chore(pedm): clippy fixes (#1354)

This fixes most but not all of the Clippy lints.

Author: allan2

crates/devolutions-pedm/src/api/launch.rs

@@ -1,10 +1,8 @@
 use std::path::{Path, PathBuf};
-use std::sync::Arc;
 
 use aide::NoApi;
 use axum::extract::State;
 use axum::{Extension, Json};
-use parking_lot::RwLock;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 use tracing::info;
@@ -20,10 +18,8 @@ use win_api_wrappers::token::Token;
 use win_api_wrappers::utils::{environment_block, expand_environment_path, CommandLine, WideString};
 
 use crate::api::state::AppState;
-use crate::db::DbHandle;
 use crate::elevator;
 use crate::error::Error;
-use crate::policy::Policy;
 
 use super::NamedPipeConnectInfo;
 

crates/devolutions-pedm/src/api/log.rs

@@ -14,12 +14,10 @@ async fn get_jit_elevation_log_id(
     NoApi(State(_state)): NoApi<State<AppState>>,
     NoApi(Db(db)): NoApi<Db>,
 ) -> Result<Json<JitElevationLogRow>, Error> {
-    let row = db.get_jit_elevation_log(id.id).await?.ok_or_else(|| Error::NotFound)?;
+    let row = db.get_jit_elevation_log(id.id).await?.ok_or(Error::NotFound)?;
 
-    if row.user.as_ref().map_or(true, |u| u != &named_pipe_info.user) {
-        if !named_pipe_info.token.is_elevated()? {
-            return Err(Error::AccessDenied);
-        }
+    if row.user.as_ref().map_or(true, |u| u != &named_pipe_info.user) && !named_pipe_info.token.is_elevated()? {
+        return Err(Error::AccessDenied);
     }
 
     Ok(Json(row))
@@ -31,10 +29,10 @@ async fn get_jit_elevation_logs(
     NoApi(Db(db)): NoApi<Db>,
     Json(query_options): Json<JitElevationLogQueryOptions>,
 ) -> Result<Json<JitElevationLogPage>, Error> {
-    if query_options.user.as_ref().map_or(true, |u| u != &named_pipe_info.user) {
-        if !named_pipe_info.token.is_elevated()? {
-            return Err(Error::AccessDenied);
-        }
+    if query_options.user.as_ref().map_or(true, |u| u != &named_pipe_info.user)
+        && !named_pipe_info.token.is_elevated()?
+    {
+        return Err(Error::AccessDenied);
     }
 
     let page = db.get_jit_elevation_logs(query_options).await?;

crates/devolutions-pedm/src/api/policy.rs

@@ -88,7 +88,7 @@ struct PathIdParameter {
 }
 
 #[derive(Deserialize, JsonSchema)]
-pub struct PathIntIdPath {
+pub(crate) struct PathIntIdPath {
     pub id: i64,
 }
 
@@ -203,7 +203,7 @@ async fn get_users(
     let mut users = db.get_users().await?;
 
     if !named_pipe_info.token.is_elevated()? {
-        users = users.into_iter().filter(|u| u == &named_pipe_info.user).collect();
+        users.retain(|u| u == &named_pipe_info.user);
     }
 
     Ok(Json(users))

crates/devolutions-pedm/src/db/err.rs

@@ -153,4 +153,4 @@ impl fmt::Display for InvalidEnumError {
     }
 }
 
-impl std::error::Error for InvalidEnumError {}
+impl Error for InvalidEnumError {}

crates/devolutions-pedm/src/db/libsql.rs

@@ -37,9 +37,9 @@ impl LibsqlConn {
 
         if let Some(row) = rows.next().await? {
             let id: i64 = row.get(0)?;
-            return Ok(Some(id));
+            Ok(Some(id))
         } else {
-            return Ok(None);
+            Ok(None)
         }
     }
 
@@ -271,10 +271,7 @@ impl Database for LibsqlConn {
                             }))
                         }
                     },
-                    signer: match row.get::<Option<String>>(15)? {
-                        Some(issuer) => Some(Signer { issuer }),
-                        None => None,
-                    },
+                    signer: row.get::<Option<String>>(15)?.map(|issuer| Signer { issuer }),
                     certificates: None,
                 }),
                 None => None,
@@ -329,13 +326,15 @@ impl Database for LibsqlConn {
 
         let where_sql = format!(" WHERE {}", where_clauses.join(" AND "));
 
-        let count_sql = format!("SELECT COUNT(*) {}", &base_sql) + &where_sql;
+        let mut count_sql = format!("SELECT COUNT(*) {}", &base_sql);
+        count_sql.push_str(&where_sql);
         let total_records_row = self
             .query_one(&count_sql, libsql::params_from_iter(params.clone()))
             .await?;
         let total_records: i64 = total_records_row.get(0)?;
-        let total_pages =
-            ((total_records + query_options.page_size as i64 - 1) / query_options.page_size as i64) as u32;
+        let total_pages = u32::try_from(
+            (total_records + i64::from(query_options.page_size) - 1) / i64::from(query_options.page_size),
+        )?;
 
         let sort_columns = ["success", "timestamp", "target_path", "target_user_id"];
         let sort_column = if sort_columns.contains(&query_options.sort_column.as_str()) {
@@ -345,12 +344,14 @@ impl Database for LibsqlConn {
         };
         let sort_order = if query_options.sort_descending { "DESC" } else { "ASC" };
 
-        let limit = query_options.page_size as i64;
-        let offset = (query_options.page_number.saturating_sub(1) * query_options.page_size) as i64;
+        let limit = i64::from(query_options.page_size);
+        let offset = i64::from(query_options.page_number.saturating_sub(1) * query_options.page_size);
 
+        base_sql.push_str(&joins);
+        base_sql.push_str(&where_sql);
         let select_sql = format!(
             "SELECT jit.id, jit.timestamp, jit.success, jit.target_path, u_display.account_name, u_display.domain_name, u_display.account_sid, u_display.domain_sid {} ORDER BY jit.{} {} LIMIT ? OFFSET ?",
-            base_sql + &joins + &where_sql,
+            base_sql,
             sort_column,
             sort_order
         );
@@ -379,8 +380,8 @@ impl Database for LibsqlConn {
         }
 
         Ok(JitElevationLogPage {
-            total_pages: total_pages,
-            total_records: total_records as u32,
+            total_pages,
+            total_records: u32::try_from(total_records)?,
             results,
         })
     }

crates/devolutions-pedm/src/db/mod.rs

@@ -271,7 +271,7 @@ pub(crate) struct DbAsyncBridgeTask {
 }
 
 impl DbAsyncBridgeTask {
-    pub fn new(db: Db) -> (DbHandle, Self) {
+    pub(crate) fn new(db: Db) -> (DbHandle, Self) {
         let (tx, rx) = tokio::sync::mpsc::channel(8);
         (DbHandle { tx }, Self { db, rx })
     }

crates/devolutions-pedm/src/log.rs

@@ -18,7 +18,7 @@ pub(crate) struct JitElevationLogQueryOptions {
     pub sort_descending: bool,
 }
 
-#[derive(Serialize, JsonSchema)]
+#[derive(Serialize, JsonSchema, Default)]
 #[serde(rename_all = "PascalCase")]
 pub(crate) struct JitElevationLogRow {
     pub id: i64,
@@ -33,23 +33,6 @@ pub(crate) struct JitElevationLogRow {
     pub user: Option<User>,
 }
 
-impl Default for JitElevationLogRow {
-    fn default() -> JitElevationLogRow {
-        JitElevationLogRow {
-            id: 0,
-            timestamp: 0,
-            success: 0,
-            asker_path: None,
-            target_path: None,
-            target_command_line: None,
-            target_working_directory: None,
-            target_hash: None,
-            target_signature: None,
-            user: None,
-        }
-    }
-}
-
 #[derive(Serialize, JsonSchema)]
 #[serde(rename_all = "PascalCase")]
 pub(crate) struct JitElevationLogPage {

crates/devolutions-pedm/src/policy.rs

@@ -333,10 +333,8 @@ impl Policy {
             .user_current_profile(&request.asker.user)
             .ok_or_else(|| anyhow!(Error::AccessDenied))?;
 
-        if profile.target_must_be_signed {
-            if request.target.signature.status != AuthenticodeSignatureStatus::Valid {
-                bail!(Error::AccessDenied)
-            }
+        if profile.target_must_be_signed && request.target.signature.status != AuthenticodeSignatureStatus::Valid {
+            bail!(Error::AccessDenied)
         }
 
         let elevation_type = profile.default_elevation_kind;
@@ -442,25 +440,23 @@ pub(crate) fn application_from_process(pid: u32) -> anyhow::Result<Application>
 
 pub(crate) fn authenticode_win_to_policy(
     win_status: win_api_wrappers::security::crypt::AuthenticodeSignatureStatus,
-) -> policy::AuthenticodeSignatureStatus {
+) -> AuthenticodeSignatureStatus {
     match win_status {
-        win_api_wrappers::security::crypt::AuthenticodeSignatureStatus::Valid => {
-            policy::AuthenticodeSignatureStatus::Valid
-        }
+        win_api_wrappers::security::crypt::AuthenticodeSignatureStatus::Valid => AuthenticodeSignatureStatus::Valid,
         win_api_wrappers::security::crypt::AuthenticodeSignatureStatus::Incompatible => {
-            policy::AuthenticodeSignatureStatus::Incompatible
+            AuthenticodeSignatureStatus::Incompatible
         }
         win_api_wrappers::security::crypt::AuthenticodeSignatureStatus::NotSigned => {
-            policy::AuthenticodeSignatureStatus::NotSigned
+            AuthenticodeSignatureStatus::NotSigned
         }
         win_api_wrappers::security::crypt::AuthenticodeSignatureStatus::HashMismatch => {
-            policy::AuthenticodeSignatureStatus::HashMismatch
+            AuthenticodeSignatureStatus::HashMismatch
         }
         win_api_wrappers::security::crypt::AuthenticodeSignatureStatus::NotSupportedFileFormat => {
-            policy::AuthenticodeSignatureStatus::NotSupportedFileFormat
+            AuthenticodeSignatureStatus::NotSupportedFileFormat
         }
         win_api_wrappers::security::crypt::AuthenticodeSignatureStatus::NotTrusted => {
-            policy::AuthenticodeSignatureStatus::NotTrusted
+            AuthenticodeSignatureStatus::NotTrusted
         }
     }
 }