You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In transport/http/identity_test.go, TestIdentity compares the result from resolver.GetIdentity with &auth.AnonymousIdentity{}. That test is fragile, as the behavior of comparing pointers to zero-sized objects (which auth.AnonymousIdentity is) is not guaranteed (https://go.dev/ref/spec#Comparison_operators, bullet point 6).
This test, and presumably other clients of auth.IdentityResolvers, should use a type assertion instead of interface equality.
Replace
if expected != actual {
with
if _, ok := actual.(*auth.AnonymousIdentity); !ok {
(Or a sentinel value should be defined in auth instead of a sentinel type.)
We believe this test will fail in the upcoming go1.25 (~August 2025) because of optimizations that change the behavior of equality on pointer-to-zero-sized allocations.
The text was updated successfully, but these errors were encountered:
Thanks for pointing this out, updating our tests in #574
If there's any tooling that we can run to identify more cases like this on smithy-go or in aws-sdk-go-v2 I'd be happy to check if we have more cases where we're vulnerable
In
transport/http/identity_test.go
,TestIdentity
compares the result fromresolver.GetIdentity
with&auth.AnonymousIdentity{}
. That test is fragile, as the behavior of comparing pointers to zero-sized objects (whichauth.AnonymousIdentity
is) is not guaranteed (https://go.dev/ref/spec#Comparison_operators, bullet point 6).This test, and presumably other clients of
auth.IdentityResolver
s, should use a type assertion instead of interface equality.Replace
with
(Or a sentinel value should be defined in
auth
instead of a sentinel type.)We believe this test will fail in the upcoming go1.25 (~August 2025) because of optimizations that change the behavior of equality on pointer-to-zero-sized allocations.
The text was updated successfully, but these errors were encountered: