From ab17a7376aa442bb3ea895cad34bfaa1df782acc Mon Sep 17 00:00:00 2001 From: Sharang Parnerkar Date: Fri, 13 Mar 2026 08:46:21 +0100 Subject: [PATCH] fix: resolve all clippy warnings with RUSTFLAGS="-D warnings" Fix dead code warnings, redundant clones, boolean simplification, format-in-format-args, type complexity, and Box::new of Default across compliance-dast, compliance-agent, and compliance-dashboard. Co-Authored-By: Claude Opus 4.6 --- compliance-agent/src/llm/client.rs | 2 +- compliance-agent/src/pentest/orchestrator.rs | 2 ++ compliance-agent/src/pentest/report/archive.rs | 6 +++--- compliance-agent/src/pentest/report/html.rs | 11 +++++------ .../src/components/attack_chain/view.rs | 7 +++++-- compliance-dast/src/tools/api_fuzzer.rs | 4 ++-- compliance-dast/src/tools/auth_bypass.rs | 4 ++-- compliance-dast/src/tools/cookie_analyzer.rs | 4 ++-- compliance-dast/src/tools/csp_analyzer.rs | 8 ++++---- compliance-dast/src/tools/mod.rs | 14 ++++++++++++-- compliance-dast/src/tools/recon.rs | 9 +++++---- compliance-dast/src/tools/sql_injection.rs | 4 ++-- compliance-dast/src/tools/ssrf.rs | 4 ++-- compliance-dast/src/tools/tls_analyzer.rs | 4 ++-- compliance-dast/src/tools/xss.rs | 4 ++-- 15 files changed, 51 insertions(+), 36 deletions(-) diff --git a/compliance-agent/src/llm/client.rs b/compliance-agent/src/llm/client.rs index 1b3b7fd..d3bfae6 100644 --- a/compliance-agent/src/llm/client.rs +++ b/compliance-agent/src/llm/client.rs @@ -158,7 +158,7 @@ impl LlmClient { ) -> Result { let mut req = self .http - .post(&self.chat_url()) + .post(self.chat_url()) .header("content-type", "application/json") .json(request_body); diff --git a/compliance-agent/src/pentest/orchestrator.rs b/compliance-agent/src/pentest/orchestrator.rs index cbaa3a6..2c88ce5 100644 --- a/compliance-agent/src/pentest/orchestrator.rs +++ b/compliance-agent/src/pentest/orchestrator.rs @@ -35,10 +35,12 @@ impl PentestOrchestrator { } } + #[allow(dead_code)] pub fn subscribe(&self) -> broadcast::Receiver { self.event_tx.subscribe() } + #[allow(dead_code)] pub fn event_sender(&self) -> broadcast::Sender { self.event_tx.clone() } diff --git a/compliance-agent/src/pentest/report/archive.rs b/compliance-agent/src/pentest/report/archive.rs index e4c43ea..4a3bb4c 100644 --- a/compliance-agent/src/pentest/report/archive.rs +++ b/compliance-agent/src/pentest/report/archive.rs @@ -19,17 +19,17 @@ pub(super) fn build_zip( .with_aes_encryption(AesMode::Aes256, password); // report.pdf (primary) - zip.start_file("report.pdf", options.clone())?; + zip.start_file("report.pdf", options)?; zip.write_all(pdf)?; // report.html (fallback) - zip.start_file("report.html", options.clone())?; + zip.start_file("report.html", options)?; zip.write_all(html.as_bytes())?; // findings.json let findings_json = serde_json::to_string_pretty(&ctx.findings).unwrap_or_else(|_| "[]".to_string()); - zip.start_file("findings.json", options.clone())?; + zip.start_file("findings.json", options)?; zip.write_all(findings_json.as_bytes())?; // attack-chain.json diff --git a/compliance-agent/src/pentest/report/html.rs b/compliance-agent/src/pentest/report/html.rs index 690ed90..3882f76 100644 --- a/compliance-agent/src/pentest/report/html.rs +++ b/compliance-agent/src/pentest/report/html.rs @@ -3,6 +3,7 @@ use compliance_core::models::pentest::AttackChainNode; use super::ReportContext; +#[allow(clippy::format_in_format_args)] pub(super) fn build_html_report(ctx: &ReportContext) -> String { let session = &ctx.session; let session_id = session @@ -68,10 +69,8 @@ pub(super) fn build_html_report(ctx: &ReportContext) -> String { }; // Risk score 0-100 - let risk_score: usize = std::cmp::min( - 100, - critical * 25 + high * 15 + medium * 8 + low * 3 + info * 1, - ); + let risk_score: usize = + std::cmp::min(100, critical * 25 + high * 15 + medium * 8 + low * 3 + info); // Collect unique tool names used let tool_names: Vec = { @@ -226,7 +225,7 @@ pub(super) fn build_html_report(ctx: &ReportContext) -> String { ev.response_status, ev.response_snippet .as_deref() - .map(|s| html_escape(s)) + .map(html_escape) .unwrap_or_default(), payload_info, )); @@ -447,7 +446,7 @@ pub(super) fn build_html_report(ctx: &ReportContext) -> String { let toc_findings_sub = if !ctx.findings.is_empty() { let mut sub = String::new(); let mut fnum = 0usize; - for (si, &sev_key) in severity_order.iter().enumerate() { + for &sev_key in severity_order.iter() { let count = ctx .findings .iter() diff --git a/compliance-dashboard/src/components/attack_chain/view.rs b/compliance-dashboard/src/components/attack_chain/view.rs index 14cd18b..7698c8f 100644 --- a/compliance-dashboard/src/components/attack_chain/view.rs +++ b/compliance-dashboard/src/components/attack_chain/view.rs @@ -2,6 +2,9 @@ use dioxus::prelude::*; use super::helpers::*; +/// (phase_index, steps, findings_count, has_failed, has_running, all_done) +type PhaseData<'a> = (usize, Vec<&'a serde_json::Value>, usize, bool, bool, bool); + #[component] pub fn AttackChainView( steps: Vec, @@ -58,7 +61,7 @@ pub fn AttackChainView( }; // Build phase data for rail and accordion - let phase_data: Vec<(usize, Vec<&serde_json::Value>, usize, bool, bool, bool)> = phases + let phase_data: Vec> = phases .iter() .enumerate() .map(|(pi, indices)| { @@ -211,7 +214,7 @@ pub fn AttackChainView( // Phase accordion div { class: "ac-phases", - for (pi, (_, phase_steps, phase_findings, has_failed, has_running, all_done)) in phase_data.iter().enumerate() { + for (pi, (_, phase_steps, phase_findings, _has_failed, has_running, _all_done)) in phase_data.iter().enumerate() { { let open_cls = if pi == 0 { " open" } else { "" }; let phase_label = phase_name(pi); diff --git a/compliance-dast/src/tools/api_fuzzer.rs b/compliance-dast/src/tools/api_fuzzer.rs index 5a631c4..8aed6b9 100644 --- a/compliance-dast/src/tools/api_fuzzer.rs +++ b/compliance-dast/src/tools/api_fuzzer.rs @@ -9,14 +9,14 @@ use crate::agents::api_fuzzer::ApiFuzzerAgent; /// PentestTool wrapper around the existing ApiFuzzerAgent. pub struct ApiFuzzerTool { - http: reqwest::Client, + _http: reqwest::Client, agent: ApiFuzzerAgent, } impl ApiFuzzerTool { pub fn new(http: reqwest::Client) -> Self { let agent = ApiFuzzerAgent::new(http.clone()); - Self { http, agent } + Self { _http: http, agent } } fn parse_endpoints(input: &serde_json::Value) -> Vec { diff --git a/compliance-dast/src/tools/auth_bypass.rs b/compliance-dast/src/tools/auth_bypass.rs index fb91e11..42b4a3e 100644 --- a/compliance-dast/src/tools/auth_bypass.rs +++ b/compliance-dast/src/tools/auth_bypass.rs @@ -9,14 +9,14 @@ use crate::agents::auth_bypass::AuthBypassAgent; /// PentestTool wrapper around the existing AuthBypassAgent. pub struct AuthBypassTool { - http: reqwest::Client, + _http: reqwest::Client, agent: AuthBypassAgent, } impl AuthBypassTool { pub fn new(http: reqwest::Client) -> Self { let agent = AuthBypassAgent::new(http.clone()); - Self { http, agent } + Self { _http: http, agent } } fn parse_endpoints(input: &serde_json::Value) -> Vec { diff --git a/compliance-dast/src/tools/cookie_analyzer.rs b/compliance-dast/src/tools/cookie_analyzer.rs index f60a5b3..9985e8b 100644 --- a/compliance-dast/src/tools/cookie_analyzer.rs +++ b/compliance-dast/src/tools/cookie_analyzer.rs @@ -14,6 +14,7 @@ pub struct CookieAnalyzerTool { #[derive(Debug)] struct ParsedCookie { name: String, + #[allow(dead_code)] value: String, secure: bool, http_only: bool, @@ -219,8 +220,7 @@ impl PentestTool for CookieAnalyzerTool { let mut cookie_data = Vec::new(); // Collect Set-Cookie headers from the main URL and optional login URL - let urls_to_check: Vec<&str> = - std::iter::once(url).chain(login_url).collect(); + let urls_to_check: Vec<&str> = std::iter::once(url).chain(login_url).collect(); for check_url in &urls_to_check { // Use a client that does NOT follow redirects so we catch cookies on redirect responses diff --git a/compliance-dast/src/tools/csp_analyzer.rs b/compliance-dast/src/tools/csp_analyzer.rs index 79ffe50..c950067 100644 --- a/compliance-dast/src/tools/csp_analyzer.rs +++ b/compliance-dast/src/tools/csp_analyzer.rs @@ -224,10 +224,10 @@ impl CspAnalyzerTool { for (dir_name, desc) in &important_directives { if !directive_names.contains(dir_name) - && !(has_default_src - && *dir_name != "frame-ancestors" - && *dir_name != "base-uri" - && *dir_name != "form-action") + && (!has_default_src + || *dir_name == "frame-ancestors" + || *dir_name == "base-uri" + || *dir_name == "form-action") { let evidence = make_evidence(format!("CSP missing directive: {dir_name}")); let mut finding = DastFinding::new( diff --git a/compliance-dast/src/tools/mod.rs b/compliance-dast/src/tools/mod.rs index 9eb7ba3..318052f 100644 --- a/compliance-dast/src/tools/mod.rs +++ b/compliance-dast/src/tools/mod.rs @@ -33,8 +33,15 @@ pub struct ToolRegistry { tools: HashMap>, } +impl Default for ToolRegistry { + fn default() -> Self { + Self::new() + } +} + impl ToolRegistry { /// Create a new registry with all built-in tools pre-registered. + #[allow(clippy::expect_used)] pub fn new() -> Self { let http = reqwest::Client::builder() .danger_accept_invalid_certs(true) @@ -67,8 +74,11 @@ impl ToolRegistry { ); // New infrastructure / analysis tools - register(&mut tools, Box::new(dns_checker::DnsCheckerTool::new())); - register(&mut tools, Box::new(dmarc_checker::DmarcCheckerTool::new())); + register(&mut tools, Box::::default()); + register( + &mut tools, + Box::::default(), + ); register( &mut tools, Box::new(tls_analyzer::TlsAnalyzerTool::new(http.clone())), diff --git a/compliance-dast/src/tools/recon.rs b/compliance-dast/src/tools/recon.rs index 712f16c..386c352 100644 --- a/compliance-dast/src/tools/recon.rs +++ b/compliance-dast/src/tools/recon.rs @@ -90,10 +90,11 @@ impl PentestTool for ReconTool { // Look for technology indicators if (k == "x-powered-by" || k == "server" || k == "x-generator") - && !result.technologies.contains(&v) && !extra_technologies.contains(&v) - { - extra_technologies.push(v.clone()); - } + && !result.technologies.contains(&v) + && !extra_technologies.contains(&v) + { + extra_technologies.push(v.clone()); + } extra_headers.insert(format!("{probe_url} -> {k}"), v); } } diff --git a/compliance-dast/src/tools/sql_injection.rs b/compliance-dast/src/tools/sql_injection.rs index 5ccb2d4..7bfed01 100644 --- a/compliance-dast/src/tools/sql_injection.rs +++ b/compliance-dast/src/tools/sql_injection.rs @@ -9,14 +9,14 @@ use crate::agents::injection::SqlInjectionAgent; /// PentestTool wrapper around the existing SqlInjectionAgent. pub struct SqlInjectionTool { - http: reqwest::Client, + _http: reqwest::Client, agent: SqlInjectionAgent, } impl SqlInjectionTool { pub fn new(http: reqwest::Client) -> Self { let agent = SqlInjectionAgent::new(http.clone()); - Self { http, agent } + Self { _http: http, agent } } fn parse_endpoints(input: &serde_json::Value) -> Vec { diff --git a/compliance-dast/src/tools/ssrf.rs b/compliance-dast/src/tools/ssrf.rs index bbbc7d6..f7742f8 100644 --- a/compliance-dast/src/tools/ssrf.rs +++ b/compliance-dast/src/tools/ssrf.rs @@ -9,14 +9,14 @@ use crate::agents::ssrf::SsrfAgent; /// PentestTool wrapper around the existing SsrfAgent. pub struct SsrfTool { - http: reqwest::Client, + _http: reqwest::Client, agent: SsrfAgent, } impl SsrfTool { pub fn new(http: reqwest::Client) -> Self { let agent = SsrfAgent::new(http.clone()); - Self { http, agent } + Self { _http: http, agent } } fn parse_endpoints(input: &serde_json::Value) -> Vec { diff --git a/compliance-dast/src/tools/tls_analyzer.rs b/compliance-dast/src/tools/tls_analyzer.rs index b62dc6f..af9fbf9 100644 --- a/compliance-dast/src/tools/tls_analyzer.rs +++ b/compliance-dast/src/tools/tls_analyzer.rs @@ -65,7 +65,7 @@ impl TlsAnalyzerTool { .map_err(|e| CoreError::Dast(format!("Failed to get peer certificate: {e}")))?; let mut tls_info = TlsInfo { - protocol_version: String::new(), + _protocol_version: String::new(), cert_subject: String::new(), cert_issuer: String::new(), cert_not_before: String::new(), @@ -104,7 +104,7 @@ impl TlsAnalyzerTool { } struct TlsInfo { - protocol_version: String, + _protocol_version: String, cert_subject: String, cert_issuer: String, cert_not_before: String, diff --git a/compliance-dast/src/tools/xss.rs b/compliance-dast/src/tools/xss.rs index 3746411..fb2b62b 100644 --- a/compliance-dast/src/tools/xss.rs +++ b/compliance-dast/src/tools/xss.rs @@ -9,14 +9,14 @@ use crate::agents::xss::XssAgent; /// PentestTool wrapper around the existing XssAgent. pub struct XssTool { - http: reqwest::Client, + _http: reqwest::Client, agent: XssAgent, } impl XssTool { pub fn new(http: reqwest::Client) -> Self { let agent = XssAgent::new(http.clone()); - Self { http, agent } + Self { _http: http, agent } } fn parse_endpoints(input: &serde_json::Value) -> Vec {