preparing for v1.100.0

Author: mickgmdb

crates/kingfisher-scanner/src/validation/utils.rs

@@ -32,15 +32,15 @@ pub fn process_captures(captures: &SerializableCaptures) -> Vec<(String, String,
 /// that should be paired with a secret key.
 pub fn find_closest_variable(
     captures: &[(String, String, usize, usize)],
-    target_value: &String,
+    target_value: &str,
     target_variable_name: &str,
     search_variable_name: &str,
 ) -> Option<String> {
     // Collect the positions of the target variable for the provided value so we can
     // compare relative offsets with candidate variables.
     let mut target_positions = Vec::new();
     for (name, value, start, end) in captures {
-        if name == target_variable_name && value == target_value {
+        if name == target_variable_name && value.as_str() == target_value {
             target_positions.push((*start, *end));
         }
     }
@@ -138,8 +138,7 @@ mod tests {
             ("AKID".to_string(), "following".to_string(), 180usize, 200usize),
         ];
 
-        let result =
-            find_closest_variable(&captures, &"secret".to_string(), "TOKEN", "AKID").unwrap();
+        let result = find_closest_variable(&captures, "secret", "TOKEN", "AKID").unwrap();
 
         assert_eq!(result, "preceding".to_string());
     }
@@ -151,8 +150,7 @@ mod tests {
             ("AKID".to_string(), "after".to_string(), 60usize, 80usize),
         ];
 
-        let result =
-            find_closest_variable(&captures, &"secret".to_string(), "TOKEN", "AKID").unwrap();
+        let result = find_closest_variable(&captures, "secret", "TOKEN", "AKID").unwrap();
 
         assert_eq!(result, "after".to_string());
     }

src/scanner/validation.rs

@@ -725,7 +725,7 @@ pub async fn run_secret_validation(
                         let mut by_key: FxHashMap<String, Vec<OwnedBlobMatch>> =
                             FxHashMap::default();
                         for om in owned {
-                            by_key.entry(build_cache_key(&om, &dep_vars)).or_default().push(om);
+                            by_key.entry(build_cache_key(&om)).or_default().push(om);
                         }
                         let reps: Vec<_> =
                             by_key.into_iter().map(|(_k, mut v)| (v.remove(0), v)).collect();
@@ -859,7 +859,7 @@ async fn validate_single(
     validation_retries: u32,
     max_body_len: usize,
 ) {
-    let cache_key = build_cache_key(om, dep_vars);
+    let cache_key = build_cache_key(om);
     // Check cache first
     if let Some(cached) = cache.get(&cache_key) {
         om.validation_success = cached.is_valid;
@@ -956,12 +956,8 @@ fn is_counted_validation_status(status: StatusCode) -> bool {
     !matches!(status, StatusCode::CONTINUE | StatusCode::PRECONDITION_REQUIRED)
 }
 
-// Helper to compute the cache key for an OwnedBlobMatch
-fn build_cache_key(
-    om: &OwnedBlobMatch,
-    dep_vars: &FxHashMap<String, Vec<(String, OffsetSpan)>>,
-) -> String {
-    // Build key
+// Helper to compute the cache key for an OwnedBlobMatch.
+fn build_cache_key(om: &OwnedBlobMatch) -> String {
     let capture0 = om.captures.captures.get(0).map_or(String::new(), |c| c.raw_value().to_string());
 
     let has_context_dependency = om
@@ -982,16 +978,7 @@ fn build_cache_key(
         );
     }
 
-    let dep_vars_str = dep_vars
-        .get(om.rule.id())
-        .map(|hm| {
-            let mut sorted: Vec<_> = hm.iter().collect();
-            sorted.sort_by(|(k, _), (k2, _)| k.cmp(k2));
-            sorted.into_iter().map(|(k, v)| format!("{}={}", k, v)).collect::<Vec<_>>().join("|")
-        })
-        .unwrap_or_default();
-
-    format!("{}|{}|{}", om.rule.name(), capture0, dep_vars_str)
+    format!("{}|{}", om.rule.name(), capture0)
 }
 
 fn maybe_record_access_map(om: &OwnedBlobMatch, collector: Option<&AccessMapCollector>) {

src/validation.rs

@@ -1551,9 +1551,7 @@ fn aws_akid_candidates(
 ) -> Vec<String> {
     let mut candidates = Vec::new();
 
-    if let Some(closest) =
-        utils::find_closest_variable(captured_values, &secret.to_string(), "TOKEN", "AKID")
-    {
+    if let Some(closest) = utils::find_closest_variable(captured_values, secret, "TOKEN", "AKID") {
         candidates.push((0usize, closest));
     }
 

src/validation/utils.rs

@@ -153,15 +153,15 @@ pub fn process_captures(captures: &SerializableCaptures) -> Vec<(String, String,
 
 pub fn find_closest_variable(
     captures: &[(String, String, usize, usize)],
-    target_value: &String,
+    target_value: &str,
     target_variable_name: &str,
     search_variable_name: &str,
 ) -> Option<String> {
     // Collect the positions of the target variable for the provided value so we can
     // compare relative offsets with candidate variables.
     let mut target_positions = Vec::new();
     for (name, value, start, end) in captures {
-        if name == target_variable_name && value == target_value {
+        if name == target_variable_name && value.as_str() == target_value {
             target_positions.push((*start, *end));
         }
     }
@@ -346,8 +346,7 @@ mod tests {
             ("AKID".to_string(), "following".to_string(), 180usize, 200usize),
         ];
 
-        let result =
-            find_closest_variable(&captures, &"secret".to_string(), "TOKEN", "AKID").unwrap();
+        let result = find_closest_variable(&captures, "secret", "TOKEN", "AKID").unwrap();
 
         assert_eq!(result, "preceding".to_string());
     }
@@ -359,8 +358,7 @@ mod tests {
             ("AKID".to_string(), "after".to_string(), 60usize, 80usize),
         ];
 
-        let result =
-            find_closest_variable(&captures, &"secret".to_string(), "TOKEN", "AKID").unwrap();
+        let result = find_closest_variable(&captures, "secret", "TOKEN", "AKID").unwrap();
 
         assert_eq!(result, "after".to_string());
     }