rust-sanitize 0.11.0

Deterministic one-way data sanitization engine
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

//! Unified error types for the sanitization engine.
//!
//! All fallible operations in the crate return [`Result<T>`], which is an
//! alias for `std::result::Result<T, SanitizeError>`.
//!
//! Errors are categorised by subsystem (`IoError`, `SecretsError`,
//! `ArchiveError`, …) so callers can match on the variant to decide
//! whether to retry, skip, or abort. The [`thiserror`] derive keeps
//! display messages actionable and grep-friendly.

use thiserror::Error;

/// All errors that can occur within the sanitization engine.
#[derive(Debug, Error)]
#[non_exhaustive]
pub enum SanitizeError {
    #[error("replacement store capacity exceeded: {current} mappings (limit: {limit})")]
    CapacityExceeded { current: usize, limit: usize },

    #[error("invalid seed length: expected 32 bytes, got {0}")]
    InvalidSeedLength(usize),

    #[error("I/O error: {0}")]
    IoError(#[from] std::io::Error),

    #[error("parse error ({format}): {message}")]
    ParseError { format: String, message: String },

    #[error("recursion depth exceeded: {0}")]
    RecursionDepthExceeded(String),

    #[error("input too large: {size} bytes (limit: {limit})")]
    InputTooLarge { size: usize, limit: usize },

    #[error("pattern compilation error: {0}")]
    PatternCompileError(String),

    #[error("invalid configuration: {0}")]
    InvalidConfig(String),

    #[error("secrets: empty password")]
    SecretsEmptyPassword,

    #[error("secrets: encrypted file too short (corrupt or truncated)")]
    SecretsTooShort,

    #[error("secrets: decryption failed — wrong password or corrupted file")]
    SecretsDecryptFailed,

    #[error("secrets: cipher error: {0}")]
    SecretsCipherError(String),

    #[error("secrets: {format} error: {message}")]
    SecretsFormatError { format: String, message: String },

    #[error("secrets: invalid UTF-8: {0}")]
    SecretsInvalidUtf8(String),

    #[error("secrets: no password provided — file appears encrypted but --encrypted-secrets was not specified")]
    SecretsPasswordRequired,

    #[error("archive error: {0}")]
    ArchiveError(String),
}

pub type Result<T> = std::result::Result<T, SanitizeError>;

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn from_io_error_wraps_message() {
        let io_err = std::io::Error::new(std::io::ErrorKind::NotFound, "file not found");
        let err = SanitizeError::from(io_err);
        assert!(matches!(err, SanitizeError::IoError(_)));
        assert!(err.to_string().contains("file not found"));
    }

    #[test]
    fn io_error_exposes_kind() {
        let io_err = std::io::Error::new(std::io::ErrorKind::PermissionDenied, "access denied");
        if let SanitizeError::IoError(inner) = SanitizeError::from(io_err) {
            assert_eq!(inner.kind(), std::io::ErrorKind::PermissionDenied);
        } else {
            panic!("expected IoError");
        }
    }

    #[test]
    fn display_variants_are_actionable() {
        assert!(SanitizeError::CapacityExceeded {
            current: 5,
            limit: 3
        }
        .to_string()
        .contains('5'));
        assert!(SanitizeError::InputTooLarge {
            size: 100,
            limit: 50
        }
        .to_string()
        .contains("100"));
        assert!(SanitizeError::RecursionDepthExceeded("too deep".into())
            .to_string()
            .contains("too deep"));
        assert!(SanitizeError::SecretsEmptyPassword
            .to_string()
            .contains("empty"));
        assert!(SanitizeError::SecretsDecryptFailed
            .to_string()
            .contains("wrong password"));
    }
}