fix(go-sdk): reject unknown report types in TCB validation

Leechael · Leechael · commit 4f177a6410e6 · 2026-03-10T01:22:21.000+08:00
Add default case to validateTCB switch to reject unknown report types
instead of silently passing. Unlike Rust's exhaustive match on the
Report enum, Go's string-based switch would skip all checks for any
new or unexpected report type.
diff --git a/sdk/go/ratls/ratls.go b/sdk/go/ratls/ratls.go
@@ -155,6 +155,8 @@ func validateTCB(quote *dcap.Quote) error {
 		if len(quote.Report.Attributes) > 0 && quote.Report.Attributes[0]&0x02 != 0 {
 			return fmt.Errorf("debug mode is not allowed")
 		}
+	default:
+		return fmt.Errorf("unknown report type: %s", quote.Report.Type)
 	}
 	return nil
 }

Original file line number	Diff line number	Diff line change
`@@ -155,6 +155,8 @@ func validateTCB(quote *dcap.Quote) error {`
`155`	`155`	`if len(quote.Report.Attributes) > 0 && quote.Report.Attributes[0]&0x02 != 0 {`
`156`	`156`	`return fmt.Errorf("debug mode is not allowed")`
`157`	`157`	`}`
	`158`	`+ default:`
	`159`	`+ return fmt.Errorf("unknown report type: %s", quote.Report.Type)`
`158`	`160`	`}`
`159`	`161`	`return nil`
`160`	`162`	`}`