[GH-ISSUE #163] Audit: Add empty path validation to config functions #44

New issue

Closed

opened 2026-02-26 21:32:58 +03:00 by kerem · 1 comment

kerem commented 2026-02-26 21:32:58 +03:00

Owner

Copy link

Originally created by @rudrankriyam on GitHub (Jan 25, 2026).
Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/163

Description

LoadAt validates for empty paths, but SaveAt and RemoveAt in internal/config/config.go do not.

Impact

• Inconsistent API behavior
• Potential silent failures or unexpected errors

Location

• internal/config/config.go:198 - SaveAt missing validation
• internal/config/config.go:221 - RemoveAt missing validation

Fix

Add the same validation to SaveAt and RemoveAt:

func SaveAt(path string, cfg *Config) error {
    if strings.TrimSpace(path) == "" {
        return fmt.Errorf("failed to save config: empty path")
    }
    // ...
}

func RemoveAt(path string) error {
    if strings.TrimSpace(path) == "" {
        return fmt.Errorf("failed to remove config: empty path")
    }
    // ...
}

Severity

High

Originally created by @rudrankriyam on GitHub (Jan 25, 2026). Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/163 ## Description `LoadAt` validates for empty paths, but `SaveAt` and `RemoveAt` in `internal/config/config.go` do not. ## Impact - Inconsistent API behavior - Potential silent failures or unexpected errors ## Location - `internal/config/config.go:198` - `SaveAt` missing validation - `internal/config/config.go:221` - `RemoveAt` missing validation ## Fix Add the same validation to `SaveAt` and `RemoveAt`: ```go func SaveAt(path string, cfg *Config) error { if strings.TrimSpace(path) == "" { return fmt.Errorf("failed to save config: empty path") } // ... } func RemoveAt(path string) error { if strings.TrimSpace(path) == "" { return fmt.Errorf("failed to remove config: empty path") } // ... } ``` ## Severity High

kerem closed this issue 2026-02-26 21:32:58 +03:00

kerem commented 2026-02-26 21:32:59 +03:00

Author

Owner

Copy link

@rudrankriyam commented on GitHub (Jan 25, 2026):

Closed via #170.

<!-- gh-comment-id:3797232808 --> @rudrankriyam commented on GitHub (Jan 25, 2026): Closed via #170.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2.0

1.1.1

1.1.0

1.0.1

1.0.0

0.49.1

0.49.0

0.48.1

0.48.0

0.47.1

0.47.0

0.46.2

0.46.1

0.46.0

0.45.4

0.45.3

0.45.2

0.45.1

0.45.0

0.44.2

0.44.1

0.44.0

0.43.0

0.42.0

0.41.4

0.41.3

0.41.2

0.41.1

0.41.0

0.40.1

0.40.0

0.39.1

0.39.0

0.38.3

0.38.2

0.38.1

0.38.0

0.37.3

0.37.2

0.37.1

0.37.0

0.36.3

0.36.2

0.36.1

0.36.0

0.35.3

0.35.2

0.35.1

0.35.0

0.34.1

0.34.0

0.33.2

0.33.1

0.33.0

0.32.0

0.31.3

0.31.2

0.31.1

0.31.0

0.30.0

0.29.3

0.29.2

0.29.1

0.29.0

0.28.14

0.28.13

0.28.12

0.28.11

0.28.10

0.28.9

0.28.8

0.28.7

0.28.6

0.28.5

0.28.4

0.28.3

0.28.2

0.28.1

0.28.0

0.27.0

0.26.4

0.26.3

0.26.2

0.26.1

0.26.0

0.25.4

0.25.3

0.25.1

0.25.0

0.24.3

0.24.2

0.24.1

0.24.0

0.23.5

0.23.4

0.23.3

0.23.2

0.23.1

0.23.0

0.22.1

0.22.0

0.21.0

0.20.2

0.20.1

0.20.0

0.19.3

0.19.2

0.19.1

0.19.0

0.18.2

0.18.1

0.18.0

0.17.0

0.16.0

0.15.0

0.14.0

0.13.0

0.12.4

0.12.3

0.12.2

0.12.1

0.12.0

0.11.0

0.10.2

0.10.1

0.10.0

0.9.0

0.8.1

0.8.0

0.7.0

0.6.0

0.5.0

0.3.1

0.3.0

0.2.0

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Labels

Clear labels   

bug

  

bug

  

documentation

  

enhancement

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

bug

documentation

enhancement

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/App-Store-Connect-CLI#44

No description provided.