From 64aee2d11a34d251cea4506ed326b0da32b724f8 Mon Sep 17 00:00:00 2001
From: CleverWild <alexuaduo@gmail.com>
Date: Sat, 14 Mar 2026 15:49:13 +0100
Subject: [PATCH] fix(clippy): forbidden methods

---
 server/clippy.toml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/server/clippy.toml b/server/clippy.toml
index 4ab45d6..d0fc168 100644
--- a/server/clippy.toml
+++ b/server/clippy.toml
@@ -3,6 +3,7 @@ disallowed-methods = [
     # We only use RSA for Windows Hello (KeyCredentialManager) public-key verification — decryption
     # is never required and must not be introduced.
     { path = "rsa::RsaPrivateKey::decrypt", reason = "RSA decryption is forbidden (RUSTSEC-2023-0071 Marvin Attack). Only PSS signing/verification is permitted." },
-    { path = "rsa::pkcs1v15::DecryptingKey::decrypt", reason = "RSA decryption is forbidden (RUSTSEC-2023-0071 Marvin Attack). Only PSS signing/verification is permitted.", allow-invalid = true },
-    { path = "rsa::oaep::DecryptingKey::decrypt", reason = "RSA decryption is forbidden (RUSTSEC-2023-0071 Marvin Attack). Only PSS signing/verification is permitted.", allow-invalid = true },
+    { path = "rsa::RsaPrivateKey::decrypt_blinded", reason = "RSA decryption is forbidden (RUSTSEC-2023-0071 Marvin Attack). Only PSS signing/verification is permitted." },
+    { path = "rsa::traits::Decryptor::decrypt", reason = "RSA decryption is forbidden (RUSTSEC-2023-0071 Marvin Attack). This blocks decrypt() on rsa::{pkcs1v15,oaep}::DecryptingKey." },
+    { path = "rsa::traits::RandomizedDecryptor::decrypt_with_rng", reason = "RSA decryption is forbidden (RUSTSEC-2023-0071 Marvin Attack). This blocks decrypt_with_rng() on rsa::{pkcs1v15,oaep}::DecryptingKey." },
 ]