aws-cloudformation · joshfried-aws · Jun 14, 2023 · Jun 12, 2023 · Jun 12, 2023 · Jun 12, 2023
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -2,9 +2,9 @@ name: Rust
 
 on:
   push:
-    branches: [ main, development, rogue_one ]
+    branches: [main, development, rogue_one]
   pull_request:
-    branches: [ main, development, rogue_one ]
+    branches: [main, development, rogue_one]
 
 env:
   CARGO_TERM_COLOR: always
@@ -14,19 +14,19 @@ jobs:
     name: Build all crates & run unit tests
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
-    - name: Build all crates
-      run: cargo build --release --verbose
-    - name: Run unit tests
-      run: cargo test --verbose
+      - uses: actions/checkout@v2
+      - name: Build all crates
+        run: cargo build --release --verbose
+      - name: Run unit tests
+        run: cargo test --verbose
 
   shellcheck:
     name: Shellcheck
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
-    - name: Shellcheck
-      run: shellcheck install-guard.sh
+      - uses: actions/checkout@v2
+      - name: Shellcheck
+        run: shellcheck install-guard.sh
 
   formatting:
     name: Formatting check (cargo fmt)
@@ -39,10 +39,26 @@ jobs:
       - name: Rustfmt Check
         uses: actions-rust-lang/rustfmt@v1
 
+  linting:
+    name: Linting check (clippy)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          override: true
+          components: clippy
+      - uses: actions-rs/clippy-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+          args: -- -D warnings
+
   aws-guard-rules-registry-integration-tests-linux:
     strategy:
       matrix:
-        os: [ ubuntu-latest, macos-latest ]
+        os: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
     name: Integration tests against aws-guard-rules-registry
     steps:
@@ -141,10 +157,10 @@ jobs:
       - name: Run integration tests using parse-tree command
         run: |
           cd aws-guard-rules-registry/rules
-          
+
           $FAILED_RULES = @()
           $SKIPPED_RULES = @()
-          
+
           $rules  = @(Get-ChildItem -Path .\ -Filter *.guard -Recurse -File)
 
           Foreach ($rule in $rules) {
@@ -158,19 +174,19 @@ jobs:
               $FAILED_RULES += "$rule"
             }
           }
-          
+
           $SKIPPED_RULE_COUNT = $SKIPPED_RULES.Length
           if ($SKIPPED_RULE_COUNT -gt 0) {
               echo "The following `$SKIPPED_RULE_COUNT.Length` rule(s) were skipped because they contained only comments:"
               echo $SKIPPED_RULES
           }
-          
+
           $FAILED_RULE_COUNT = $FAILED_RULES.Length
-  
+
           if ($FAILED_RULE_COUNT -gt 0) {
               echo "The following $FAILED_RULE_COUNT rule(s) have failed the parse-tree integration tests with a non-zero error code:"
               echo $FAILED_RULES
               exit 1
           } else {
               echo "All the rules have succeeded the parse-tree integration tests."
-          }
+          }
diff --git a/guard-lambda/src/lib.rs b/guard-lambda/src/lib.rs
@@ -1 +1,2 @@
+#![allow(special_module_name)]
 pub mod main;
diff --git a/guard-lambda/src/main.rs b/guard-lambda/src/main.rs
@@ -27,6 +27,7 @@ pub struct CustomOutput {
 }
 
 #[tokio::main]
+#[allow(dead_code)]
 async fn main() -> Result<(), Error> {
     SimpleLogger::new()
         .with_level(LevelFilter::Info)
@@ -48,13 +49,13 @@ pub async fn call_cfn_guard(e: CustomEvent, _c: Context) -> Result<CustomOutput,
                 file_name: "lambda-payload",
             },
             ValidateInput {
-                content: &rule,
+                content: rule,
                 file_name: "lambda-rule",
             },
             e.verbose,
         ) {
             Ok(t) => t,
-            Err(e) => (e.to_string()),
+            Err(e) => e.to_string(),
         };
         let json_value: serde_json::Value = serde_json::from_str(&result)?;
         results_vec.push(json_value)
@@ -66,7 +67,7 @@ pub async fn call_cfn_guard(e: CustomEvent, _c: Context) -> Result<CustomOutput,
 
 impl std::fmt::Display for CustomEvent {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> Result<(), std::fmt::Error> {
-        write!(f, "{}", serde_json::to_string_pretty(&self).unwrap());
+        write!(f, "{}", serde_json::to_string_pretty(&self).unwrap())?;
         Ok(())
     }
 }

diff --git a/guard-lambda/tests/lambda-handler.rs b/guard-lambda/tests/lambda-handler.rs
@@ -1,6 +1,5 @@
 #[cfg(test)]
 mod tests {
-    use cfn_guard_lambda;
     use cfn_guard_lambda::main::{call_cfn_guard, CustomEvent, CustomOutput};
     use lambda_runtime::Context;
 

diff --git a/guard/src/commands/aws_meta_appender.rs b/guard/src/commands/aws_meta_appender.rs
@@ -18,6 +18,7 @@ impl<'d> EvaluationContext for MetadataAppender<'d> {
         self.delegate.rule_status(rule_name)
     }
 
+    #[allow(clippy::never_loop)]
     fn end_evaluation(
         &self,
         eval_type: EvaluationType,
@@ -42,7 +43,7 @@ impl<'d> EvaluationContext for MetadataAppender<'d> {
                                         parts[2]
                                     );
                                     let AccessQuery {
-                                        query: query,
+                                        query,
                                         match_all: all,
                                     } = AccessQuery::try_from(query.as_str()).unwrap();
                                     if let Ok(selected) =

diff --git a/guard/src/commands/aws_meta_appender_tests.rs b/guard/src/commands/aws_meta_appender_tests.rs
@@ -1,4 +1,3 @@
-use super::super::common_test_helpers::DummyEval;
 use super::*;
 
 #[test]
@@ -37,33 +36,33 @@ fn append_cdk_metadata_test() -> Result<()> {
     let query = AccessQuery::try_from(
         "Resources['table1F1EAFA30'].Properties.ProvisionedThroughput.ReadCapacityUnits",
     )?;
-    struct Capture {};
+    struct Capture {}
     impl EvaluationContext for Capture {
-        fn resolve_variable(&self, variable: &str) -> Result<Vec<&PathAwareValue>> {
+        fn resolve_variable(&self, _: &str) -> Result<Vec<&PathAwareValue>> {
             unimplemented!()
         }
 
-        fn rule_status(&self, rule_name: &str) -> Result<Status> {
+        fn rule_status(&self, _: &str) -> Result<Status> {
             unimplemented!()
         }
 
         fn end_evaluation(
             &self,
-            eval_type: EvaluationType,
-            context: &str,
+            _: EvaluationType,
+            _: &str,
             msg: String,
-            from: Option<PathAwareValue>,
-            to: Option<PathAwareValue>,
-            status: Option<Status>,
+            _: Option<PathAwareValue>,
+            _: Option<PathAwareValue>,
+            _: Option<Status>,
             _cmp: Option<(CmpOperator, bool)>,
         ) {
             assert_ne!(msg.as_str(), "");
-            assert_eq!(msg.starts_with("FIRST PART"), true);
-            assert_eq!(msg.len() > "FIRST PART".len(), true);
+            assert!(msg.starts_with("FIRST PART"));
+            assert!(msg.len() > "FIRST PART".len());
             println!("{}", msg);
         }
 
-        fn start_evaluation(&self, eval_type: EvaluationType, context: &str) {
+        fn start_evaluation(&self, _: EvaluationType, _: &str) {
             unimplemented!()
         }
     }

diff --git a/guard/src/commands/files.rs b/guard/src/commands/files.rs
@@ -2,10 +2,9 @@ use std::cmp::Ordering;
 use std::fs::File;
 use std::io::{BufReader, Read};
 use std::path::PathBuf;
-use std::str::FromStr;
 
 use crate::rules::errors::Error;
-use walkdir::{DirEntry, WalkDir};
+use walkdir::WalkDir;
 
 pub(crate) fn read_file_content(file: File) -> Result<String, std::io::Error> {
     let mut file_content = String::new();
@@ -14,27 +13,6 @@ pub(crate) fn read_file_content(file: File) -> Result<String, std::io::Error> {
     Ok(file_content)
 }
 
-pub(crate) fn get_files<F>(file: &str, sort: F) -> Result<Vec<PathBuf>, Error>
-where
-    F: FnMut(&walkdir::DirEntry, &walkdir::DirEntry) -> Ordering + Send + Sync + 'static,
-{
-    let path = PathBuf::from_str(file)?;
-    let input_file = File::open(file)?;
-    let metadata = input_file.metadata()?;
-    Ok(if metadata.is_file() {
-        vec![path]
-    } else {
-        let result = get_files_with_filter(file, sort, |entry| {
-            entry
-                .file_name()
-                .to_str()
-                .map(|name| !name.ends_with("/"))
-                .unwrap_or(false)
-        })?;
-        result
-    })
-}
-
 pub(crate) fn get_files_with_filter<S, F>(
     file: &str,
     sort: S,
@@ -44,25 +22,15 @@ where
     S: FnMut(&walkdir::DirEntry, &walkdir::DirEntry) -> Ordering + Send + Sync + 'static,
     F: Fn(&walkdir::DirEntry) -> bool,
 {
-    let mut selected = Vec::with_capacity(10);
     let walker = WalkDir::new(file).sort_by(sort).into_iter();
-    let dir_check = |entry: &DirEntry| {
-        // select directories to traverse
-        if entry.path().is_dir() {
-            return true;
-        }
-        filter(entry)
-    };
-    for each in walker.filter_entry(dir_check) {
-        //
-        // We are ignoring errors here. TODO fix this later
-        //
-        if let Ok(entry) = each {
-            if entry.path().is_file() {
-                selected.push(entry.into_path());
-            }
-        }
-    }
+
+    let selected = walker
+        .filter_entry(|entry| entry.path().is_dir() || filter(entry))
+        .flatten()
+        .filter(|entry| entry.path().is_file())
+        .map(|entry| entry.into_path())
+        .collect::<Vec<_>>();
+
     Ok(selected)
 }
 
@@ -125,7 +93,8 @@ pub(crate) fn last_modified(first: &walkdir::DirEntry, second: &walkdir::DirEntr
             }
         }
     }
-    return Ordering::Equal;
+
+    Ordering::Equal
 }
 
 pub(crate) fn regular_ordering(

diff --git a/guard/src/commands/helper.rs b/guard/src/commands/helper.rs
@@ -13,20 +13,22 @@ use std::convert::TryFrom;
 use std::io::BufWriter;
 use std::rc::Rc;
 
+#[allow(dead_code)]
 pub struct ValidateInput<'a> {
     pub content: &'a str,
     pub file_name: &'a str,
 }
 
+#[allow(dead_code)]
 pub fn validate_and_return_json(
     data: ValidateInput,
     rules: ValidateInput,
     verbose: bool,
 ) -> Result<String> {
-    let path_value = match serde_json::from_str::<serde_json::Value>(&data.content) {
+    let path_value = match serde_json::from_str::<serde_json::Value>(data.content) {
         Ok(value) => PathAwareValue::try_from(value),
         Err(_) => {
-            let value = serde_yaml::from_str::<serde_yaml::Value>(&data.content)?;
+            let value = serde_yaml::from_str::<serde_yaml::Value>(data.content)?;
             PathAwareValue::try_from(value)
         }
     }
@@ -43,7 +45,7 @@ pub fn validate_and_return_json(
         name: data.file_name.to_owned(),
     };
 
-    let span = crate::rules::parser::Span::new_extra(&rules.content, rules.file_name);
+    let span = crate::rules::parser::Span::new_extra(rules.content, rules.file_name);
 
     let rules_file_name = rules.file_name;
     return match crate::rules::parser::rules_file(span) {

diff --git a/guard/src/commands/rulegen.rs b/guard/src/commands/rulegen.rs
@@ -96,6 +96,7 @@ pub fn parse_template_and_call_gen(
     gen_rules(cfn_resources)
 }
 
+#[allow(clippy::map_entry)]
 fn gen_rules(
     cfn_resources: HashMap<String, Value>,
 ) -> HashMap<String, HashMap<String, HashSet<String>>> {
@@ -145,14 +146,14 @@ fn gen_rules(
                 None => prop_val.to_string(),
             };
 
-            let mut no_newline_stripped_val = stripped_val.trim().replace("\n", "");
+            let mut no_newline_stripped_val = stripped_val.trim().replace('\n', "");
 
             // Preserve double quotes for strings.
             if prop_val.is_string() {
                 let test_str = format!("{}{}{}", "\"", no_newline_stripped_val, "\"");
                 no_newline_stripped_val = test_str;
             }
-            let resource_name = format!("{}", &cfn_resource["Type"].as_str().unwrap());
+            let resource_name = (&cfn_resource["Type"].as_str().unwrap()).to_string();
 
             if !rule_map.contains_key(&resource_name) {
                 let value_set: HashSet<String> =
@@ -176,7 +177,7 @@ fn gen_rules(
         }
     }
 
-    return rule_map;
+    rule_map
 }
 
 // Prints the generated rules data structure to stdout. If there are properties mapping to

diff --git a/guard/src/commands/test.rs b/guard/src/commands/test.rs
@@ -1,4 +1,4 @@
-use clap::{Arg, ArgAction, ArgGroup, ArgMatches, ValueHint};
+use clap::{Arg, ArgAction, ArgGroup, ArgMatches};
 use serde::{Deserialize, Serialize};
 use std::collections::{BTreeMap, HashMap};
 use std::convert::TryFrom;
@@ -15,18 +15,16 @@ use crate::commands::files::{
     alpabetical, get_files_with_filter, iterate_over, last_modified, read_file_content,
     regular_ordering,
 };
-use crate::commands::tracker::StackTracker;
 use crate::commands::{
     validate, ALPHABETICAL, DIRECTORY, DIRECTORY_ONLY, LAST_MODIFIED, RULES_AND_TEST_FILE,
     RULES_FILE, TEST, TEST_DATA, VERBOSE,
 };
 use crate::rules::errors::Error;
 use crate::rules::eval::eval_rules_file;
-use crate::rules::evaluate::RootScope;
 use crate::rules::exprs::RulesFile;
 use crate::rules::path_value::PathAwareValue;
 use crate::rules::Status::SKIP;
-use crate::rules::{Evaluate, NamedStatus, RecordType, Result, Status};
+use crate::rules::{NamedStatus, RecordType, Result, Status};
 use crate::utils::reader::Reader;
 use crate::utils::writer::Writer;