Windows secure storage: report unset keys as NotFound#13278
Merged
Conversation
Contributor
|
@warp-dev-github-integration[bot] I'm starting a first review of this pull request. You can view the conversation on Warp. I completed the review and no human review was requested for this pull request. Comment Powered by Oz |
Contributor
There was a problem hiding this comment.
Overview
This PR maps Windows secure-storage filesystem NotFound errors from read_value and remove_value to Error::NotFound, aligning unset-key behavior with macOS/Linux and avoiding noisy generic error handling for absent keys.
Concerns
- No blocking correctness, security, or spec-drift concerns found. No approved spec context was available for this PR.
Verdict
Found: 0 critical, 0 important, 0 suggestions
Approve
Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).
Powered by Oz
acarl005
approved these changes
Jul 1, 2026
On Windows, `SecureStorage::read_value` (and `remove_value`) read/remove the backing file with `std::fs`, so a missing key surfaced as a generic `Error::IOError` instead of the `Error::NotFound` variant that the macOS and Linux implementations return for an unset key. As a result, callers that special-case `NotFound` to fail closed to a default without logging (e.g. `SecureSetting::read_from_secure_storage`) fell through to their generic error arm on Windows and logged `log::error!` for what is really just an unset key. Map `io::ErrorKind::NotFound` to `Error::NotFound` in the Windows impl so an unset key is handled as "not found" (no error log), matching the other platforms, while genuine I/O errors still return `Error::IOError`. Co-Authored-By: Warp <agent@warp.dev>
62ebc75 to
52d7bab
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
On Windows,
SecureStorage::read_value(andremove_value) read/remove the backing file viastd::fs, so a missing key surfaced as a genericError::IOErrorrather than theError::NotFoundvariant that the macOS (mac.rs) and Linux (linux.rs) implementations return for an unset key.Because of that mismatch, callers that special-case
NotFoundto fail closed to a default without logging — e.g.SecureSetting::read_from_secure_storageincrates/settings/src/lib.rs— fell through to their generic error arm on Windows and emittedlog::error!for what is really just an unset key. That's the "not found errors logged at too high a level" reported in the thread.This maps
io::ErrorKind::NotFoundtoError::NotFoundin the Windows impl, so an unset key is handled as "not found" (returns cleanly, no error log), matching the other platforms. Genuine I/O errors still map toError::IOErrorand continue to log.Per reporter request, this is kept as a minimal log-noise fix with no new unit tests.
Testing
./script/runThis is Windows-only,
#[cfg(target_os = "windows")]code; it can't be exercised on the Linux cloud runner, and per the reporter's request no unit tests were added. Validated by cross-compiling the affected crate for the Windows target:cargo check -p warpui_extras --target x86_64-pc-windows-gnu— cleancargo clippy -p warpui_extras --target x86_64-pc-windows-gnu --all-targets— clean