Add complete rust-payjoin src mutation coverage

This pr adds complete mutation coverage onto the payjoin crate within
rust-payjoin.

We did discover an outstanding mutant that we still want to explore more
as to whether we should modify the source code or keep the behavior as
is in #948.

Author: benalleng

.cargo/mutants.toml

@@ -1,15 +1,12 @@
 additional_cargo_args = ["--all-features"]
 gitignore = true
 examine_globs = [
-	"payjoin/src/core/ohttp.rs", 
-	"payjoin/src/core/uri/*.rs", 
-	"payjoin/src/core/receive/**/*.rs", 
-	"payjoin/src/core/send/**/*.rs"
+	"payjoin/src/**/*.rs"
+]
+exclude_globs = [
 ]
-exclude_globs = []
 exclude_re = [
-	"impl Debug",
-	"impl Display",
+	"impl (fmt::)?(Debug|Display)",
 	"deserialize",
 	"Iterator",
 	".*Error",
@@ -41,4 +38,5 @@ exclude_re = [
 	"replace > with >= in WantsInputs::avoid_uih", # This mutation I am unsure about whether or not it is a trivial mutant and have not decided on how the best way to approach testing it is
 	# payjoin/src/core/send/mod.rs
 	"replace match guard proposed_txout.script_pubkey == original_output.script_pubkey with true in PsbtContext::check_outputs", # This non-deterministic mutation has a possible test to catch it
+	"replace == with != in Receiver<Initialized>::unchecked_from_payload", #This mutant is something we intend to address in issue #948
 ]

payjoin-cli/src/app/v1.rs

@@ -147,7 +147,7 @@ impl App {
             "Listening at {}. Configured to accept payjoin at BIP 21 Payjoin Uri:",
             listener.local_addr()?
         );
-        println!("{}", pj_uri_string);
+        println!("{pj_uri_string}");
 
         let app = self.clone();
 

payjoin/src/core/hpke.rs

@@ -1,5 +1,6 @@
+use core::fmt;
+use std::error;
 use std::ops::Deref;
-use std::{error, fmt};
 
 use bitcoin::key::constants::{ELLSWIFT_ENCODING_SIZE, PUBLIC_KEY_SIZE};
 use bitcoin::secp256k1;
@@ -88,7 +89,7 @@ impl Deref for HpkeSecretKey {
     fn deref(&self) -> &Self::Target { &self.0 }
 }
 
-impl core::fmt::Debug for HpkeSecretKey {
+impl fmt::Debug for HpkeSecretKey {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         write!(f, "SecpHpkeSecretKey([REDACTED])")
     }
@@ -140,7 +141,7 @@ impl Deref for HpkePublicKey {
     fn deref(&self) -> &Self::Target { &self.0 }
 }
 
-impl core::fmt::Debug for HpkePublicKey {
+impl fmt::Debug for HpkePublicKey {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         write!(f, "SecpHpkePublicKey({:?})", self.0)
     }

payjoin/src/core/into_url.rs

@@ -111,4 +111,27 @@ mod tests {
         let err = "blob:https://example.com".into_url().unwrap_err();
         assert_eq!(err.to_string(), "URL scheme is not allowed");
     }
+
+    #[test]
+    fn into_url_conversions() {
+        let input = "http://localhost/";
+        let url = Url::parse(input).unwrap();
+
+        let url_ref = &url;
+        assert_eq!(url_ref.as_str(), url.as_ref());
+        assert_eq!(IntoUrlSealed::as_str(url_ref), url.as_ref());
+        assert_eq!(IntoUrlSealed::as_str(&url_ref), url.as_ref());
+
+        let url_str: &str = input;
+        assert_eq!(url_str, url.as_ref());
+        assert_eq!(IntoUrlSealed::as_str(&url_str), url.as_ref());
+
+        let url_string: String = input.to_string();
+        assert_eq!(url_string, url.as_ref());
+        assert_eq!(IntoUrlSealed::as_str(&url_string), url.as_ref());
+
+        let url_string_ref: &String = &input.to_string();
+        assert_eq!(url_string_ref, url.as_ref());
+        assert_eq!(IntoUrlSealed::as_str(&url_string_ref), url.as_ref());
+    }
 }

payjoin/src/core/persist.rs

@@ -1,3 +1,4 @@
+use std::fmt;
 /// Handles cases where the transition either succeeds with a final result that ends the session, or hits a static condition and stays in the same state.
 /// State transition may also be a fatal error or transient error.
 pub struct MaybeSuccessTransitionWithNoResults<Event, SuccessValue, CurrentState, Err>(
@@ -263,7 +264,7 @@ pub struct RejectTransient<Err>(pub(crate) Err);
 /// The wrapper contains the error and should be returned to the caller.
 pub struct RejectBadInitInputs<Err>(Err);
 
-impl<Err: std::error::Error> std::fmt::Display for RejectTransient<Err> {
+impl<Err: std::error::Error> fmt::Display for RejectTransient<Err> {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         let RejectTransient(err) = self;
         write!(f, "{err}")
@@ -327,7 +328,7 @@ impl<ApiError: std::error::Error, StorageError: std::error::Error> std::error::E
 {
 }
 
-impl<ApiError: std::error::Error, StorageError: std::error::Error> std::fmt::Display
+impl<ApiError: std::error::Error, StorageError: std::error::Error> fmt::Display
     for PersistedError<ApiError, StorageError>
 {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
@@ -687,7 +688,7 @@ mod tests {
 
     impl std::error::Error for InMemoryTestError {}
 
-    impl std::fmt::Display for InMemoryTestError {
+    impl fmt::Display for InMemoryTestError {
         fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
             write!(f, "InMemoryTestError")
         }

payjoin/src/core/psbt/mod.rs

@@ -404,3 +404,121 @@ impl std::error::Error for InputWeightError {
 impl From<AddressTypeError> for InputWeightError {
     fn from(value: AddressTypeError) -> Self { Self::AddressType(value) }
 }
+
+#[cfg(test)]
+mod test {
+    use bitcoin::{Psbt, ScriptBuf, Transaction};
+    use payjoin_test_utils::PARSED_ORIGINAL_PSBT;
+
+    use crate::psbt::{InputWeightError, InternalInputPair, InternalPsbtInputError, PsbtExt};
+
+    #[test]
+    fn validate_input_utxos() {
+        let psbt: Psbt = PARSED_ORIGINAL_PSBT.clone();
+        let validated_pairs = psbt.validate_input_utxos();
+        assert!(validated_pairs.is_ok());
+    }
+
+    #[test]
+    fn input_pairs_validate_witness_utxo() {
+        let psbt: Psbt = PARSED_ORIGINAL_PSBT.clone();
+        let txin = &psbt.unsigned_tx.input[0];
+        let psbtin = &psbt.inputs[0];
+
+        let pair: InternalInputPair = InternalInputPair { txin, psbtin };
+        assert!(pair.validate_utxo().is_ok());
+    }
+
+    #[test]
+    fn input_pairs_validate_non_witness_utxo() {
+        // This test checks each variation of the validate_utxo match block with no
+        // non_witness_utxo
+        let psbt: Psbt = PARSED_ORIGINAL_PSBT.clone();
+        let raw_tx = "010000000001015721029046ec1840d5bc8f4e59ae8ac4b576191d5e7994c8d1c44ddeaffc176c0300000000fdffffff018e8d00000000000017a9144a87748bc7bcfee8290e36700eeca3112f53ecbe870140239d1975e0fc9b8345bce9a170a0224cf8eb327bfcaccf0f8b9434d17345579e4dcbb68f7be39eac7987dfaa08293b11fdc76ac28e26bd85e99a46b69675418100000000";
+
+        let mut txin = psbt.unsigned_tx.input[0].clone();
+        let mut psbtin = psbt.inputs[0].clone();
+
+        let transaction: Transaction = bitcoin::consensus::encode::deserialize_hex(raw_tx).unwrap();
+        psbtin.non_witness_utxo = Some(transaction.clone());
+        psbtin.witness_utxo = None;
+        txin.previous_output.txid = transaction.compute_txid();
+
+        let pair: InternalInputPair = InternalInputPair { txin: &txin, psbtin: &psbtin };
+        assert!(pair.validate_utxo().is_ok());
+    }
+
+    #[test]
+    fn input_pairs_unequal_txid() {
+        // This test checks each variation of the validate_utxo match block where is it expected to
+        // return an unequal_txid error
+        let psbt: Psbt = PARSED_ORIGINAL_PSBT.clone();
+        let raw_tx = "010000000001015721029046ec1840d5bc8f4e59ae8ac4b576191d5e7994c8d1c44ddeaffc176c0300000000fdffffff018e8d00000000000017a9144a87748bc7bcfee8290e36700eeca3112f53ecbe870140239d1975e0fc9b8345bce9a170a0224cf8eb327bfcaccf0f8b9434d17345579e4dcbb68f7be39eac7987dfaa08293b11fdc76ac28e26bd85e99a46b69675418100000000";
+
+        let txin = &psbt.unsigned_tx.input[0];
+        let mut psbtin = psbt.inputs[0].clone();
+
+        let transaction: Transaction = bitcoin::consensus::encode::deserialize_hex(raw_tx).unwrap();
+        psbtin.non_witness_utxo = Some(transaction);
+
+        let pair: InternalInputPair = InternalInputPair { txin, psbtin: &psbtin };
+        let validated_utxo = pair.validate_utxo();
+        assert_eq!(validated_utxo.unwrap_err(), InternalPsbtInputError::UnequalTxid);
+
+        let txin = &psbt.unsigned_tx.input[0];
+        let mut psbtin = psbt.inputs[0].clone();
+
+        let transaction: Transaction = bitcoin::consensus::encode::deserialize_hex(raw_tx).unwrap();
+        psbtin.non_witness_utxo = Some(transaction);
+        psbtin.witness_utxo = None;
+
+        let pair: InternalInputPair = InternalInputPair { txin, psbtin: &psbtin };
+        let validated_utxo = pair.validate_utxo();
+        assert_eq!(validated_utxo.unwrap_err(), InternalPsbtInputError::UnequalTxid);
+    }
+
+    #[test]
+    fn input_pairs_txout_mismatch() {
+        let psbt: Psbt = PARSED_ORIGINAL_PSBT.clone();
+        let raw_tx = "010000000001015721029046ec1840d5bc8f4e59ae8ac4b576191d5e7994c8d1c44ddeaffc176c0300000000fdffffff018e8d00000000000017a9144a87748bc7bcfee8290e36700eeca3112f53ecbe870140239d1975e0fc9b8345bce9a170a0224cf8eb327bfcaccf0f8b9434d17345579e4dcbb68f7be39eac7987dfaa08293b11fdc76ac28e26bd85e99a46b69675418100000000";
+
+        let mut txin = psbt.unsigned_tx.input[0].clone();
+        let mut psbtin = psbt.inputs[0].clone();
+
+        let transaction: Transaction = bitcoin::consensus::encode::deserialize_hex(raw_tx).unwrap();
+        psbtin.non_witness_utxo = Some(transaction.clone());
+        txin.previous_output.txid = transaction.compute_txid();
+
+        let pair: InternalInputPair = InternalInputPair { txin: &txin, psbtin: &psbtin };
+        let validated_utxo = pair.validate_utxo();
+        assert_eq!(validated_utxo.unwrap_err(), InternalPsbtInputError::SegWitTxOutMismatch);
+    }
+
+    #[test]
+    fn expected_input_weight() {
+        let psbt: Psbt = PARSED_ORIGINAL_PSBT.clone();
+        let txin = &psbt.unsigned_tx.input[0];
+        let psbtin = psbt.inputs[0].clone();
+
+        let pair: InternalInputPair = InternalInputPair { txin, psbtin: &psbtin };
+        let weight = pair.expected_input_weight();
+        assert!(weight.is_ok());
+
+        let mut psbtin = psbt.inputs[0].clone();
+        psbtin.final_script_sig = Some(
+            ScriptBuf::from_hex(
+                "22002065f91a53cb7120057db3d378bd0f7d944167d43a7dcbff15d6afc4823f1d3ed3",
+            )
+            .unwrap(),
+        );
+        let pair: InternalInputPair = InternalInputPair { txin, psbtin: &psbtin };
+        let weight = pair.expected_input_weight();
+        assert_eq!(weight.unwrap_err(), InputWeightError::NotSupported);
+
+        let mut psbtin = psbt.inputs[0].clone();
+        psbtin.final_script_sig = None;
+        let pair: InternalInputPair = InternalInputPair { txin, psbtin: &psbtin };
+        let weight = pair.expected_input_weight();
+        assert_eq!(weight.unwrap_err(), InputWeightError::NoRedeemScript)
+    }
+}

payjoin/src/core/send/mod.rs

@@ -730,16 +730,19 @@ impl V1Context {
 
 #[cfg(test)]
 mod test {
+    use std::collections::BTreeMap;
     use std::str::FromStr;
 
     use bitcoin::absolute::LockTime;
-    use bitcoin::bip32::{DerivationPath, Fingerprint};
+    use bitcoin::bip32::{self, DerivationPath, Fingerprint};
     use bitcoin::ecdsa::Signature;
     use bitcoin::hex::FromHex;
+    use bitcoin::psbt::raw::ProprietaryKey;
     use bitcoin::secp256k1::{Message, PublicKey, Secp256k1, SecretKey, SECP256K1};
     use bitcoin::taproot::TaprootBuilder;
     use bitcoin::{
-        Amount, FeeRate, OutPoint, Script, ScriptBuf, Sequence, Witness, XOnlyPublicKey,
+        psbt, Amount, FeeRate, NetworkKind, OutPoint, Script, ScriptBuf, Sequence, Witness,
+        XOnlyPublicKey,
     };
     use payjoin_test_utils::{
         BoxError, PARSED_ORIGINAL_PSBT, PARSED_PAYJOIN_PROPOSAL,
@@ -1092,16 +1095,41 @@ mod test {
         assert!(!proposal.inputs[0].bip32_derivation.is_empty());
         assert!(proposal.outputs[0].tap_internal_key.is_some());
         assert!(!proposal.outputs[0].bip32_derivation.is_empty());
-        let psbt_ctx = PsbtContextBuilder::new(proposal.clone(), payee, None)
+        let mut psbt_ctx = PsbtContextBuilder::new(proposal.clone(), payee, None)
             .build(OutputSubstitution::Disabled)?;
 
+        let mut map = BTreeMap::new();
+        let secp = Secp256k1::new();
+        let seed = Vec::<u8>::from_hex("BEEFCAFE").unwrap();
+        let xpriv = bip32::Xpriv::new_master(NetworkKind::Main, &seed).unwrap();
+        let xpub: bip32::Xpub = bip32::Xpub::from_priv(&secp, &xpriv);
+        let value = (xpriv.fingerprint(&secp), DerivationPath::from_str("42'").unwrap());
+        map.insert(xpub, value);
+        psbt_ctx.original_psbt.xpub = map;
+
+        let mut map = BTreeMap::new();
+        let proprietary_key =
+            ProprietaryKey { prefix: b"mock_prefix".to_vec(), subtype: 0x00, key: vec![] };
+        let value = FromHex::from_hex("BEEFCAFE").unwrap();
+        map.insert(proprietary_key, value);
+        psbt_ctx.original_psbt.proprietary = map;
+
+        let mut map = BTreeMap::new();
+        let unknown_key: psbt::raw::Key = psbt::raw::Key { type_value: 0x00, key: vec![] };
+        let value = FromHex::from_hex("BEEFCAFE").unwrap();
+        map.insert(unknown_key, value);
+        psbt_ctx.original_psbt.unknown = map;
+
         let body = create_v1_post_request(Url::from_str("HTTPS://EXAMPLE.COM/")?, psbt_ctx).0.body;
         let res_str = std::str::from_utf8(&body)?;
         let proposal = Psbt::from_str(res_str)?;
         assert!(proposal.inputs[0].tap_internal_key.is_none());
         assert!(proposal.inputs[0].bip32_derivation.is_empty());
         assert!(proposal.outputs[0].tap_internal_key.is_none());
         assert!(proposal.outputs[0].bip32_derivation.is_empty());
+        assert!(proposal.xpub.is_empty());
+        assert!(proposal.proprietary.is_empty());
+        assert!(proposal.unknown.is_empty());
         Ok(())
     }
 

payjoin/src/core/send/v1.rs

@@ -393,6 +393,11 @@ mod test {
         }
     }
 
+    #[test]
+    fn test_max_content_length() {
+        assert_eq!(MAX_CONTENT_LENGTH, 4_000_000 * 4 / 3);
+    }
+
     #[test]
     fn test_non_witness_input_weight_const() {
         assert_eq!(NON_WITNESS_INPUT_WEIGHT, bitcoin::Weight::from_wu(160));

payjoin/src/directory.rs

@@ -69,3 +69,15 @@ impl std::str::FromStr for ShortId {
         (&bytes[..]).try_into()
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use crate::uri::ShortId;
+
+    #[test]
+    fn short_id_conversion() {
+        let short_id = ShortId([0; 8]);
+        assert_eq!(short_id.as_bytes(), short_id.0);
+        assert_eq!(short_id.as_slice(), short_id.0);
+    }
+}