taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 10:20:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: correct zeroize annotation placement and avoid secret cloning in protected.rs (#108)

Browse Source 
S3Credentials had #[zeroize(skip)] on secret_access_key instead of
access_key_id. The comment said "access_key_id is not sensitive" but
the annotation was on the adjacent field. In practice ProtectedString
has its own #[zeroize(drop)] so the secret was still zeroed on drop,
but the annotation contradicted its own comment and would silently
break if ProtectedString's drop behavior ever changed.

ProtectedString::into_inner() cloned self.inner instead of moving it
out. Use std::mem::take to swap the value out directly, avoiding the
unnecessary heap allocation of the clone.

// ticktockbent
This commit is contained in:
Wes
2026-04-06 08:30:18 -04:00
committed by GitHub
parent d7deae9b30
commit 98c9c33ea0
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
nora-registry/src/secrets/protected.rs
View File

@@ -33,8 +33,8 @@ impl ProtectedString {
} }
/// Consume and return the inner value /// Consume and return the inner value
pub fn into_inner(self) -> Zeroizing<String> { pub fn into_inner(mut self) -> Zeroizing<String> {
Zeroizing::new(self.inner.clone()) Zeroizing::new(std::mem::take(&mut self.inner))
} }
/// Check if the secret is empty /// Check if the secret is empty
@@ -74,8 +74,8 @@ impl From<&str> for ProtectedString {
#[derive(Clone, Zeroize)] #[derive(Clone, Zeroize)]
#[zeroize(drop)] #[zeroize(drop)]
pub struct S3Credentials { pub struct S3Credentials {
pub access_key_id: String,
#[zeroize(skip)] // access_key_id is not sensitive #[zeroize(skip)] // access_key_id is not sensitive
pub access_key_id: String,
pub secret_access_key: ProtectedString, pub secret_access_key: ProtectedString,
pub region: Option<String>, pub region: Option<String>,
} }