[GH-ISSUE #163] Audit: Add empty path validation to config functions #44

Closed
opened 2026-02-26 21:32:58 +03:00 by kerem · 1 comment
Owner

Originally created by @rudrankriyam on GitHub (Jan 25, 2026).
Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/163

Description

LoadAt validates for empty paths, but SaveAt and RemoveAt in internal/config/config.go do not.

Impact

  • Inconsistent API behavior
  • Potential silent failures or unexpected errors

Location

  • internal/config/config.go:198 - SaveAt missing validation
  • internal/config/config.go:221 - RemoveAt missing validation

Fix

Add the same validation to SaveAt and RemoveAt:

func SaveAt(path string, cfg *Config) error {
    if strings.TrimSpace(path) == "" {
        return fmt.Errorf("failed to save config: empty path")
    }
    // ...
}

func RemoveAt(path string) error {
    if strings.TrimSpace(path) == "" {
        return fmt.Errorf("failed to remove config: empty path")
    }
    // ...
}

Severity

High

Originally created by @rudrankriyam on GitHub (Jan 25, 2026). Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/163 ## Description `LoadAt` validates for empty paths, but `SaveAt` and `RemoveAt` in `internal/config/config.go` do not. ## Impact - Inconsistent API behavior - Potential silent failures or unexpected errors ## Location - `internal/config/config.go:198` - `SaveAt` missing validation - `internal/config/config.go:221` - `RemoveAt` missing validation ## Fix Add the same validation to `SaveAt` and `RemoveAt`: ```go func SaveAt(path string, cfg *Config) error { if strings.TrimSpace(path) == "" { return fmt.Errorf("failed to save config: empty path") } // ... } func RemoveAt(path string) error { if strings.TrimSpace(path) == "" { return fmt.Errorf("failed to remove config: empty path") } // ... } ``` ## Severity High
kerem closed this issue 2026-02-26 21:32:58 +03:00
Author
Owner

@rudrankriyam commented on GitHub (Jan 25, 2026):

Closed via #170.

<!-- gh-comment-id:3797232808 --> @rudrankriyam commented on GitHub (Jan 25, 2026): Closed via #170.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/App-Store-Connect-CLI#44
No description provided.