ci: Add security-focused clippy lints to various crates

johnsaigle · johnsaigle · commit 40c7472667eb · 2025-11-04T10:24:46.000-05:00
diff --git a/sdk/rust/Cargo.toml b/sdk/rust/Cargo.toml
@@ -41,3 +41,35 @@ serde_repr = "0.1.7"
 sha3 = "0.10.4"
 base64 = "0.13"
 itoa = "1.0.1"
+
+[workspace.lints.clippy]
+# === Code Quality: Prevent incomplete/placeholder code ===
+todo = "deny"
+
+# === True Bugs: Compiler can prove these are wrong ===
+eq_op = "warn"                        # x == x, x != x, etc.
+modulo_one = "warn"                   # x % 1 (always returns 0)
+out_of_bounds_indexing = "warn"       # Compiler-checked out of bounds access
+
+# === Security Audit Support ===
+undocumented_unsafe_blocks = "warn"   # Document why unsafe is needed
+
+# === Potential Runtime Errors ===
+unchecked_duration_subtraction = "warn"  # Can panic on underflow
+panicking_overflow_checks = "warn"       # Overflow checks that panic in release
+if_let_mutex = "warn"                    # Can cause deadlocks
+
+# === Performance: Catch accidental inefficiencies ===
+or_fun_call = "warn"                     # Use .unwrap_or_else instead of .unwrap_or
+set_contains_or_insert = "warn"          # Use .entry() API instead
+stable_sort_primitive = "warn"           # Unstable sort is faster for primitives
+
+# === Logic Bugs ===
+suspicious_operation_groupings = "warn"  # Likely copy-paste errors
+
+# === Data Structure Misuse ===
+iter_over_hash_type = "warn"             # Non-deterministic iteration order
+non_send_fields_in_send_ty = "warn"      # Breaks thread safety
+
+# === SDK-specific: Help developers avoid common mistakes ===
+wildcard_dependencies = "warn"           # Prevent supply chain issues in published crates
diff --git a/sdk/rust/serde_wormhole/Cargo.toml b/sdk/rust/serde_wormhole/Cargo.toml
@@ -8,6 +8,9 @@ license.workspace = true
 homepage.workspace = true
 repository.workspace = true
 
+[lints]
+workspace = true
+
 [dependencies]
 base64.workspace = true
 itoa.workspace = true
diff --git a/sdk/rust/supported-chains/Cargo.toml b/sdk/rust/supported-chains/Cargo.toml
@@ -8,6 +8,9 @@ license.workspace = true
 homepage.workspace = true
 repository.workspace = true
 
+[lints]
+workspace = true
+
 [dependencies]
 serde.workspace = true
 thiserror.workspace = true
diff --git a/sdk/rust/vaas-serde/Cargo.toml b/sdk/rust/vaas-serde/Cargo.toml
@@ -8,6 +8,9 @@ license.workspace = true
 homepage.workspace = true
 repository.workspace = true
 
+[lints]
+workspace = true
+
 [lib]
 name = "wormhole_sdk"
 
diff --git a/sdk/rust/vaas-serde/src/vaa.rs b/sdk/rust/vaas-serde/src/vaa.rs
@@ -213,6 +213,7 @@ impl<P> From<(Header, Body<P>)> for Vaa<P> {
 }
 
 impl Header {
+    #[allow(clippy::todo, reason = "VAA body verification not yet implemented - this function is not currently used in the SDK")]
     pub fn verify(&self, _body: &[u8], _addrs: &[GuardianAddress]) -> anyhow::Result<Digest> {
         todo!("VAA body verification")
     }
diff --git a/svm/wormhole-core-shims/Cargo.toml b/svm/wormhole-core-shims/Cargo.toml
@@ -32,3 +32,37 @@ codegen-units = 1
 opt-level = 3
 incremental = false
 codegen-units = 1
+
+[workspace.lints.clippy]
+# === Code Quality: Prevent incomplete/placeholder code ===
+todo = "deny"
+unimplemented = "deny"  # Uncomment if you want to be strict about this too
+
+# === True Bugs: Compiler can prove these are wrong ===
+eq_op = "warn"                        # x == x, x != x, etc.
+modulo_one = "warn"                   # x % 1 (always returns 0)
+out_of_bounds_indexing = "warn"       # Compiler-checked out of bounds access
+
+# === Stack Management: Critical for Solana (32KB stack limit) ===
+large_stack_arrays = "warn"
+large_stack_frames = "warn"
+
+# === Security Audit Support ===
+undocumented_unsafe_blocks = "warn"   # Document why unsafe is needed
+
+# === Potential Runtime Errors ===
+unchecked_duration_subtraction = "warn"  # Can panic on underflow
+panicking_overflow_checks = "warn"       # Overflow checks that panic in release
+if_let_mutex = "warn"                    # Can cause deadlocks
+
+# === Performance: Catch accidental inefficiencies ===
+or_fun_call = "warn"                     # Use .unwrap_or_else instead of .unwrap_or
+set_contains_or_insert = "warn"          # Use .entry() API instead
+stable_sort_primitive = "warn"           # Unstable sort is faster for primitives
+
+# === Logic Bugs ===
+suspicious_operation_groupings = "warn"  # Likely copy-paste errors
+
+# === Data Structure Misuse ===
+iter_over_hash_type = "warn"             # Non-deterministic iteration order
+non_send_fields_in_send_ty = "warn"      # Breaks thread safety
diff --git a/svm/wormhole-core-shims/crates/definitions/Cargo.toml b/svm/wormhole-core-shims/crates/definitions/Cargo.toml
@@ -9,6 +9,9 @@ repository.workspace = true
 rust-version.workspace = true
 version.workspace = true
 
+[lints]
+workspace = true
+
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [features]
diff --git a/svm/wormhole-core-shims/crates/shim/Cargo.toml b/svm/wormhole-core-shims/crates/shim/Cargo.toml
@@ -8,6 +8,9 @@ repository.workspace = true
 rust-version.workspace = true
 version.workspace = true
 
+[lints]
+workspace = true
+
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [features]

Original file line number	Diff line number	Diff line change
`@@ -213,6 +213,7 @@ impl<P> From<(Header, Body<P>)> for Vaa<P> {`
`213`	`213`	`}`
`214`	`214`
`215`	`215`	`impl Header {`
	`216`	`+ #[allow(clippy::todo, reason = "VAA body verification not yet implemented - this function is not currently used in the SDK")]`
`216`	`217`	`pub fn verify(&self, _body: &[u8], _addrs: &[GuardianAddress]) -> anyhow::Result<Digest> {`
`217`	`218`	`todo!("VAA body verification")`
`218`	`219`	`}`