From 8d183afa758c3a5c53ace4447c25fa803d48c537 Mon Sep 17 00:00:00 2001
From: chrislu <chris.lu@gmail.com>
Date: Fri, 31 Oct 2025 20:37:12 -0700
Subject: [PATCH] ensure wrong signature

---
 weed/s3api/chunked_reader_v4_test.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/weed/s3api/chunked_reader_v4_test.go b/weed/s3api/chunked_reader_v4_test.go
index c9bad1d8a..b797bf340 100644
--- a/weed/s3api/chunked_reader_v4_test.go
+++ b/weed/s3api/chunked_reader_v4_test.go
@@ -285,7 +285,16 @@ func TestSignedStreamingUploadInvalidSignature(t *testing.T) {
 
 	// Build the chunked payload with INTENTIONALLY WRONG chunk signature
 	// We'll use a modified signature to simulate a tampered request
-	wrongChunkSignature := strings.Replace(chunk1Signature, "a", "b", 1)
+	wrongChunkSignatureBytes := []byte(chunk1Signature)
+	if len(wrongChunkSignatureBytes) > 0 {
+		// Flip the first hex character to guarantee a different signature
+		if wrongChunkSignatureBytes[0] == '0' {
+			wrongChunkSignatureBytes[0] = '1'
+		} else {
+			wrongChunkSignatureBytes[0] = '0'
+		}
+	}
+	wrongChunkSignature := string(wrongChunkSignatureBytes)
 	payload := fmt.Sprintf("400;chunk-signature=%s\r\n%s\r\n", wrongChunkSignature, chunk1Data) +
 		fmt.Sprintf("0;chunk-signature=%s\r\n\r\n", finalSignature)