From 36ffb90eacd055c69cf6a6fb03c9dbfef8c7fbfd Mon Sep 17 00:00:00 2001 From: Shankar Date: Tue, 28 Apr 2026 22:09:49 +0000 Subject: [PATCH] =?UTF-8?q?crypto/signer:=20fix=20QF1008=20staticcheck=20?= =?UTF-8?q?=E2=80=94=20drop=20redundant=20.Curve=20selector?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Lint-only fix; no behavior change. ecdsa.PublicKey embeds elliptic.Curve, so Params() resolves through the embedded field directly. The original k.Curve.Params() form was correct but flagged by staticcheck QF1008 ('could remove embedded field Curve from selector'). Caught by CI #320 (golangci-lint step) after the merge of 68856cb went green on local 'go vet + go test'. Same class of incident as the Bundle 9 ST1018 issue documented in CLAUDE.md::Operating Rules — the 'pre-commit verification gate' rule (run make verify, which includes staticcheck) is the existing defense; the sandbox didn't have golangci-lint pre-installed which is why this slipped past local verification. --- internal/crypto/signer/signer.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/internal/crypto/signer/signer.go b/internal/crypto/signer/signer.go index dcd6c87..e7c0fd2 100644 --- a/internal/crypto/signer/signer.go +++ b/internal/crypto/signer/signer.go @@ -140,8 +140,12 @@ func algorithmFromKey(pub crypto.PublicKey) (Algorithm, error) { case elliptic.P384(): return AlgorithmECDSAP384, nil default: + // ecdsa.PublicKey embeds elliptic.Curve, so Params() resolves + // through the embedded field. Spelled this way to satisfy + // staticcheck QF1008 (could remove embedded field "Curve" from + // selector); functionally identical to k.Curve.Params(). name := "unknown" - if p := k.Curve.Params(); p != nil { + if p := k.Params(); p != nil { name = p.Name } return "", fmt.Errorf("%w: ECDSA curve %s (supported: P-256, P-384)",