Help protect the codebase, and devs, from using vulnerable code #89
Description
Context
Fuzz testing uncovered various flaws in functions in ./holo-utils/src/bytes.rs and these functions were used in various places in the codebase including packet decoders for the various protocols. These vulnerable functions have been superseded by fallible equivalents e.g. replacing: let a = buf.get_u8(); with let a = buf.try_get_u8()?;
For various practical reasons the vulnerable functions have been retained in ./holo-utils/src/bytes.rs, at least for the moment. We'd like to guard against them being used in the codebase. This issue is to facilitate discussion into ways to do so e.g.
- Could static analysis rules provide a suitable guard?
- Could the visibility be modified of these flawed functions so they're no longer reachable elsewhere in the codebase?
On a call with @rwestphal and @Paul-weqe we agreed to close PR #86 as there have been enough changes in the codebase to add protections that these unit tests are no longer sufficiently valuable to incorporate into the codebase. Instead we'd prefer to implement the protection being considered here.