test(pgp): cover tempfile writers, untested CorruptPem arms, and clone identity#739
Conversation
…e identity Adds 14 tests in `crates/uselesskey-pgp/tests/writers_and_negative_variants.rs` that close real coverage gaps in `uselesskey-pgp`: - `write_private_key_armored` / `write_public_key_armored` tempfile sinks: ext, on-disk presence, contents byte-equal the armored accessor, and the two writers produce distinct paths. These Result-returning APIs were never exercised before. - `CorruptPem::BadFooter`, `Truncate`, and `ExtraBlankLine` strategies via the PGP wrapper. The pre-existing tests only touched `BadBase64` and `BadHeader`. - `private_key_armored_corrupt_deterministic` and `private_key_binary_corrupt_deterministic` produce at least two distinct outputs as the variant string changes; previously only stability for a single variant was checked. - `private_key_binary_truncated(0)` returns an empty buffer that the PGP parser rejects, and a `len` larger than the original returns the original bytes verbatim (saturating semantics). - `mismatched_public_key_binary` / `_armored` are cache-stable per identity and differ per label; the RSA-2048 mismatch parses as a valid public key whose fingerprint differs from the issuer (mismatch path was only tested for Ed25519 before). - `Clone` on `PgpKeyPair` shares the `Arc<Inner>` so accessor pointers are identical without re-deriving. No production code changes. All Result paths use `match` / `let else` plus `assert!` on `is_ok()`; no `unwrap`/`expect`/`panic!` are introduced, so the no-panic-family ledger is unaffected. https://claude.ai/code/session_0116SGvHnLaoXXd6wz2U9SvM
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
Summary
Adds 14 tests in
crates/uselesskey-pgp/tests/writers_and_negative_variants.rsthat close real coverage gaps in the
uselesskey-pgpcrate. Production codeis untouched.
Coverage closed
write_private_key_armored/write_public_key_armoredwere never exercised. The new tests verify on-disk presence, the
.ascextension, contents byte-equality with the armored accessors, and that the
two writers produce distinct paths.
CorruptPemarmsBadFooter,Truncate,ExtraBlankLine: onlyBadHeaderandBadBase64had been wired through the PGP wrapper.checked stability for a single variant. New tests cycle through 6-8 variants
and assert at least two shape-distinct outputs for both armored and binary
corruption helpers.
private_key_binary_truncatedboundaries:len = 0yields an emptyparser-rejected buffer;
lenbeyond the original returns the full inputverbatim (saturating semantics).
mismatched_public_key_*is cache-stableper identity and differs per label. RSA-2048 mismatch is now parsed and
fingerprint-compared (this path was only exercised for Ed25519 before).
ClonesharesArc<Inner>: clonedPgpKeyPairaccessors returnpointer-identical buffers, confirming clones do not re-derive.
Safety / policy
unwrap/expect/panic!/todo!/unimplemented!/unreachable!in the new file —
cargo xtask check-no-panic-familydoes not add new debtfor
uselesskey-pgp. (The 3 unrelated new-debt sites flagged by xtaskpredate this branch and live in
uselesskey-x509.)Resultpaths usematch/let elseplusassert!(result.is_ok(), ...),matching the pattern from PRs test(ssh): cover host certs, accessors, debug redaction, and stable_bytes deltas #695-test(hmac): cover label/spec/kid accessors and jwk use field across all specs #700.
Test plan
cargo test -p uselesskey-pgp(all targets, including the new testfile with 14 / 14 passing)
cargo clippy -p uselesskey-pgp --all-targets -- -D warningscleancargo xtask check-no-panic-familydoes not flag the new filehttps://claude.ai/code/session_0116SGvHnLaoXXd6wz2U9SvM
Generated by Claude Code