fix: clippy

Author: bordumb

crates/cargo-capsec/src/cross_crate.rs

@@ -75,7 +75,12 @@ mod tests {
     fn single_export_map() {
         let map = make_export_map(
             "reqwest",
-            vec![("reqwest::get", Category::Net, Risk::High, "TcpStream::connect")],
+            vec![(
+                "reqwest::get",
+                Category::Net,
+                Risk::High,
+                "TcpStream::connect",
+            )],
         );
         let customs = export_map_to_custom_authorities(&[map]);
         assert_eq!(customs.len(), 1);
@@ -90,8 +95,18 @@ mod tests {
         let map = make_export_map(
             "tokio",
             vec![
-                ("tokio::fs::read", Category::Fs, Risk::Medium, "std::fs::read"),
-                ("tokio::net::connect", Category::Net, Risk::High, "TcpStream::connect"),
+                (
+                    "tokio::fs::read",
+                    Category::Fs,
+                    Risk::Medium,
+                    "std::fs::read",
+                ),
+                (
+                    "tokio::net::connect",
+                    Category::Net,
+                    Risk::High,
+                    "TcpStream::connect",
+                ),
             ],
         );
         let customs = export_map_to_custom_authorities(&[map]);
@@ -102,11 +117,21 @@ mod tests {
     fn multiple_crates() {
         let map1 = make_export_map(
             "reqwest",
-            vec![("reqwest::get", Category::Net, Risk::High, "TcpStream::connect")],
+            vec![(
+                "reqwest::get",
+                Category::Net,
+                Risk::High,
+                "TcpStream::connect",
+            )],
         );
         let map2 = make_export_map(
             "rusqlite",
-            vec![("rusqlite::execute", Category::Ffi, Risk::High, "extern sqlite3_exec")],
+            vec![(
+                "rusqlite::execute",
+                Category::Ffi,
+                Risk::High,
+                "extern sqlite3_exec",
+            )],
         );
         let customs = export_map_to_custom_authorities(&[map1, map2]);
         assert_eq!(customs.len(), 2);
@@ -133,7 +158,12 @@ mod tests {
     fn path_segments_split_correctly() {
         let map = make_export_map(
             "reqwest",
-            vec![("reqwest::blocking::client::get", Category::Net, Risk::High, "connect")],
+            vec![(
+                "reqwest::blocking::client::get",
+                Category::Net,
+                Risk::High,
+                "connect",
+            )],
         );
         let customs = export_map_to_custom_authorities(&[map]);
         assert_eq!(

crates/cargo-capsec/src/detector.rs

@@ -266,8 +266,9 @@ impl Detector {
             // (sqlite3_exec()) and qualified calls (raw::git_repository_open()).
             if !extern_fn_names.is_empty() {
                 for (call, expanded) in func.calls.iter().zip(expanded_calls.iter()) {
-                    if let Some(last_seg) = expanded.last() {
-                        if extern_fn_names.contains(last_seg.as_str()) {
+                    if let Some(last_seg) = expanded.last()
+                        && extern_fn_names.contains(last_seg.as_str())
+                    {
                             let deny_violation =
                                 is_category_denied(&effective_deny, &Category::Ffi);
                             findings.push(Finding {
@@ -285,10 +286,7 @@ impl Detector {
                                     Risk::High
                                 },
                                 description: if deny_violation {
-                                    format!(
-                                        "DENY VIOLATION: Calls FFI function {}()",
-                                        last_seg
-                                    )
+                                    format!("DENY VIOLATION: Calls FFI function {}()", last_seg)
                                 } else {
                                     format!("Calls FFI function {}()", last_seg)
                                 },
@@ -298,7 +296,6 @@ impl Detector {
                                 is_deny_violation: deny_violation,
                                 is_transitive: false,
                             });
-                        }
                     }
                 }
             }
@@ -1299,8 +1296,14 @@ mod tests {
         let findings = detector.analyse(&parsed, "test-crate", "0.1.0", &[]);
         let extern_finding = findings.iter().find(|f| f.subcategory == "extern");
         let call_finding = findings.iter().find(|f| f.subcategory == "ffi_call");
-        assert!(extern_finding.is_some(), "Extern block finding should exist");
-        assert!(call_finding.is_some(), "Call-site FFI finding should also exist");
+        assert!(
+            extern_finding.is_some(),
+            "Extern block finding should exist"
+        );
+        assert!(
+            call_finding.is_some(),
+            "Call-site FFI finding should also exist"
+        );
     }
 
     #[test]

crates/cargo-capsec/src/discovery.rs

@@ -58,6 +58,7 @@ struct Package {
 #[derive(Deserialize)]
 struct Target {
     kind: Vec<String>,
+    #[allow(dead_code)]
     name: String,
     #[allow(dead_code)]
     src_path: String,
@@ -124,13 +125,16 @@ pub fn normalize_crate_name(name: &str) -> String {
 
 /// Returns true if a package is a proc-macro crate (compile-time code, not runtime).
 fn is_proc_macro(pkg: &Package) -> bool {
-    pkg.targets.iter().any(|t| t.kind.contains(&"proc-macro".to_string()))
+    pkg.targets
+        .iter()
+        .any(|t| t.kind.contains(&"proc-macro".to_string()))
 }
 
 /// Information about a dependency edge in the resolved graph.
 #[derive(Debug, Clone)]
 pub struct DepEdge {
     /// Normalized extern crate name (underscored, handles renames).
+    #[allow(dead_code)]
     pub extern_name: String,
     /// Package ID of the dependency.
     pub pkg_id: String,
@@ -141,9 +145,7 @@ pub struct DepEdge {
 ///
 /// Returns `Err` if a cycle is detected (should not happen in a valid Cargo graph
 /// with dev-deps removed, but handled gracefully).
-pub fn topological_order(
-    resolve: &[(String, Vec<DepEdge>)],
-) -> Result<Vec<String>, String> {
+pub fn topological_order(resolve: &[(String, Vec<DepEdge>)]) -> Result<Vec<String>, String> {
     let num_nodes = resolve.len();
 
     // Build index: pkg_id -> index
@@ -252,7 +254,9 @@ pub fn extract_dep_graph(
             .iter()
             .filter(|d| {
                 // Exclude dev-dependencies (can create cycles).
-                !d.dep_kinds.iter().all(|dk| dk.kind.as_deref() == Some("dev"))
+                !d.dep_kinds
+                    .iter()
+                    .all(|dk| dk.kind.as_deref() == Some("dev"))
             })
             .filter(|d| !proc_macro_ids.contains(d.pkg.as_str()))
             .map(|d| DepEdge {
@@ -503,12 +507,7 @@ mod tests {
         // b   c
         //  \ /
         //   d
-        let graph = make_graph(&[
-            ("a", &["b", "c"]),
-            ("b", &["d"]),
-            ("c", &["d"]),
-            ("d", &[]),
-        ]);
+        let graph = make_graph(&[("a", &["b", "c"]), ("b", &["d"]), ("c", &["d"]), ("d", &[])]);
         let order = topological_order(&graph).unwrap();
         let pos = |id: &str| order.iter().position(|x| x == id).unwrap();
         assert!(pos("d") < pos("b"));

crates/cargo-capsec/src/export_map.rs

@@ -51,10 +51,7 @@ pub fn file_to_module_path(file_path: &str, src_dir: &Path) -> Vec<String> {
         .strip_prefix(src_dir)
         .unwrap_or(Path::new(file_path));
 
-    let stem = relative
-        .file_stem()
-        .unwrap_or_default()
-        .to_string_lossy();
+    let stem = relative.file_stem().unwrap_or_default().to_string_lossy();
 
     let mut parts: Vec<String> = relative
         .parent()
@@ -176,11 +173,7 @@ pub fn add_extern_exports(
                 // Short form: crate::fn_name (for crate-scoped matching)
                 let short_key = format!("{crate_name}::{fn_name}");
                 if short_key != key {
-                    export_map
-                        .exports
-                        .entry(short_key)
-                        .or_default()
-                        .push(auth);
+                    export_map.exports.entry(short_key).or_default().push(auth);
                 }
             }
         }
@@ -282,17 +275,26 @@ mod tests {
 
     #[test]
     fn file_to_module_path_lib() {
-        assert_eq!(file_to_module_path("src/lib.rs", Path::new("src")), Vec::<String>::new());
+        assert_eq!(
+            file_to_module_path("src/lib.rs", Path::new("src")),
+            Vec::<String>::new()
+        );
     }
 
     #[test]
     fn file_to_module_path_main() {
-        assert_eq!(file_to_module_path("src/main.rs", Path::new("src")), Vec::<String>::new());
+        assert_eq!(
+            file_to_module_path("src/main.rs", Path::new("src")),
+            Vec::<String>::new()
+        );
     }
 
     #[test]
     fn file_to_module_path_simple_module() {
-        assert_eq!(file_to_module_path("src/fs.rs", Path::new("src")), vec!["fs"]);
+        assert_eq!(
+            file_to_module_path("src/fs.rs", Path::new("src")),
+            vec!["fs"]
+        );
     }
 
     #[test]
@@ -305,12 +307,21 @@ mod tests {
 
     #[test]
     fn file_to_module_path_mod_rs() {
-        assert_eq!(file_to_module_path("src/fs/mod.rs", Path::new("src")), vec!["fs"]);
+        assert_eq!(
+            file_to_module_path("src/fs/mod.rs", Path::new("src")),
+            vec!["fs"]
+        );
     }
 
     #[test]
     fn build_export_map_basic() {
-        let findings = vec![make_finding("src/lib.rs", "read_file", "std::fs::read", Category::Fs, false)];
+        let findings = vec![make_finding(
+            "src/lib.rs",
+            "read_file",
+            "std::fs::read",
+            Category::Fs,
+            false,
+        )];
         let map = build_export_map("my_crate", "1.0.0", &findings, Path::new("src"));
         assert!(map.exports.contains_key("my_crate::read_file"));
         let auths = &map.exports["my_crate::read_file"];
@@ -321,7 +332,13 @@ mod tests {
     #[test]
     fn build_export_map_excludes_build_script() {
         let findings = vec![
-            make_finding("src/lib.rs", "read_file", "std::fs::read", Category::Fs, false),
+            make_finding(
+                "src/lib.rs",
+                "read_file",
+                "std::fs::read",
+                Category::Fs,
+                false,
+            ),
             make_finding("build.rs", "main", "std::env::var", Category::Env, true),
         ];
         let map = build_export_map("my_crate", "1.0.0", &findings, Path::new("src"));
@@ -346,7 +363,13 @@ mod tests {
     fn build_export_map_multiple_findings_same_function() {
         let findings = vec![
             make_finding("src/lib.rs", "mixed", "std::fs::read", Category::Fs, false),
-            make_finding("src/lib.rs", "mixed", "TcpStream::connect", Category::Net, false),
+            make_finding(
+                "src/lib.rs",
+                "mixed",
+                "TcpStream::connect",
+                Category::Net,
+                false,
+            ),
         ];
         let map = build_export_map("my_crate", "1.0.0", &findings, Path::new("src"));
         let auths = &map.exports["my_crate::mixed"];
@@ -361,7 +384,13 @@ mod tests {
 
     #[test]
     fn cached_export_map_round_trip() {
-        let findings = vec![make_finding("src/lib.rs", "read_file", "std::fs::read", Category::Fs, false)];
+        let findings = vec![make_finding(
+            "src/lib.rs",
+            "read_file",
+            "std::fs::read",
+            Category::Fs,
+            false,
+        )];
         let export_map = build_export_map("my_crate", "1.0.0", &findings, Path::new("src"));
         let cached = CachedExportMap {
             schema_version: EXPORT_MAP_SCHEMA_VERSION,
@@ -371,6 +400,11 @@ mod tests {
         let loaded: CachedExportMap = serde_json::from_str(&json).unwrap();
         assert_eq!(loaded.schema_version, EXPORT_MAP_SCHEMA_VERSION);
         assert_eq!(loaded.export_map.crate_name, "my_crate");
-        assert!(loaded.export_map.exports.contains_key("my_crate::read_file"));
+        assert!(
+            loaded
+                .export_map
+                .exports
+                .contains_key("my_crate::read_file")
+        );
     }
 }