blst-security · jayvdb · Dec 16, 2025
diff --git a/.github/workflows/dev-build-check.yml b/.github/workflows/dev-build-check.yml
@@ -0,0 +1,87 @@
+name: Rust Build Check
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - master
+      - dev
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  check:
+    name: Check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Cache cargo
+        uses: actions/cache@v4
+        with:
+          path: ~/.cargo
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+
+      - name: Run cargo check
+        run: cargo check --all-features
+
+  test:
+    name: Test Suite
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Cache cargo
+        uses: actions/cache@v4
+        with:
+          path: ~/.cargo
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+
+      - name: Run tests
+        run: cargo test --all-features
+
+  fmt:
+    name: Rustfmt
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          components: rustfmt
+
+      - name: Check formatting
+        run: cargo fmt --all -- --check
+
+  clippy:
+    name: Clippy
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Rust toolchain
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          components: clippy
+
+      - name: Cache cargo
+        uses: actions/cache@v4
+        with:
+          path: ~/.cargo
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+
+      - name: Run clippy
+        run: cargo clippy --all-features -- -D warnings
diff --git a/cherrybomb-engine/src/info/eps.rs b/cherrybomb-engine/src/info/eps.rs
@@ -171,6 +171,7 @@ pub struct EpTable {
     servers: Vec<String>,
 }
 impl EpTable {
+    #[expect(dead_code)]
     pub fn path_only(&self, path: &str) -> Self {
         let eps = self
             .eps

diff --git a/cherrybomb-engine/src/info/params.rs b/cherrybomb-engine/src/info/params.rs
@@ -146,6 +146,7 @@ pub struct ParamTable {
     eps: Vec<String>,
 }
 impl ParamTable {
+    #[expect(dead_code)]
     pub fn named_param(&self, param: &str) -> Self {
         let params = self
             .params

diff --git a/cherrybomb-engine/src/lib.rs b/cherrybomb-engine/src/lib.rs
@@ -12,6 +12,7 @@ use scan::checks::{ActiveChecks, PassiveChecks};
 use scan::passive::passive_scanner;
 use scan::*;
 use serde_json::{json, Value};
+#[expect(unused_imports)]
 use std::collections::{HashMap, HashSet};
 use std::vec;
 use strum::IntoEnumIterator;
@@ -85,7 +86,7 @@ pub async fn run(config: &mut Config) -> anyhow::Result<Value> {
     }
 }
 
-fn run_profile_info(config: &Config, oas: &OAS3_1, oas_json: &Value) -> anyhow::Result<Value> {
+fn run_profile_info(config: &Config, _oas: &OAS3_1, oas_json: &Value) -> anyhow::Result<Value> {
     // Creating parameter list
     verbose_print(config, None, "Creating param list...");
     let param_scan = ParamTable::new::<OAS3_1>(oas_json);

diff --git a/cherrybomb-engine/src/scan/active/active_scanner.rs b/cherrybomb-engine/src/scan/active/active_scanner.rs
@@ -304,6 +304,7 @@ impl<T: OAS + Serialize + for<'de> Deserialize<'de>> ActiveScan<T> {
 }
 
 impl ActiveChecks {
+    #[expect(dead_code)]
     pub fn parse_check_list(list: Vec<String>, exclude: bool) -> Vec<ActiveChecks> {
         let mut checks = Vec::new();
         for check in list.iter() {

diff --git a/cherrybomb-engine/src/scan/active/http_client/req.rs b/cherrybomb-engine/src/scan/active/http_client/req.rs
@@ -20,6 +20,7 @@ pub struct AttackRequestBuilder {
 }
 
 impl AttackRequestBuilder {
+    #[expect(dead_code)]
     pub fn uri2(&mut self, server: Server, path: &str, secure: bool) -> &mut Self {
         self.path = server.base_url + path;
         if let Some(vars) = server.variables {
@@ -64,6 +65,7 @@ impl AttackRequestBuilder {
         self
     }
 
+    #[expect(dead_code)]
     pub fn uri_http(&mut self, server: &Server) -> &mut Self {
         //build base url with http protocol
         let mut new_url = server.base_url.to_string();

diff --git a/cherrybomb-engine/src/scan/checks.rs b/cherrybomb-engine/src/scan/checks.rs
@@ -18,6 +18,7 @@ impl Default for PassiveChecks {
         Self::CheckServerUrl(vec![])
     }
 }
+#[expect(dead_code)]
 pub trait Check {
     // fn alerts_text(&self) -> Cell;
     fn top_severity(&self) -> Level;

diff --git a/cherrybomb-engine/src/scan/macros.rs b/cherrybomb-engine/src/scan/macros.rs
@@ -16,6 +16,7 @@ macro_rules! impl_passive_checks{
                     _=>None,
                 }
             }
+            #[expect(dead_code)]
             pub fn description(&self)->&'static str{
                 match &self{
                     $(
@@ -67,13 +68,15 @@ macro_rules! impl_active_checks{
             )*
         }
         impl ActiveChecks{
+            #[expect(dead_code)]
             pub fn description(&self)->&'static str{
                 match &self{
                     $(
                         ActiveChecks::$check(_)=>$desc,
                     )*
                 }
             }
+            #[expect(unreachable_patterns)]
             pub fn from_string(str1:&str)->Option<Self>{
                 match str1{
                     $(

diff --git a/cherrybomb-engine/src/scan/passive/general.rs b/cherrybomb-engine/src/scan/passive/general.rs
@@ -10,9 +10,11 @@ pub trait PassiveGeneralScan {
     fn check_successes(&self) -> Vec<Alert>;
     fn check_default_response(&self) -> Vec<Alert>;
     fn check_response_body_schema(&self) -> Vec<Alert>;
+    #[expect(dead_code)]
     fn example_inconsistent_schema(&self) -> Vec<Alert>;
     fn check_default_type(&self) -> Vec<Alert>;
     fn check_enum_type(&self) -> Vec<Alert>;
+    #[expect(dead_code)]
     fn check_required_undefined(&self) -> Vec<Alert>;
     fn check_unused_schema(&self) -> Vec<Alert>;
 }

diff --git a/cherrybomb-engine/src/scan/passive/passive_scanner.rs b/cherrybomb-engine/src/scan/passive/passive_scanner.rs
@@ -27,6 +27,7 @@ where
     pub passive_checks: Vec<PassiveChecks>,
 }
 impl<T: OAS + Serialize + for<'de> Deserialize<'de>> PassiveSwaggerScan<T> {
+    #[expect(dead_code)]
     pub fn new(swagger_value: Value) -> Result<Self, &'static str> {
         match serde_json::from_value::<T>(swagger_value.clone()) {
             Ok(swagger) => Ok(PassiveSwaggerScan {
@@ -59,6 +60,7 @@ impl<T: OAS + Serialize + for<'de> Deserialize<'de>> PassiveSwaggerScan<T> {
 }
 
 impl PassiveChecks {
+    #[expect(dead_code)]
     pub fn parse_check_list(list: Vec<String>, exclude: bool) -> Vec<PassiveChecks> {
         let mut checks = Vec::new();
         for check in list.iter() {

diff --git a/src/main.rs b/src/main.rs
@@ -12,7 +12,7 @@ use crate::options::Options;
 use crate::table::print_tables;
 
 fn open_config_file(config_location: &std::path::PathBuf) -> anyhow::Result<Config> {
-    return match config_location.extension() {
+    match config_location.extension() {
         Some(ext) => {
             let file = match File::open(config_location) {
                 Ok(file) => file,
@@ -37,7 +37,7 @@ fn open_config_file(config_location: &std::path::PathBuf) -> anyhow::Result<Conf
             }
         }
         _ => Err(anyhow::anyhow!("Unsupported config file extension")),
-    };
+    }
 }
 
 fn merge_options(conf: &mut Config, opt: &Options) {

diff --git a/src/table.rs b/src/table.rs
@@ -6,7 +6,6 @@ use serde::{Deserialize, Serialize};
 use serde_json::{Map, Value};
 use std::fs::File;
 use std::io::Write;
-use std::option;
 use std::process::ExitCode;
 
 #[derive(Default, Debug, Clone, PartialEq, Serialize, Deserialize)]
@@ -59,6 +58,7 @@ fn to_format(vec_raw: &mut Vec<String>) -> String {
 #[derive(PartialEq)]
 enum CheckStatus {
     OK,
+    #[expect(dead_code)]
     Warning,
     Fail,
 }
@@ -172,6 +172,7 @@ fn print_param_table(json_struct: &Map<String, Value>) -> anyhow::Result<()> {
     Ok(())
 }
 
+#[expect(dead_code)]
 fn print_alert_table(json_struct: &Map<String, Value>) -> anyhow::Result<CheckStatus> {
     //display simple table  with alerts
     let mut table = Table::new();
@@ -187,7 +188,7 @@ fn print_alert_table(json_struct: &Map<String, Value>) -> anyhow::Result<CheckSt
         if !alerts.is_empty() {
             return_status = CheckStatus::Fail;
         }
-        if let Some(alert) = alerts.get(0) {
+        if let Some(alert) = alerts.first() {
             table
                 .load_preset(UTF8_FULL)
                 .apply_modifier(UTF8_ROUND_CORNERS)

diff --git a/src/telemetry.rs b/src/telemetry.rs
@@ -46,7 +46,7 @@ fn get_token(verbosity: Verbosity) -> anyhow::Result<Uuid> {
     let mut token_path = dirs::home_dir().ok_or(anyhow::anyhow!("Cant locate home directory"))?;
     token_path.push(".cherrybomb");
     token_path.push("token");
-    return if token_path.exists() {
+    if token_path.exists() {
         let mut token_file = std::fs::File::open(token_path)?;
         let mut token = String::new();
         token_file.read_to_string(&mut token)?;
@@ -61,5 +61,5 @@ fn get_token(verbosity: Verbosity) -> anyhow::Result<Uuid> {
         let mut token_file = std::fs::File::create(token_path)?;
         token_file.write_all(token.to_string().as_bytes())?;
         Ok(token)
-    };
+    }
 }