transport/http: depends on equality of pointer to zero-sized objects

[randall77]

In transport/http/identity_test.go, TestIdentity compares the result from resolver.GetIdentity with &auth.AnonymousIdentity{}. That test is fragile, as the behavior of comparing pointers to zero-sized objects (which auth.AnonymousIdentity is) is not guaranteed (https://go.dev/ref/spec#Comparison_operators, bullet point 6).

This test, and presumably other clients of auth.IdentityResolvers, should use a type assertion instead of interface equality.

Replace

if expected != actual {

with

if _, ok := actual.(*auth.AnonymousIdentity); !ok {

(Or a sentinel value should be defined in auth instead of a sentinel type.)

We believe this test will fail in the upcoming go1.25 (~August 2025) because of optimizations that change the behavior of equality on pointer-to-zero-sized allocations.

[Madrigal]

Thanks for pointing this out, updating our tests in #574

If there's any tooling that we can run to identify more cases like this on smithy-go or in aws-sdk-go-v2 I'd be happy to check if we have more cases where we're vulnerable