Merge branch 'main' into feature/cert-verification-port-handling

Author: aram356

Cargo.lock

@@ -41,6 +41,7 @@ debug = 1
 async-trait = "0.1"
 base64 = "0.22"
 brotli = "8.0"
+build-print = "1.0.1"
 bytes = "1.11"
 chacha20poly1305 = "0.10"
 chrono = "0.4.42"

Cargo.toml

@@ -724,7 +724,11 @@ mod tests {
             "Slot-1 should still be present"
         );
         assert!(
-            filtered.get("slot-1").unwrap().price.is_none(),
+            filtered
+                .get("slot-1")
+                .expect("slot-1 should be present")
+                .price
+                .is_none(),
             "Price should still be None (not decoded yet)"
         );
     }

crates/common/src/auction/orchestrator.rs

@@ -82,7 +82,9 @@ mod tests {
 
         let response = enforce_basic_auth(&settings, &req).expect("should challenge");
         assert_eq!(response.get_status(), StatusCode::UNAUTHORIZED);
-        let realm = response.get_header(header::WWW_AUTHENTICATE).unwrap();
+        let realm = response
+            .get_header(header::WWW_AUTHENTICATE)
+            .expect("should have WWW-Authenticate header");
         assert_eq!(realm, BASIC_AUTH_REALM);
     }
 

crates/common/src/auth.rs

@@ -87,7 +87,10 @@ pub fn ensure_origin_backend(
     if scheme.eq_ignore_ascii_case("https") {
         builder = builder.enable_ssl().sni_hostname(host);
         if certificate_check {
-            builder = builder.check_certificate(host);
+            builder = builder
+                .enable_ssl()
+                .sni_hostname(host)
+                .check_certificate(host);
         } else {
             log::warn!(
                 "INSECURE: certificate check disabled for backend: {}",

crates/common/src/backend.rs

@@ -83,8 +83,8 @@ mod tests {
         let jar = parse_cookies_to_jar(header_value);
 
         assert!(jar.iter().count() == 2);
-        assert_eq!(jar.get("c1").unwrap().value(), "v1");
-        assert_eq!(jar.get("c2").unwrap().value(), "v2");
+        assert_eq!(jar.get("c1").expect("should have cookie c1").value(), "v1");
+        assert_eq!(jar.get("c2").expect("should have cookie c2").value(), "v2");
     }
 
     #[test]
@@ -93,7 +93,7 @@ mod tests {
         let jar = parse_cookies_to_jar(cookie_str);
 
         assert!(jar.iter().count() == 1);
-        assert_eq!(jar.get("c1").unwrap().value(), "v2");
+        assert_eq!(jar.get("c1").expect("should have cookie c1").value(), "v2");
     }
 
     #[test]
@@ -120,8 +120,8 @@ mod tests {
             .expect("should have cookie jar");
 
         assert!(jar.iter().count() == 2);
-        assert_eq!(jar.get("c1").unwrap().value(), "v1");
-        assert_eq!(jar.get("c2").unwrap().value(), "v2");
+        assert_eq!(jar.get("c1").expect("should have cookie c1").value(), "v1");
+        assert_eq!(jar.get("c2").expect("should have cookie c2").value(), "v2");
     }
 
     #[test]

crates/common/src/cookies.rs

@@ -521,8 +521,8 @@ mod tests {
         let mut output = Vec::new();
         pipeline
             .process(Cursor::new(html.as_bytes()), &mut output)
-            .unwrap();
-        let processed = String::from_utf8(output).unwrap();
+            .expect("pipeline should process HTML");
+        let processed = String::from_utf8(output).expect("output should be valid UTF-8");
 
         assert!(processed.contains("keep-me"));
         assert!(!processed.contains("remove-me"));
@@ -554,9 +554,9 @@ mod tests {
         let mut output = Vec::new();
         pipeline
             .process(Cursor::new(html.as_bytes()), &mut output)
-            .unwrap();
+            .expect("pipeline should process HTML");
 
-        let result = String::from_utf8(output).unwrap();
+        let result = String::from_utf8(output).expect("output should be valid UTF-8");
         assert!(result.contains(r#"href="https://test.example.com/page""#));
         assert!(result.contains(r#"href="//test.example.com/proto""#));
         assert!(result.contains(r#"href="test.example.com/bare""#));
@@ -615,8 +615,8 @@ mod tests {
         let mut output = Vec::new();
         pipeline
             .process(Cursor::new(html.as_bytes()), &mut output)
-            .unwrap();
-        let result = String::from_utf8(output).unwrap();
+            .expect("pipeline should process HTML");
+        let result = String::from_utf8(output).expect("output should be valid UTF-8");
 
         // Assertions - only URL attribute replacements are expected
         // Check URL replacements (not all occurrences will be replaced since
@@ -717,8 +717,10 @@ mod tests {
 
         // Compress
         let mut encoder = GzEncoder::new(Vec::new(), GzCompression::default());
-        encoder.write_all(html.as_bytes()).unwrap();
-        let compressed_input = encoder.finish().unwrap();
+        encoder
+            .write_all(html.as_bytes())
+            .expect("should write to gzip encoder");
+        let compressed_input = encoder.finish().expect("should finish gzip encoding");
 
         println!("Compressed input size: {} bytes", compressed_input.len());
 
@@ -738,7 +740,7 @@ mod tests {
         let mut compressed_output = Vec::new();
         pipeline
             .process(Cursor::new(&compressed_input), &mut compressed_output)
-            .unwrap();
+            .expect("pipeline should process gzipped HTML");
 
         // Ensure we produced output
         assert!(
@@ -749,7 +751,9 @@ mod tests {
         // Decompress and verify
         let mut decoder = GzDecoder::new(&compressed_output[..]);
         let mut decompressed = String::new();
-        decoder.read_to_string(&mut decompressed).unwrap();
+        decoder
+            .read_to_string(&mut decompressed)
+            .expect("should decompress gzip output");
 
         let remaining_urls = decompressed.matches("www.test-publisher.com").count();
         let replaced_urls = decompressed

crates/common/src/html_processor.rs

@@ -277,12 +277,19 @@ pub fn verify_clear_url_signature(settings: &Settings, clear_url: &str, token: &
 /// 2) Base64-decode the `x1||nonce||ciphertext+tag` bytes
 /// 3) Compute SHA-256 over those bytes
 /// 4) Return Base64 URL-safe (no padding) digest as `tstoken`
+///
+/// # Panics
+///
+/// This function will not panic under normal circumstances. The internal base64 decode
+/// cannot fail because it operates on data that was just encoded by `encode_url`.
 #[must_use]
 pub fn compute_encrypted_sha256_token(settings: &Settings, full_url: &str) -> String {
     // Encrypt deterministically using existing helper
     let enc = encode_url(settings, full_url);
     // Decode to raw bytes (x1 + nonce + ciphertext+tag)
-    let raw = URL_SAFE_NO_PAD.decode(enc.as_bytes()).unwrap_or_default();
+    let raw = URL_SAFE_NO_PAD
+        .decode(enc.as_bytes())
+        .expect("decode must succeed for just-encoded data");
     let digest = Sha256::digest(&raw);
     URL_SAFE_NO_PAD.encode(digest)
 }

crates/common/src/http_util.rs

@@ -470,20 +470,26 @@ mod tests {
 
         auction_request.context.insert(
             "provider_responses".to_string(),
-            serde_json::to_value(&bidder_responses).unwrap(),
+            serde_json::to_value(&bidder_responses).expect("should serialize bidder responses"),
         );
 
         let mediation_req = provider
             .build_mediation_request(&auction_request, &bidder_responses)
-            .unwrap();
+            .expect("should build mediation request");
 
         // Verify structure
         assert_eq!(mediation_req["id"], "test-auction-123");
-        assert_eq!(mediation_req["imp"].as_array().unwrap().len(), 1);
+        assert_eq!(
+            mediation_req["imp"]
+                .as_array()
+                .expect("imp should be array")
+                .len(),
+            1
+        );
         assert_eq!(
             mediation_req["ext"]["bidder_responses"]
                 .as_array()
-                .unwrap()
+                .expect("bidder_responses should be array")
                 .len(),
             2
         );

crates/common/src/integrations/adserver_mock.rs

@@ -261,7 +261,7 @@ mod tests {
         let integration = DidomiIntegration::new(Arc::new(config(true)));
         let url = integration
             .build_target_url("https://sdk.privacy-center.org", "/loader.js", Some("v=1"))
-            .unwrap();
+            .expect("should build target URL");
         assert_eq!(url, "https://sdk.privacy-center.org/loader.js?v=1");
     }