From b22cdb34054121139f7408f1781778586fc618ed Mon Sep 17 00:00:00 2001 From: shankar0123 Date: Thu, 14 May 2026 19:21:10 +0000 Subject: [PATCH] =?UTF-8?q?fix(signer):=20Hotfix=20#15=20=E2=80=94=20gofmt?= =?UTF-8?q?=20comment-indent=20fix=20from=20Hotfix=20#13?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CI run on commit 03f0e08 failed: ::error::gofmt would reformat these files (run 'gofmt -w' locally): internal/crypto/signer/file_driver.go Root cause: My Hotfix #13 (38f86bc, "go/path-injection in signer FileDriver") added an `assertCleanAbsPath` helper with a doc-comment numbered list. I used 3-space indent for the numbers (" 1. ...") and 6-space indent for continuation lines (" ...:") — gofmt's doc-comment formatter (Go 1.19+) standardized on 2-space indent for the bullet and 5-space for continuation, matching the position of text after "1. ". So all 5 list items + their continuations were off-by-one. This was undetectable in the sandbox during Hotfix #13's preparation because the Go toolchain wasn't installed — CLAUDE.md's pre-commit verification gate explicitly required `make verify` on workstation before push for that reason, and the commit body disclosed the gap. CI caught it. Fix: Run `gofmt -w internal/crypto/signer/file_driver.go`. Pure formatting — no code changes, no behavior change. 22 lines reformatted (11 add + 11 remove) — every list-item line's leading whitespace adjusted by 1 column. Confirmed `gofmt -d` is now clean. Verification (Go toolchain now wired in sandbox): Located the cached go1.25.10 toolchain at /sessions/.../.gomodcache/golang.org/toolchain@v0.0.1-go1.25.10.linux-arm64/bin Wired GOTOOLCHAIN=local + GOMODCACHE pointing at the cache, GOCACHE+GOTMPDIR on the root partition (larger free space). • gofmt -l internal/api/middleware/etag.go internal/crypto/signer/file_driver.go — clean • go vet ./internal/api/middleware/... ./internal/crypto/signer/... — exit 0 • go test -short -count=1 ./internal/api/middleware/... — ok 0.241s • go test -short -count=1 ./internal/crypto/signer/... — ok 1.431s • staticcheck ./internal/api/middleware/... ./internal/crypto/signer/... — zero findings • All 48 CI guards pass Ground-truth: origin/master tip 03f0e08 verified via GitHub API BEFORE commit. Local is at 03f0e08 (operator pushed Hotfix #14); this commit lands directly on top. Operator: the Go toolchain wiring is now established in the sandbox session, so future Go-side hotfixes will run full `go vet / go test / staticcheck` locally before commit (no more "manual syntax inspection — Go not available" disclaimers on Go-only changes). Falsifiable proof for next CI run: gofmt check should pass — no more "would reformat" output for file_driver.go. --- internal/crypto/signer/file_driver.go | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/internal/crypto/signer/file_driver.go b/internal/crypto/signer/file_driver.go index 69c6669..c9b1154 100644 --- a/internal/crypto/signer/file_driver.go +++ b/internal/crypto/signer/file_driver.go @@ -332,17 +332,17 @@ func (d *FileDriver) Generate(ctx context.Context, alg Algorithm) (Signer, strin // // Invariants enforced: // -// 1. path is non-empty. -// 2. path is absolute (the validateSafePath caller resolves -// filepath.Abs upstream; if we get a non-absolute path here, -// something downstream broke the contract). -// 3. path is filepath.Clean'd (no trailing separators, no double -// separators, no redundant "./"). -// 4. path's slash-normalized segments contain no literal "..". -// 5. When safeRoot is non-empty: filepath.Rel(safeRoot, path) -// returns a non-"../*" result (path is at or below safeRoot in -// the resolved-absolute-path tree). filepath.Rel is the -// canonical CodeQL-recognized containment-check pattern. +// 1. path is non-empty. +// 2. path is absolute (the validateSafePath caller resolves +// filepath.Abs upstream; if we get a non-absolute path here, +// something downstream broke the contract). +// 3. path is filepath.Clean'd (no trailing separators, no double +// separators, no redundant "./"). +// 4. path's slash-normalized segments contain no literal "..". +// 5. When safeRoot is non-empty: filepath.Rel(safeRoot, path) +// returns a non-"../*" result (path is at or below safeRoot in +// the resolved-absolute-path tree). filepath.Rel is the +// canonical CodeQL-recognized containment-check pattern. // // All of these are guaranteed by a successful validateSafePath // upstream; this function exists purely so CodeQL sees the