From #413.
Sev: low. Tier: state/identity unit. Obvious?: no.
crates/identity/src/lib.rs covers happy-path round-trip + tampered payload + wrong key. Missing: malformed serialized identity bytes, EndpointId from invalid hex, profile bytes failing CBOR.
Evidence:
$ rg "malformed|invalid_hex|corrupt" crates/identity/src/lib.rs
/// Returns an error if the bytes are malformed, the signature is invalid, or
/// - [`IdentityError::Serde`] if the bytes are malformed.
Doc-comments say "malformed bytes" supported; no test exercises the rejection path.
Fix: Add endpoint_id_rejects_malformed_hex + profile_decode_rejects_invalid_cbor unit tests in crates/identity/src/lib.rs.
From #413.
Sev: low. Tier: state/identity unit. Obvious?: no.
crates/identity/src/lib.rscovers happy-path round-trip + tampered payload + wrong key. Missing: malformed serialized identity bytes,EndpointIdfrom invalid hex, profile bytes failing CBOR.Evidence:
Doc-comments say "malformed bytes" supported; no test exercises the rejection path.
Fix: Add
endpoint_id_rejects_malformed_hex+profile_decode_rejects_invalid_cborunit tests incrates/identity/src/lib.rs.