chore: cargo fmt security tests

Author: TheCryptoDonkey

crates/heartwood-core/src/derive.rs

@@ -60,7 +60,7 @@ pub fn derive(root: &TreeRoot, purpose: &str, index: u32) -> Result<Identity, He
             }
             Err(_) => {
                 derived.zeroize(); // don't leak failed attempt
-                // Invalid scalar (exceeds curve order), try next index
+                                   // Invalid scalar (exceeds curve order), try next index
                 if current_index == MAX_INDEX {
                     return Err(HeartwoodError::IndexOverflow);
                 }

crates/heartwood-device/src/storage.rs

@@ -86,12 +86,8 @@ fn set_dir_permissions(_path: &Path) -> io::Result<()> {
 fn write_secret_file(path: &Path, data: &[u8]) -> io::Result<()> {
     use std::os::unix::fs::OpenOptionsExt;
 
-    let mut file = fs::OpenOptions::new()
-        .write(true)
-        .create(true)
-        .truncate(true)
-        .mode(0o600)
-        .open(path)?;
+    let mut file =
+        fs::OpenOptions::new().write(true).create(true).truncate(true).mode(0o600).open(path)?;
     io::Write::write_all(&mut file, data)?;
     Ok(())
 }

crates/heartwood-device/src/web.rs

@@ -41,7 +41,10 @@ async fn api_audit(State(state): State<Arc<AppState>>) -> impl IntoResponse {
     let entries: Vec<_> = log.entries().iter().collect();
     match serde_json::to_value(&entries) {
         Ok(val) => (StatusCode::OK, axum::Json(val)),
-        Err(_) => (StatusCode::INTERNAL_SERVER_ERROR, axum::Json(json!({"error": "serialisation failed"}))),
+        Err(_) => (
+            StatusCode::INTERNAL_SERVER_ERROR,
+            axum::Json(json!({"error": "serialisation failed"})),
+        ),
     }
 }
 

crates/heartwood-nip46/src/methods.rs

@@ -65,11 +65,17 @@ impl fmt::Debug for Nip46Request {
             Self::Nip04Encrypt(p) => write!(f, "Nip04Encrypt([{} params])", p.len()),
             Self::Nip04Decrypt(p) => write!(f, "Nip04Decrypt([{} params])", p.len()),
             Self::HeartwoodDerive(p) => write!(f, "HeartwoodDerive([{} params])", p.len()),
-            Self::HeartwoodDerivePersona(p) => write!(f, "HeartwoodDerivePersona([{} params])", p.len()),
+            Self::HeartwoodDerivePersona(p) => {
+                write!(f, "HeartwoodDerivePersona([{} params])", p.len())
+            }
             Self::HeartwoodListIdentities => write!(f, "HeartwoodListIdentities"),
             Self::HeartwoodSwitch(p) => write!(f, "HeartwoodSwitch([{} params])", p.len()),
-            Self::HeartwoodCreateProof(p) => write!(f, "HeartwoodCreateProof([{} params])", p.len()),
-            Self::HeartwoodVerifyProof(p) => write!(f, "HeartwoodVerifyProof([{} params])", p.len()),
+            Self::HeartwoodCreateProof(p) => {
+                write!(f, "HeartwoodCreateProof([{} params])", p.len())
+            }
+            Self::HeartwoodVerifyProof(p) => {
+                write!(f, "HeartwoodVerifyProof([{} params])", p.len())
+            }
             Self::HeartwoodRecover(p) => write!(f, "HeartwoodRecover([{} params])", p.len()),
         }
     }
@@ -122,7 +128,11 @@ impl Nip46Response {
     pub fn ok(id: impl Into<String>, result: serde_json::Value) -> Self {
         let id = id.into();
         if contains_nsec(&result) {
-            return Self { id, result: None, error: Some("response contained secret key material".into()) };
+            return Self {
+                id,
+                result: None,
+                error: Some("response contained secret key material".into()),
+            };
         }
         Self { id, result: Some(result), error: None }
     }

crates/heartwood-nip46/src/session.rs

@@ -109,11 +109,7 @@ impl SessionManager {
 
     /// Return a list of all active (non-expired) client public keys.
     pub fn list(&self) -> Vec<&str> {
-        self.sessions
-            .iter()
-            .filter(|(_, s)| !s.is_expired())
-            .map(|(k, _)| k.as_str())
-            .collect()
+        self.sessions.iter().filter(|(_, s)| !s.is_expired()).map(|(k, _)| k.as_str()).collect()
     }
 
     /// Return the number of active sessions.

crates/heartwood-nip46/tests/security_test.rs

@@ -26,9 +26,12 @@ fn request_debug_no_params_variant() {
 
 #[test]
 fn response_blocks_nsec_in_result() {
-    let resp = Nip46Response::ok("1", serde_json::json!({
-        "nsec": "nsec1abc123"
-    }));
+    let resp = Nip46Response::ok(
+        "1",
+        serde_json::json!({
+            "nsec": "nsec1abc123"
+        }),
+    );
     assert!(resp.result().is_none());
     assert!(resp.error().is_some());
     assert!(resp.error().unwrap().contains("secret key material"));
@@ -42,9 +45,12 @@ fn response_blocks_nsec_in_nested_array() {
 
 #[test]
 fn response_allows_clean_result() {
-    let resp = Nip46Response::ok("1", serde_json::json!({
-        "pubkey": "d6b3a6496c529d8e7f6e10cc7bb89f794ef931770c700f68a859cd24234a2645"
-    }));
+    let resp = Nip46Response::ok(
+        "1",
+        serde_json::json!({
+            "pubkey": "d6b3a6496c529d8e7f6e10cc7bb89f794ef931770c700f68a859cd24234a2645"
+        }),
+    );
     assert!(resp.result().is_some());
     assert!(resp.error().is_none());
 }