[GH-ISSUE #162] Audit: Fix nil pointer dereference risk in shared.go #43

New issue

Closed

opened 2026-02-26 21:32:58 +03:00 by kerem · 1 comment

kerem commented 2026-02-26 21:32:58 +03:00

Owner

Copy link

Originally created by @rudrankriyam on GitHub (Jan 25, 2026).
Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/162

Description

cmd/shared.go:174-178 has a potential nil pointer dereference:

cfg, err := config.Load()
if err != nil {
    return ""
}
return strings.TrimSpace(cfg.AppID)

If config.Load() returns nil, nil (when config file doesn't exist), the subsequent access to cfg.AppID will panic.

Impact

• Runtime panic when config file doesn't exist
• User-facing crash instead of graceful handling

Location

cmd/shared.go:174-178

Fix

Add explicit nil check for cfg:

cfg, err := config.Load()
if err != nil {
    return ""
}
if cfg == nil {
    return ""
}
return strings.TrimSpace(cfg.AppID)

Severity

High

Originally created by @rudrankriyam on GitHub (Jan 25, 2026). Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/162 ## Description `cmd/shared.go:174-178` has a potential nil pointer dereference: ```go cfg, err := config.Load() if err != nil { return "" } return strings.TrimSpace(cfg.AppID) ``` If `config.Load()` returns `nil, nil` (when config file doesn't exist), the subsequent access to `cfg.AppID` will panic. ## Impact - Runtime panic when config file doesn't exist - User-facing crash instead of graceful handling ## Location `cmd/shared.go:174-178` ## Fix Add explicit nil check for `cfg`: ```go cfg, err := config.Load() if err != nil { return "" } if cfg == nil { return "" } return strings.TrimSpace(cfg.AppID) ``` ## Severity High

kerem closed this issue 2026-02-26 21:32:58 +03:00

kerem commented 2026-02-26 21:32:59 +03:00

Author

Owner

Copy link

@rudrankriyam commented on GitHub (Jan 25, 2026):

Closed via #170.

<!-- gh-comment-id:3797232752 --> @rudrankriyam commented on GitHub (Jan 25, 2026): Closed via #170.

kerem referenced this issue 2026-02-26 21:34:18 +03:00

[PR #43] [MERGED] feat: add Xcode Cloud CLI support for triggering and monitoring workflows #252

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2.0

1.1.1

1.1.0

1.0.1

1.0.0

0.49.1

0.49.0

0.48.1

0.48.0

0.47.1

0.47.0

0.46.2

0.46.1

0.46.0

0.45.4

0.45.3

0.45.2

0.45.1

0.45.0

0.44.2

0.44.1

0.44.0

0.43.0

0.42.0

0.41.4

0.41.3

0.41.2

0.41.1

0.41.0

0.40.1

0.40.0

0.39.1

0.39.0

0.38.3

0.38.2

0.38.1

0.38.0

0.37.3

0.37.2

0.37.1

0.37.0

0.36.3

0.36.2

0.36.1

0.36.0

0.35.3

0.35.2

0.35.1

0.35.0

0.34.1

0.34.0

0.33.2

0.33.1

0.33.0

0.32.0

0.31.3

0.31.2

0.31.1

0.31.0

0.30.0

0.29.3

0.29.2

0.29.1

0.29.0

0.28.14

0.28.13

0.28.12

0.28.11

0.28.10

0.28.9

0.28.8

0.28.7

0.28.6

0.28.5

0.28.4

0.28.3

0.28.2

0.28.1

0.28.0

0.27.0

0.26.4

0.26.3

0.26.2

0.26.1

0.26.0

0.25.4

0.25.3

0.25.1

0.25.0

0.24.3

0.24.2

0.24.1

0.24.0

0.23.5

0.23.4

0.23.3

0.23.2

0.23.1

0.23.0

0.22.1

0.22.0

0.21.0

0.20.2

0.20.1

0.20.0

0.19.3

0.19.2

0.19.1

0.19.0

0.18.2

0.18.1

0.18.0

0.17.0

0.16.0

0.15.0

0.14.0

0.13.0

0.12.4

0.12.3

0.12.2

0.12.1

0.12.0

0.11.0

0.10.2

0.10.1

0.10.0

0.9.0

0.8.1

0.8.0

0.7.0

0.6.0

0.5.0

0.3.1

0.3.0

0.2.0

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Labels

Clear labels   

bug

  

bug

  

documentation

  

enhancement

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

bug

documentation

enhancement

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/App-Store-Connect-CLI#43

No description provided.