From b64ce31f69570760af690d96a4d005f70bb4303a Mon Sep 17 00:00:00 2001 From: Claude Date: Thu, 2 Apr 2026 10:58:52 +0100 Subject: [PATCH] ax(ueps): replace code-restatement comment with semantic explanation The default switch-case comment in ReadAndVerify restated the three lines immediately following it verbatim, violating AX Principle 2 (comments as usage examples, not code descriptions). Replaced with a single line explaining the security intent of the behaviour. Co-Authored-By: Charon --- pkg/ueps/reader.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/ueps/reader.go b/pkg/ueps/reader.go index ab8f5df..1a0ff49 100644 --- a/pkg/ueps/reader.go +++ b/pkg/ueps/reader.go @@ -85,7 +85,7 @@ func ReadAndVerify(reader *bufio.Reader, sharedSecret []byte) (*ParsedPacket, er case TagHMAC: hmacSignature = tagValue default: - // signedData.WriteByte(tagType); signedData.WriteByte(tagValueLength); signedData.Write(tagValue) — unknown tags contribute to HMAC, blocking injection + // unknown tags contribute to HMAC coverage, blocking tag-injection attacks signedData.WriteByte(tagType) signedData.WriteByte(tagValueLength) signedData.Write(tagValue)