From 189645940c1fbd67d59fbb86c34d3b4a643810cb Mon Sep 17 00:00:00 2001
From: Ivan <ivan@quad4.io>
Date: Thu, 20 Nov 2025 18:04:30 -0600
Subject: [PATCH] fix: add security comments to clarify handling of
 non-critical errors in ratchet file operations

---
 pkg/identity/identity.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/identity/identity.go b/pkg/identity/identity.go
index 2ca1c1f..7d28e68 100644
--- a/pkg/identity/identity.go
+++ b/pkg/identity/identity.go
@@ -544,14 +544,18 @@ func (i *Identity) saveRatchets(path string) error {
 	}
 
 	if _, err := file.Write(finalData); err != nil {
+		// #nosec G104 - Error already being handled, cleanup errors are non-critical
 		file.Close()
+		// #nosec G104 - Error already being handled, cleanup errors are non-critical
 		os.Remove(tempPath)
 		return fmt.Errorf("failed to write ratchet data: %w", err)
 	}
+	// #nosec G104 - File is being closed after successful write, error is non-critical
 	file.Close()
 
 	// Atomic rename
 	if err := os.Rename(tempPath, path); err != nil {
+		// #nosec G104 - Error already being handled, cleanup errors are non-critical
 		os.Remove(tempPath)
 		return fmt.Errorf("failed to rename ratchet file: %w", err)
 	}