SecIdentity {
         // FIXME https://github.com/rust-lang/rust/issues/30018
         let keychain = keychain(dir);
         let mut items = p!(ItemSearchOptions::new()
@@ -39,7 +39,7 @@ pub mod test {
         }
     }
 
-    pub fn keychain(dir: &Path) -> SecKeychain {
+    #[must_use] pub fn keychain(dir: &Path) -> SecKeychain {
         let path = dir.join("server.keychain");
         let mut file = p!(File::create(&path));
         p!(file.write_all(include_bytes!("../../../test/server.keychain")));