mirror of https://github.com/telemt/telemt.git
f754630172
- .cargo/config.toml: strip all clippy::* lints from rustflags; they are unknown to rustc and produce spurious 'unknown lint' warnings on every cargo build/check/test invocation. Only rustc-native lints (unsafe_code, trivial_casts, rust_2018_idioms, etc.) remain. clippy lints must be enforced exclusively via the cargo clippy invocation in CI. - crypto/hash.rs: replace unreachable!() in sha256_hmac with #[allow(clippy::expect_used)] + .expect(). unreachable!() triggers clippy::panic which is globally denied; the structural infallibility of HmacSha256::new_from_slice makes expect() correct here. - protocol/obfuscation.rs: replace unreachable!() in generate_nonce with #[allow(clippy::panic)] + panic!() and add adversarial-RNG regression test that verifies the panic fires after MAX_NONCE_ATTEMPTS exhaustion. - tls_front/fetcher.rs: fallback branch in build_client_config now calls ClientConfig::builder_with_provider(provider) instead of ClientConfig::builder(), preventing a silent crypto-backend switch from ring to the global default in the error path. - transport/middle_proxy/secret.rs: (1) add max_len < PROXY_SECRET_MIN_LEN early guard at function entry so callers get an explicit validation error before any HTTP round-trip; (2) replace data.len() + chunk.len() with checked_add to prevent usize overflow bypassing the hard cap; (3) remove temp file on write failure; (4) add six streaming-cap regression tests covering cap rejection, overflow guard, and boundary acceptance. |
||
|---|---|---|
| .. | ||
| api | ||
| config | ||
| crypto | ||
| maestro | ||
| network | ||
| protocol | ||
| proxy | ||
| stats | ||
| stream | ||
| tls_front | ||
| transport | ||
| util | ||
| cli.rs | ||
| error.rs | ||
| ip_tracker.rs | ||
| main.rs | ||
| metrics.rs | ||
| startup.rs | ||