Add unwrap/panic detection for Push Model files

keylime-push-model-agent/src/attestation.rs

@@ -264,17 +264,17 @@ mod tests {
         let mut config = create_test_config(&uri, "", "", "");
         config.max_retries = 3; // Allow up to 3 retries
 
-        let client = AttestationClient::new(&config).unwrap();
+        let client = AttestationClient::new(&config).unwrap(); //#[allow_ci]
         let result = client.send_negotiation(&config).await;
 
         // The final request should be successful
         assert!(result.is_ok());
-        let response = result.unwrap();
+        let response = result.unwrap(); //#[allow_ci]
         assert_eq!(response.status_code, StatusCode::CREATED);
 
         // The server should have received 3 requests in total (2 failures + 1 success)
         let received_requests =
-            mock_server.received_requests().await.unwrap();
+            mock_server.received_requests().await.unwrap(); //#[allow_ci]
         assert_eq!(received_requests.len(), 3);
     }
 
@@ -283,12 +283,12 @@ mod tests {
         let negotiation_config =
             create_test_config("http://127.0.0.1:9999/test", "", "", "");
 
-        let client = AttestationClient::new(&negotiation_config).unwrap();
+        let client = AttestationClient::new(&negotiation_config).unwrap(); //#[allow_ci]
         let result =
             client.send_negotiation(&negotiation_config.clone()).await;
 
         assert!(result.is_err());
-        let err_msg = result.unwrap_err().to_string();
+        let err_msg = result.unwrap_err().to_string(); //#[allow_ci]
         assert!(err_msg.contains("error sending request"));
     }
 
@@ -304,32 +304,32 @@ mod tests {
         let client_result = AttestationClient::new(&config);
 
         assert!(client_result.is_err());
-        let err_msg = client_result.unwrap_err().to_string();
+        let err_msg = client_result.unwrap_err().to_string(); //#[allow_ci]
         assert!(err_msg.contains("Failed to open"));
     }
 
     #[actix_rt::test]
     async fn test_send_negotiation_bad_certs() {
-        let temp_dir = tempdir().unwrap();
+        let temp_dir = tempdir().unwrap(); //#[allow_ci]
         let ca_path = temp_dir.path().join("ca.pem");
         let cert_path = temp_dir.path().join("cert.pem");
         let key_path = temp_dir.path().join("key.pem");
 
-        File::create(&ca_path).unwrap();
-        File::create(&cert_path).unwrap();
-        File::create(&key_path).unwrap();
+        File::create(&ca_path).unwrap(); //#[allow_ci]
+        File::create(&cert_path).unwrap(); //#[allow_ci]
+        File::create(&key_path).unwrap(); //#[allow_ci]
 
         let config = create_test_config(
             "https://1.2.3.4:9999/test",
-            ca_path.to_str().unwrap(),
-            cert_path.to_str().unwrap(),
-            key_path.to_str().unwrap(),
+            ca_path.to_str().unwrap(),   //#[allow_ci]
+            cert_path.to_str().unwrap(), //#[allow_ci]
+            key_path.to_str().unwrap(),  //#[allow_ci]
         );
 
         let client_result = AttestationClient::new(&config);
 
         assert!(client_result.is_err());
-        let err_msg = client_result.unwrap_err().to_string();
+        let err_msg = client_result.unwrap_err().to_string(); //#[allow_ci]
         assert!(err_msg.to_lowercase().contains("certificate"));
     }
 
@@ -344,15 +344,15 @@ mod tests {
             "", "", "",
         );
 
-        let client = AttestationClient::new(&config).unwrap();
+        let client = AttestationClient::new(&config).unwrap(); //#[allow_ci]
         let result = client.send_negotiation(&config).await;
 
         assert!(
             result.is_ok(),
             "Request to mockoon failed: {:?}",
             result.err()
         );
-        let response_info = result.unwrap();
+        let response_info = result.unwrap(); //#[allow_ci]
         assert_eq!(
             response_info.status_code,
             StatusCode::CREATED,
@@ -365,7 +365,7 @@ mod tests {
     #[actix_rt::test]
     async fn test_handle_evidence_submission_no_location_header() {
         let config = create_test_config("http://localhost:3000", "", "", "");
-        let client = AttestationClient::new(&config).unwrap();
+        let client = AttestationClient::new(&config).unwrap(); //#[allow_ci]
 
         // Create a response with no Location header
         let neg_response = ResponseInformation {
@@ -380,7 +380,7 @@ mod tests {
 
         assert!(result.is_err());
         assert!(result
-            .unwrap_err()
+            .unwrap_err() //#[allow_ci]
             .to_string()
             .contains("missing 'Location' header"));
     }
@@ -408,19 +408,19 @@ mod tests {
         let config = create_test_config(&uri, "", "", "");
 
         // Create the client
-        let client = AttestationClient::new(&config).unwrap();
+        let client = AttestationClient::new(&config).unwrap(); //#[allow_ci]
 
         let result =
             client.send_evidence(single_serialized_body, &config).await;
 
         // Assertions
         assert!(result.is_ok(), "send_evidence should succeed");
-        let response = result.unwrap();
+        let response = result.unwrap(); //#[allow_ci]
         assert_eq!(response.status_code, StatusCode::ACCEPTED);
 
         // Verify that the mock server received exactly one request.
         let received_requests =
-            mock_server.received_requests().await.unwrap();
+            mock_server.received_requests().await.unwrap(); //#[allow_ci]
         assert_eq!(received_requests.len(), 1);
     }
 }

keylime-push-model-agent/src/auth.rs

@@ -460,7 +460,7 @@ mod tests {
             max_auth_retries: 2,
         };
 
-        AuthenticationClient::new(config).unwrap()
+        AuthenticationClient::new(config).unwrap() //#[allow_ci]
     }
 
     #[tokio::test]
@@ -532,14 +532,14 @@ mod tests {
         let client = create_test_client(&mock_server.uri()).await;
 
         // Test authentication
-        let token = client.get_auth_token().await.unwrap();
+        let token = client.get_auth_token().await.unwrap(); //#[allow_ci]
         assert_eq!(token, "test-token-456");
 
         // Test that token is cached
         assert!(client.has_valid_token().await);
 
         // Test that subsequent calls use cached token
-        let token2 = client.get_auth_token().await.unwrap();
+        let token2 = client.get_auth_token().await.unwrap(); //#[allow_ci]
         assert_eq!(token2, "test-token-456");
     }
 
@@ -610,7 +610,7 @@ mod tests {
         let result = client.get_auth_token().await;
         assert!(result.is_err());
         assert!(result
-            .unwrap_err()
+            .unwrap_err() //#[allow_ci]
             .to_string()
             .contains("Authentication failed"));
     }
@@ -691,11 +691,11 @@ mod tests {
             max_auth_retries: 2,
         };
 
-        let client = AuthenticationClient::new(config).unwrap();
+        let client = AuthenticationClient::new(config).unwrap(); //#[allow_ci]
 
         // Since token expires in 1 minute but we have 5 minute buffer,
         // it should be considered invalid and trigger re-authentication
-        let token = client.get_auth_token().await.unwrap();
+        let token = client.get_auth_token().await.unwrap(); //#[allow_ci]
         assert_eq!(token, "short-lived-token");
 
         // Check that token is considered invalid due to buffer

keylime-push-model-agent/src/context_info_handler.rs

@@ -98,7 +98,7 @@ mod tests {
         let context_res = get_context_info(AVOID_TPM);
         assert!(context_res.is_ok());
         assert!(
-            context_res.unwrap().is_none(),
+            context_res.unwrap().is_none(), //#[allow_ci]
             "Context should be None when TPM is avoided"
         );
     }

keylime-push-model-agent/src/registration.rs

@@ -12,7 +12,7 @@ pub async fn check_registration(
     context_info: Option<context_info::ContextInfo>,
 ) -> Result<()> {
     if context_info.is_some() {
-        crate::registration::register_agent(&mut context_info.unwrap())
+        crate::registration::register_agent(&mut context_info.unwrap()) //#[allow_ci]
             .await?;
     }
     Ok(())

keylime-push-model-agent/src/response_handler.rs

@@ -287,7 +287,7 @@ mod tests {
     fn test_process_negotiation_response_with_all_evidence_types() {
         let result = process_negotiation_response(VALID_RESPONSE_BODY);
         assert!(result.is_ok(), "Parsing a valid response should succeed");
-        let evidence_requests = result.unwrap();
+        let evidence_requests = result.unwrap(); //#[allow_ci]
 
         assert_eq!(evidence_requests.len(), 3);
 
@@ -303,20 +303,20 @@ mod tests {
             assert_eq!(signature_scheme, "rsassa");
             assert_eq!(hash_algorithm, "sha384");
             let empty_sha1: Vec<u32> = vec![];
-            assert_eq!(selected_subjects.get("sha1").unwrap(), &empty_sha1);
+            assert_eq!(selected_subjects.get("sha1").unwrap(), &empty_sha1); //#[allow_ci]
             assert_eq!(
-                selected_subjects.get("sha256").unwrap(),
+                selected_subjects.get("sha256").unwrap(), //#[allow_ci]
                 &vec![0, 1, 2, 3, 4, 5, 6]
             );
         } else {
-            panic!("Expected TpmQuote request");
+            panic!("Expected TpmQuote request"); //#[allow_ci]
         }
 
         // Check UefiLog request
         if let EvidenceRequest::UefiLog { .. } = &evidence_requests[1] {
             // UefiLog request found
         } else {
-            panic!("Expected UefiLog request");
+            panic!("Expected UefiLog request"); //#[allow_ci]
         }
 
         // Check ImaLog request
@@ -329,7 +329,7 @@ mod tests {
             assert_eq!(*starting_offset, Some(3925));
             assert_eq!(*entry_count, Some(100));
         } else {
-            panic!("Expected ImaLog request");
+            panic!("Expected ImaLog request"); //#[allow_ci]
         }
     }
 
@@ -338,7 +338,7 @@ mod tests {
         // Test with only TPM quote - should succeed
         let result = process_negotiation_response(RESPONSE_ONLY_TPM_QUOTE);
         assert!(result.is_ok());
-        let evidence_requests = result.unwrap();
+        let evidence_requests = result.unwrap(); //#[allow_ci]
         assert_eq!(evidence_requests.len(), 1);
         assert!(matches!(
             evidence_requests[0],
@@ -348,7 +348,7 @@ mod tests {
         // Test with only IMA log - should succeed
         let result = process_negotiation_response(RESPONSE_ONLY_IMA_LOG);
         assert!(result.is_ok());
-        let evidence_requests = result.unwrap();
+        let evidence_requests = result.unwrap(); //#[allow_ci]
         assert_eq!(evidence_requests.len(), 1);
         assert!(matches!(
             evidence_requests[0],
@@ -358,7 +358,7 @@ mod tests {
         // Test with only UEFI log - should succeed
         let result = process_negotiation_response(RESPONSE_ONLY_UEFI_LOG);
         assert!(result.is_ok());
-        let evidence_requests = result.unwrap();
+        let evidence_requests = result.unwrap(); //#[allow_ci]
         assert_eq!(evidence_requests.len(), 1);
         assert!(matches!(
             evidence_requests[0],
@@ -390,7 +390,7 @@ mod tests {
     fn test_set_evidence_log_paths() {
         let result = process_negotiation_response(VALID_RESPONSE_BODY);
         assert!(result.is_ok());
-        let mut evidence_requests = result.unwrap();
+        let mut evidence_requests = result.unwrap(); //#[allow_ci]
 
         // Initially, log paths should be None
         for request in &evidence_requests {
@@ -417,13 +417,13 @@ mod tests {
             match request {
                 EvidenceRequest::ImaLog { log_path, .. } => {
                     assert_eq!(
-                        log_path.as_ref().unwrap(),
+                        log_path.as_ref().unwrap(), //#[allow_ci]
                         "/path/to/ima.log"
                     );
                 }
                 EvidenceRequest::UefiLog { log_path, .. } => {
                     assert_eq!(
-                        log_path.as_ref().unwrap(),
+                        log_path.as_ref().unwrap(), //#[allow_ci]
                         "/path/to/uefi.log"
                     );
                 }
@@ -441,7 +441,7 @@ mod tests {
         );
 
         assert!(evidence_requests.is_ok());
-        let requests = evidence_requests.unwrap();
+        let requests = evidence_requests.unwrap(); //#[allow_ci]
         assert_eq!(requests.len(), 3);
 
         // Verify the TPM quote request
@@ -456,14 +456,14 @@ mod tests {
             assert_eq!(signature_scheme, "rsassa");
             assert_eq!(hash_algorithm, "sha384");
         } else {
-            panic!("Expected first request to be TPM quote");
+            panic!("Expected first request to be TPM quote"); //#[allow_ci]
         }
 
         // Verify the UEFI log request has the path set
         if let EvidenceRequest::UefiLog { log_path, .. } = &requests[1] {
-            assert_eq!(log_path.as_ref().unwrap(), "/path/to/uefi.log");
+            assert_eq!(log_path.as_ref().unwrap(), "/path/to/uefi.log"); //#[allow_ci]
         } else {
-            panic!("Expected second request to be UEFI log");
+            panic!("Expected second request to be UEFI log"); //#[allow_ci]
         }
 
         // Verify the IMA log request has the path set
@@ -473,10 +473,10 @@ mod tests {
             ..
         } = &requests[2]
         {
-            assert_eq!(log_path.as_ref().unwrap(), "/path/to/ima.log");
+            assert_eq!(log_path.as_ref().unwrap(), "/path/to/ima.log"); //#[allow_ci]
             assert_eq!(*starting_offset, Some(3925));
         } else {
-            panic!("Expected third request to be IMA log");
+            panic!("Expected third request to be IMA log"); //#[allow_ci]
         }
     }
 }