Add unwrap/panic detection for Push Model files

Assisted-By: Claude <[email protected]>
Signed-off-by: Sergio Arroutbi <[email protected]>

Author: sarroutbi

keylime-push-model-agent/src/attestation.rs

@@ -264,17 +264,17 @@ mod tests {
         let mut config = create_test_config(&uri, "", "", "");
         config.max_retries = 3; // Allow up to 3 retries
 
-        let client = AttestationClient::new(&config).unwrap();
+        let client = AttestationClient::new(&config).unwrap(); //#[allow_ci]
         let result = client.send_negotiation(&config).await;
 
         // The final request should be successful
         assert!(result.is_ok());
-        let response = result.unwrap();
+        let response = result.unwrap(); //#[allow_ci]
         assert_eq!(response.status_code, StatusCode::CREATED);
 
         // The server should have received 3 requests in total (2 failures + 1 success)
         let received_requests =
-            mock_server.received_requests().await.unwrap();
+            mock_server.received_requests().await.unwrap(); //#[allow_ci]
         assert_eq!(received_requests.len(), 3);
     }
 
@@ -283,12 +283,12 @@ mod tests {
         let negotiation_config =
             create_test_config("http://127.0.0.1:9999/test", "", "", "");
 
-        let client = AttestationClient::new(&negotiation_config).unwrap();
+        let client = AttestationClient::new(&negotiation_config).unwrap(); //#[allow_ci]
         let result =
             client.send_negotiation(&negotiation_config.clone()).await;
 
         assert!(result.is_err());
-        let err_msg = result.unwrap_err().to_string();
+        let err_msg = result.unwrap_err().to_string(); //#[allow_ci]
         assert!(err_msg.contains("error sending request"));
     }
 
@@ -304,32 +304,32 @@ mod tests {
         let client_result = AttestationClient::new(&config);
 
         assert!(client_result.is_err());
-        let err_msg = client_result.unwrap_err().to_string();
+        let err_msg = client_result.unwrap_err().to_string(); //#[allow_ci]
         assert!(err_msg.contains("Failed to open"));
     }
 
     #[actix_rt::test]
     async fn test_send_negotiation_bad_certs() {
-        let temp_dir = tempdir().unwrap();
+        let temp_dir = tempdir().unwrap(); //#[allow_ci]
         let ca_path = temp_dir.path().join("ca.pem");
         let cert_path = temp_dir.path().join("cert.pem");
         let key_path = temp_dir.path().join("key.pem");
 
-        File::create(&ca_path).unwrap();
-        File::create(&cert_path).unwrap();
-        File::create(&key_path).unwrap();
+        File::create(&ca_path).unwrap(); //#[allow_ci]
+        File::create(&cert_path).unwrap(); //#[allow_ci]
+        File::create(&key_path).unwrap(); //#[allow_ci]
 
         let config = create_test_config(
             "https://1.2.3.4:9999/test",
-            ca_path.to_str().unwrap(),
-            cert_path.to_str().unwrap(),
-            key_path.to_str().unwrap(),
+            ca_path.to_str().unwrap(),   //#[allow_ci]
+            cert_path.to_str().unwrap(), //#[allow_ci]
+            key_path.to_str().unwrap(),  //#[allow_ci]
         );
 
         let client_result = AttestationClient::new(&config);
 
         assert!(client_result.is_err());
-        let err_msg = client_result.unwrap_err().to_string();
+        let err_msg = client_result.unwrap_err().to_string(); //#[allow_ci]
         assert!(err_msg.to_lowercase().contains("certificate"));
     }
 
@@ -344,15 +344,15 @@ mod tests {
             "", "", "",
         );
 
-        let client = AttestationClient::new(&config).unwrap();
+        let client = AttestationClient::new(&config).unwrap(); //#[allow_ci]
         let result = client.send_negotiation(&config).await;
 
         assert!(
             result.is_ok(),
             "Request to mockoon failed: {:?}",
             result.err()
         );
-        let response_info = result.unwrap();
+        let response_info = result.unwrap(); //#[allow_ci]
         assert_eq!(
             response_info.status_code,
             StatusCode::CREATED,
@@ -365,7 +365,7 @@ mod tests {
     #[actix_rt::test]
     async fn test_handle_evidence_submission_no_location_header() {
         let config = create_test_config("http://localhost:3000", "", "", "");
-        let client = AttestationClient::new(&config).unwrap();
+        let client = AttestationClient::new(&config).unwrap(); //#[allow_ci]
 
         // Create a response with no Location header
         let neg_response = ResponseInformation {
@@ -380,7 +380,7 @@ mod tests {
 
         assert!(result.is_err());
         assert!(result
-            .unwrap_err()
+            .unwrap_err() //#[allow_ci]
             .to_string()
             .contains("missing 'Location' header"));
     }
@@ -408,19 +408,19 @@ mod tests {
         let config = create_test_config(&uri, "", "", "");
 
         // Create the client
-        let client = AttestationClient::new(&config).unwrap();
+        let client = AttestationClient::new(&config).unwrap(); //#[allow_ci]
 
         let result =
             client.send_evidence(single_serialized_body, &config).await;
 
         // Assertions
         assert!(result.is_ok(), "send_evidence should succeed");
-        let response = result.unwrap();
+        let response = result.unwrap(); //#[allow_ci]
         assert_eq!(response.status_code, StatusCode::ACCEPTED);
 
         // Verify that the mock server received exactly one request.
         let received_requests =
-            mock_server.received_requests().await.unwrap();
+            mock_server.received_requests().await.unwrap(); //#[allow_ci]
         assert_eq!(received_requests.len(), 1);
     }
 }

keylime-push-model-agent/src/auth.rs

@@ -22,6 +22,7 @@ use tokio::sync::Mutex;
 
 /// Configuration for the authentication client
 #[derive(Debug, Clone)]
+#[allow(dead_code)]
 pub struct AuthConfig {
     /// Base URL of the verifier (e.g., "https://verifier.example.com")
     pub verifier_base_url: String,
@@ -52,20 +53,23 @@ impl Default for AuthConfig {
 
 /// Session token with expiration information
 #[derive(Debug, Clone)]
+#[allow(dead_code)]
 struct SessionToken {
     token: String,
     expires_at: DateTime<Utc>,
     session_id: u64,
 }
 
 impl SessionToken {
+    #[allow(dead_code)]
     fn is_valid(&self, buffer_minutes: i64) -> bool {
         let buffer = Duration::minutes(buffer_minutes);
         Utc::now() + buffer < self.expires_at
     }
 }
 
 /// Mock TPM operations for testing
+#[allow(dead_code)]
 pub trait TpmOperations: Send + Sync {
     fn generate_proof(&self, challenge: &str) -> Result<ProofOfPossession>;
 }
@@ -92,6 +96,7 @@ impl TpmOperations for MockTpmOperations {
 }
 
 /// Standalone authentication client implementing the challenge-response protocol
+#[allow(dead_code)]
 pub struct AuthenticationClient {
     config: AuthConfig,
     http_client: Client,
@@ -101,6 +106,7 @@ pub struct AuthenticationClient {
 
 impl AuthenticationClient {
     /// Create a new authentication client with the given configuration
+    #[allow(dead_code)]
     pub fn new(config: AuthConfig) -> Result<Self> {
         let timeout = std::time::Duration::from_millis(config.timeout_ms);
         let http_client = Client::builder()
@@ -117,6 +123,7 @@ impl AuthenticationClient {
     }
 
     /// Create a new authentication client with custom TPM operations
+    #[allow(dead_code)]
     pub fn with_tpm_ops(
         config: AuthConfig,
         tpm_ops: Box<dyn TpmOperations>,
@@ -136,6 +143,7 @@ impl AuthenticationClient {
     }
 
     /// Get a valid authentication token, performing authentication if necessary
+    #[allow(dead_code)]
     pub async fn get_auth_token(&self) -> Result<String> {
         let token_guard = self.session_token.lock().await;
 
@@ -160,6 +168,7 @@ impl AuthenticationClient {
     }
 
     /// Check if we currently have a valid token
+    #[allow(dead_code)]
     pub async fn has_valid_token(&self) -> bool {
         let token_guard = self.session_token.lock().await;
         if let Some(ref token) = *token_guard {
@@ -170,13 +179,15 @@ impl AuthenticationClient {
     }
 
     /// Clear the current token (e.g., after receiving 401)
+    #[allow(dead_code)]
     pub async fn clear_token(&self) {
         let mut token_guard = self.session_token.lock().await;
         *token_guard = None;
         debug!("Authentication token cleared");
     }
 
     /// Perform the complete authentication flow
+    #[allow(dead_code)]
     async fn authenticate(&self) -> Result<String> {
         info!(
             "Starting authentication flow for agent: {}",
@@ -218,6 +229,7 @@ impl AuthenticationClient {
     }
 
     /// Internal authentication implementation
+    #[allow(dead_code)]
     async fn do_authenticate(&self) -> Result<String> {
         // Step 1: Request challenge
         debug!("Step 1: Requesting challenge from verifier");
@@ -240,6 +252,7 @@ impl AuthenticationClient {
     }
 
     /// Step 1: Request challenge from verifier
+    #[allow(dead_code)]
     async fn request_challenge(&self) -> Result<SessionResponse> {
         let session_request = SessionRequest {
             data: SessionRequestData {
@@ -287,6 +300,7 @@ impl AuthenticationClient {
     }
 
     /// Step 2: Generate TPM proof of possession
+    #[allow(dead_code)]
     fn generate_tpm_proof(
         &self,
         challenge_response: &SessionResponse,
@@ -311,6 +325,7 @@ impl AuthenticationClient {
     }
 
     /// Step 3: Submit proof and get authentication result
+    #[allow(dead_code)]
     async fn submit_proof(
         &self,
         session_id: u64,
@@ -372,6 +387,7 @@ impl AuthenticationClient {
     }
 
     /// Step 4: Process authentication result and store token
+    #[allow(dead_code)]
     async fn process_auth_result(
         &self,
         auth_response: SessionIdResponse,
@@ -412,6 +428,7 @@ impl AuthenticationClient {
     }
 
     /// Make an authenticated HTTP request (convenience method for testing)
+    #[allow(dead_code)]
     pub async fn make_authenticated_request(
         &self,
         method: Method,
@@ -460,7 +477,7 @@ mod tests {
             max_auth_retries: 2,
         };
 
-        AuthenticationClient::new(config).unwrap()
+        AuthenticationClient::new(config).unwrap() //#[allow_ci]
     }
 
     #[tokio::test]
@@ -532,14 +549,14 @@ mod tests {
         let client = create_test_client(&mock_server.uri()).await;
 
         // Test authentication
-        let token = client.get_auth_token().await.unwrap();
+        let token = client.get_auth_token().await.unwrap(); //#[allow_ci]
         assert_eq!(token, "test-token-456");
 
         // Test that token is cached
         assert!(client.has_valid_token().await);
 
         // Test that subsequent calls use cached token
-        let token2 = client.get_auth_token().await.unwrap();
+        let token2 = client.get_auth_token().await.unwrap(); //#[allow_ci]
         assert_eq!(token2, "test-token-456");
     }
 
@@ -610,7 +627,7 @@ mod tests {
         let result = client.get_auth_token().await;
         assert!(result.is_err());
         assert!(result
-            .unwrap_err()
+            .unwrap_err() //#[allow_ci]
             .to_string()
             .contains("Authentication failed"));
     }
@@ -691,11 +708,11 @@ mod tests {
             max_auth_retries: 2,
         };
 
-        let client = AuthenticationClient::new(config).unwrap();
+        let client = AuthenticationClient::new(config).unwrap(); //#[allow_ci]
 
         // Since token expires in 1 minute but we have 5 minute buffer,
         // it should be considered invalid and trigger re-authentication
-        let token = client.get_auth_token().await.unwrap();
+        let token = client.get_auth_token().await.unwrap(); //#[allow_ci]
         assert_eq!(token, "short-lived-token");
 
         // Check that token is considered invalid due to buffer

keylime-push-model-agent/src/context_info_handler.rs

@@ -98,7 +98,7 @@ mod tests {
         let context_res = get_context_info(AVOID_TPM);
         assert!(context_res.is_ok());
         assert!(
-            context_res.unwrap().is_none(),
+            context_res.unwrap().is_none(), //#[allow_ci]
             "Context should be None when TPM is avoided"
         );
     }

keylime-push-model-agent/src/registration.rs

@@ -12,7 +12,7 @@ pub async fn check_registration(
     context_info: Option<context_info::ContextInfo>,
 ) -> Result<()> {
     if context_info.is_some() {
-        crate::registration::register_agent(&mut context_info.unwrap())
+        crate::registration::register_agent(&mut context_info.unwrap()) //#[allow_ci]
             .await?;
     }
     Ok(())