fix: suppress S5659 via NOSONAR and rename remaining test functions

leifj · leifj · commit b1425ab7d997 · 2026-03-09T19:49:09.000+01:00
- Add NOSONAR inline comment for ParseUnverified (go:S5659) since
  sonar.issue.ignore.multicriteria is not honored by Automatic Analysis
- Rename TestNewVerifier_MissingTrustEvaluator -&gt; TestNewVerifierMissingTrustEvaluator
- Rename TestNewMDocHandler_WithTrustEvaluator -&gt; TestNewMDocHandlerWithTrustEvaluator
diff --git a/internal/verifier/apiv1/handlers_verification.go b/internal/verifier/apiv1/handlers_verification.go
@@ -430,7 +430,7 @@ func (c *Client) evaluateIssuerTrust(ctx context.Context, vpToken string, scope
 	// signature verification is performed below by verifyJWTSignature() which enforces
 	// a strict algorithm allowlist and rejects "none" and other weak algorithms.
 	parser := jwt.NewParser(jwt.WithoutClaimsValidation())
-	token, _, err := parser.ParseUnverified(issuerJWT, jwt.MapClaims{})
+	token, _, err := parser.ParseUnverified(issuerJWT, jwt.MapClaims{}) // NOSONAR (go:S5659) - ParseUnverified is intentional; signature is verified below by verifyJWTSignature()
 	if err != nil {
 		return fmt.Errorf("failed to parse JWT header: %w", err)
 	}
diff --git a/pkg/mdoc/verifier_test.go b/pkg/mdoc/verifier_test.go
@@ -186,7 +186,7 @@ func TestNewVerifier(t *testing.T) {
 	}
 }
 
-func TestNewVerifier_MissingTrustEvaluator(t *testing.T) {
+func TestNewVerifierMissingTrustEvaluator(t *testing.T) {
 	_, err := NewVerifier(VerifierConfig{})
 
 	if err == nil {
diff --git a/pkg/openid4vp/mdoc_handler_test.go b/pkg/openid4vp/mdoc_handler_test.go
@@ -44,7 +44,7 @@ func TestNewMDocHandler(t *testing.T) {
 	}
 }
 
-func TestNewMDocHandler_WithTrustEvaluator(t *testing.T) {
+func TestNewMDocHandlerWithTrustEvaluator(t *testing.T) {
 	te := &mockTrustEvaluator{trusted: true}
 
 	h, err := NewMDocHandler(WithMDocTrustEvaluator(te))

Original file line number	Diff line number	Diff line change
`@@ -430,7 +430,7 @@ func (c *Client) evaluateIssuerTrust(ctx context.Context, vpToken string, scope`
`430`	`430`	`// signature verification is performed below by verifyJWTSignature() which enforces`
`431`	`431`	`// a strict algorithm allowlist and rejects "none" and other weak algorithms.`
`432`	`432`	`parser := jwt.NewParser(jwt.WithoutClaimsValidation())`
`433`		`- token, _, err := parser.ParseUnverified(issuerJWT, jwt.MapClaims{})`
	`433`	`+ token, _, err := parser.ParseUnverified(issuerJWT, jwt.MapClaims{}) // NOSONAR (go:S5659) - ParseUnverified is intentional; signature is verified below by verifyJWTSignature()`
`434`	`434`	`if err != nil {`
`435`	`435`	`return fmt.Errorf("failed to parse JWT header: %w", err)`
`436`	`436`	`}`
Original file line number	Diff line number	Diff line change
`@@ -186,7 +186,7 @@ func TestNewVerifier(t *testing.T) {`
`186`	`186`	`}`
`187`	`187`	`}`
`188`	`188`
`189`		`-func TestNewVerifier_MissingTrustEvaluator(t *testing.T) {`
	`189`	`+func TestNewVerifierMissingTrustEvaluator(t *testing.T) {`
`190`	`190`	`_, err := NewVerifier(VerifierConfig{})`
`191`	`191`
`192`	`192`	`if err == nil {`
Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,7 @@ func TestNewMDocHandler(t *testing.T) {`
`44`	`44`	`}`
`45`	`45`	`}`
`46`	`46`
`47`		`-func TestNewMDocHandler_WithTrustEvaluator(t *testing.T) {`
	`47`	`+func TestNewMDocHandlerWithTrustEvaluator(t *testing.T) {`
`48`	`48`	`te := &mockTrustEvaluator{trusted: true}`
`49`	`49`
`50`	`50`	`h, err := NewMDocHandler(WithMDocTrustEvaluator(te))`