From 4cd24158eb545cacf69d0ed23b5f8ec00585a3c8 Mon Sep 17 00:00:00 2001 From: Claude Date: Thu, 2 Apr 2026 10:16:38 +0100 Subject: [PATCH] ax(ueps): replace prose comment with usage example on default tag case AX Principle 2: comments must show usage, not describe intent in prose. The default switch branch comment was prose-first; rewritten as a concrete call-site example that shows what the code does and why. Co-Authored-By: Charon --- pkg/ueps/reader.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/ueps/reader.go b/pkg/ueps/reader.go index 79be96d..6c6faad 100644 --- a/pkg/ueps/reader.go +++ b/pkg/ueps/reader.go @@ -87,8 +87,7 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er case TagHMAC: signature = tagValue default: - // Unknown extension tags are included in HMAC coverage to prevent tag-injection attacks. - // signedData.Write(extensionTLV) — forward-compatible: new tags are authenticated, not silently dropped. + // signedData.WriteByte(unknownTag); signedData.Write(tagValue) — unknown tags contribute to HMAC, blocking injection signedData.WriteByte(tagByte) signedData.WriteByte(byte(tagLength)) signedData.Write(tagValue)