From 2d61c641187f087dd795605d7418994d7ce080ad Mon Sep 17 00:00:00 2001 From: shankar0123 Date: Tue, 28 Apr 2026 22:09:49 +0000 Subject: [PATCH] =?UTF-8?q?crypto/signer:=20fix=20QF1008=20staticcheck=20?= =?UTF-8?q?=E2=80=94=20drop=20redundant=20.Curve=20selector?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Lint-only fix; no behavior change. ecdsa.PublicKey embeds elliptic.Curve, so Params() resolves through the embedded field directly. The original k.Curve.Params() form was correct but flagged by staticcheck QF1008 ('could remove embedded field Curve from selector'). Caught by CI #320 (golangci-lint step) after the merge of a318337 went green on local 'go vet + go test'. Same class of incident as the Bundle 9 ST1018 issue documented in CLAUDE.md::Operating Rules — the 'pre-commit verification gate' rule (run make verify, which includes staticcheck) is the existing defense; the sandbox didn't have golangci-lint pre-installed which is why this slipped past local verification. --- internal/crypto/signer/signer.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/internal/crypto/signer/signer.go b/internal/crypto/signer/signer.go index dcd6c87..e7c0fd2 100644 --- a/internal/crypto/signer/signer.go +++ b/internal/crypto/signer/signer.go @@ -140,8 +140,12 @@ func algorithmFromKey(pub crypto.PublicKey) (Algorithm, error) { case elliptic.P384(): return AlgorithmECDSAP384, nil default: + // ecdsa.PublicKey embeds elliptic.Curve, so Params() resolves + // through the embedded field. Spelled this way to satisfy + // staticcheck QF1008 (could remove embedded field "Curve" from + // selector); functionally identical to k.Curve.Params(). name := "unknown" - if p := k.Curve.Params(); p != nil { + if p := k.Params(); p != nil { name = p.Name } return "", fmt.Errorf("%w: ECDSA curve %s (supported: P-256, P-384)",