From 4f37df2fc0d0f1df1f74cdc1e922a5db9748b2e0 Mon Sep 17 00:00:00 2001
From: Ivan <ivan@quad4.io>
Date: Thu, 20 Nov 2025 18:04:26 -0600
Subject: [PATCH] fix: add security comments to handle non-critical errors in
 ratchet persistence

---
 pkg/destination/destination.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/destination/destination.go b/pkg/destination/destination.go
index ae78a28..591ef97 100644
--- a/pkg/destination/destination.go
+++ b/pkg/destination/destination.go
@@ -524,19 +524,24 @@ func (d *Destination) persistRatchets() error {
 	}
 
 	if _, err := file.Write(finalData); err != nil {
+		// #nosec G104 - Error already being handled, cleanup errors are non-critical
 		file.Close()
+		// #nosec G104 - Error already being handled, cleanup errors are non-critical
 		os.Remove(tempPath)
 		return fmt.Errorf("failed to write ratchet data: %w", err)
 	}
+	// #nosec G104 - File is being closed after successful write, error is non-critical
 	file.Close()
 
 	// Remove old file if exists
 	if _, err := os.Stat(d.ratchetPath); err == nil {
+		// #nosec G104 - Removing old file, error is non-critical if it doesn't exist
 		os.Remove(d.ratchetPath)
 	}
 
 	// Atomic rename
 	if err := os.Rename(tempPath, d.ratchetPath); err != nil {
+		// #nosec G104 - Error already being handled, cleanup errors are non-critical
 		os.Remove(tempPath)
 		return fmt.Errorf("failed to rename ratchet file: %w", err)
 	}