Skip to content

Add new coding standard for local (internal) function names #9579

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
douzzer merged 4 commits into from
Dec 31, 2025
+24 −8
Merged

Add new coding standard for local (internal) function names #9579

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
96e2e80
Add new coding standard for local (internal) function names.
dgarske Dec 23, 2025
c3e6515
Improve the Devin lifeguard coding standard rules
dgarske Dec 26, 2025
73ee89a
Improve no-void-functions rule
dgarske Dec 26, 2025
d39b0e6
Fixes from peer review.
dgarske Dec 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 24 additions & 8 deletions devin_lifeguard.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
rules:
- name: no-void-functions
trigger: >-
All functions must return a value. Avoid using void return types to ensure
error values can be propagated upstream.
When implementing new public functions (WOLFSSL_API) avoid using "void"
return type to ensure error values can be propagated upstream. Does not
apply to "doc/" directory.
solution: >-
Change the function to return an appropriate error code or result instead
of void. Ensure all return paths provide a meaningful value.
Expand Down Expand Up @@ -51,12 +52,17 @@ rules:
variables to minimize stack usage within the function.
- name: prefer-constant-time
trigger: >-
Implement algorithms in constant time to prevent timing attacks and ensure
security.
solution: >-
Review and refactor algorithms to ensure their execution time does not
depend on input values. Use constant-time libraries or functions where
applicable.
Any code handling secret or private key data (symmetric or asymmetric)
must be implemented in constant time. This includes cryptographic
operations, key comparisons, and encoding/decoding operations (base64,
hex, etc.) when processing secrets. Use constant-time implementations
by default for all secret data since tracking when timing attacks are
strictly possible is error-prone.
solution: >-
Review and refactor code to ensure execution time does not depend on
secret values. Use constant-time functions such as ConstantCompare()
for comparisons and avoid early-exit conditions based on secret data.
When in doubt, assume constant-time handling is required.
- name: use-sizeof
trigger: >-
Avoid hard-coded numeric values for sizes. Use `sizeof()` to ensure
Expand Down Expand Up @@ -143,3 +149,13 @@ rules:

ensure ephemeral structures are freed once no longer needed, and avoid
reusing pointers after free
- name: use-proper-function-visibility
trigger: >-
functions must use appropriate visibility modifiers. Public functions
should use WOLFSSL_API, local functions should use WOLFSSL_LOCAL, and
non-static local functions should have a wolfssl_local_ or wc_local_ prefix.
solution: >-
for public functions that are part of the external API, declare them with
WOLFSSL_API. For functions local to the library but not static, use
WOLFSSL_LOCAL and prefix the function name with wolfssl_local_ or wc_local_
to clearly indicate internal usage.