threshold_crypto icon indicating copy to clipboard operation
threshold_crypto copied to clipboard

Published 20 hours ago verified publisher icon poanetwork

Don’t allow calling `reveal` in release builds

Open DemiMarie opened this issue 6 years ago • 4 comments

Some structs have a reveal method, which deliberately leaks secret information for debug builds. There is no legitimate reason to use them for anything other than debugging, and no uses at all in any of the other codebases I am working on.

To ensure that no new uses of this method are added, make this method only available when debug assertions are turned on. This ensures that any attempts to uses this method will break release builds, and thus be quickly discovered.

DemiMarie avatar Dec 02 '18 01:12 DemiMarie

CI failure is due to:

  1. changes to lints in newer versions of Clippy
  2. Changes to rustfmt.

I will fix both.

Edit: It seems that we cannot fix both, since at least rustfmt has changed between stable and beta.

DemiMarie avatar Dec 02 '18 17:12 DemiMarie

I'm glad we take advantage of the massive productivity gains offered by clippy and rustfmt :)

/sarcasm off

c0gent avatar Dec 03 '18 06:12 c0gent

That's weird. I can't reproduce that locally; also, the "pr" build passed, and only the "push" one failed. For some reason, the latter called

rustup toolchain install ${RUST_NEXT}

and the former didn't. Is it using Rust nightly or beta for some reason??

afck avatar Dec 03 '18 09:12 afck

Maybe you just need to rebase? The no_leak_in_release_builds branch seems to have an outdated .travis.yml.

afck avatar Dec 03 '18 09:12 afck