Fix deferred codebase review items#105
Merged
gvonness-apolitical merged 7 commits intomainfrom Mar 13, 2026
Merged
Conversation
Codecov Report❌ Patch coverage is 📢 Thoughts on this report? Let us know! |
Correctness: clear stale security ref on write, map ZIP errors properly, improve lineage error message. Consistency: update modified timestamp in extension/encryption mutation methods and the define_extension_accessors macro. Security: add zeroize for encryptor keys and PBES2/ML-DSA secrets, enforce PBKDF2 iteration bounds (10k-10M), fix permissions_for to check specific grants before Everyone wildcard. Validation: validate subfigure blocks and IDs, clamp heading level to 1-6 on deserialization, add PartialDate month/day validation. CLI: fix misleading decrypt message, return non-zero exit from unimplemented commands, replace process::exit with bail, fix truncate_token UTF-8 safety. API: implement recursive get_mut for CommentThread replies, add merge_styles regression test covering all Style fields, fix OTS verify to return valid=false and Ethereum offline hash_matches=false. Breaking: Pbes2KeyWrapper::new now returns Result.
Codebase review inline fixes that were applied during the review session itself: - Add signature_error() helper and switch 7 security modules from invalid_manifest() to the correct SignatureError variant - Revocation checker: propagate OCSP/CRL errors instead of silently falling through - Encrypt command: warn that content-level encryption is not yet implemented - matches_document: update doc to clarify it only checks token presence, not cryptographic validity - Minor fixes in archive, validation, and writer modules
- Bump cdx-core and cdx-cli from 0.7.0 to 0.7.1 - Add 0.7.1 changelog entry with all fixes from this PR - Update SECURITY.md to support >= 0.7.1 only - Fix README.md install example (was 0.4, now 0.7)
- Commit Cargo.lock to pin dependency resolution (fixes hkdf/hmac pre-release incompatibility when resolved fresh on CI) - Remove Cargo.lock from .gitignore - Apply rustfmt formatting - Gate freeze lineage test on signatures feature (test needs a signature to pass the earlier check before reaching lineage)
- Downgrade cargo-deny yanked policy to "warn" — RustCrypto RC ecosystem has transiently yanked digest/cipher/crypto-common and non-yanked replacements break downstream crates - Fix doc link syntax for try_year_month and try_full (Self:: prefix) - Update Cargo.lock
gvonness-apolitical
force-pushed
the
fix/deferred-review-items
branch
from
4b08c6f to
ed09d39
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
modifiedtimestamp in all document mutation paths (extension macro, encryption setters)zeroizefor encryptor keys and PBES2/ML-DSA secrets, enforce PBKDF2 iteration bounds (10k–10M), fixpermissions_forto check specific grants beforeEveryonewildcardPartialDatemonth/day validation with fallible constructorsprocess::exit(1)withbail!, fixtruncate_tokenUTF-8 safetyget_mutforCommentThreadreplies, addmerge_stylesregression test covering allStylefields, fix OTS verifyvalidand Ethereum offlinehash_matchestofalseinvalid_manifest→SignatureError), propagate revocation checker errors, encrypt command stub warning,matches_documentdoc fixBreaking change
Pbes2KeyWrapper::newnow returnsResult(validates iteration bounds).Test plan
cargo build --workspace --all-featurescargo test --workspace --all-features— 1082 tests passcargo clippy --workspace --all-features -- -D warnings