[GH-ISSUE #161] Audit: Avoid http.DefaultClient in upload operations #45

New issue

Closed

opened 2026-02-26 21:32:58 +03:00 by kerem · 1 comment

kerem commented 2026-02-26 21:32:58 +03:00

Owner

Copy link

Originally created by @rudrankriyam on GitHub (Jan 25, 2026).
Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/161

Description

internal/asc/upload.go:58 uses http.DefaultClient for upload operations:

uploadOpts := UploadOptions{
    Client: http.DefaultClient,  // SHARES CONNECTION POOL
    ...
}

Impact

• http.DefaultClient shares its Transport with all users of the package
• Can cause connection pool exhaustion if used concurrently
• Unexpected timeout/behavior changes affecting other code
• Upload operations may inherit inappropriate default timeouts

Location

internal/asc/upload.go:58

Fix

Create a dedicated http.Client with appropriate timeouts, similar to how NewClient does it in client_core.go:310.

Severity

Critical

Originally created by @rudrankriyam on GitHub (Jan 25, 2026). Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/161 ## Description `internal/asc/upload.go:58` uses `http.DefaultClient` for upload operations: ```go uploadOpts := UploadOptions{ Client: http.DefaultClient, // SHARES CONNECTION POOL ... } ``` ## Impact - `http.DefaultClient` shares its Transport with all users of the package - Can cause connection pool exhaustion if used concurrently - Unexpected timeout/behavior changes affecting other code - Upload operations may inherit inappropriate default timeouts ## Location `internal/asc/upload.go:58` ## Fix Create a dedicated `http.Client` with appropriate timeouts, similar to how `NewClient` does it in `client_core.go:310`. ## Severity Critical

kerem closed this issue 2026-02-26 21:32:58 +03:00

kerem commented 2026-02-26 21:32:59 +03:00

Author

Owner

Copy link

@rudrankriyam commented on GitHub (Jan 25, 2026):

Closed via #170.

<!-- gh-comment-id:3797232683 --> @rudrankriyam commented on GitHub (Jan 25, 2026): Closed via #170.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2.0

1.1.1

1.1.0

1.0.1

1.0.0

0.49.1

0.49.0

0.48.1

0.48.0

0.47.1

0.47.0

0.46.2

0.46.1

0.46.0

0.45.4

0.45.3

0.45.2

0.45.1

0.45.0

0.44.2

0.44.1

0.44.0

0.43.0

0.42.0

0.41.4

0.41.3

0.41.2

0.41.1

0.41.0

0.40.1

0.40.0

0.39.1

0.39.0

0.38.3

0.38.2

0.38.1

0.38.0

0.37.3

0.37.2

0.37.1

0.37.0

0.36.3

0.36.2

0.36.1

0.36.0

0.35.3

0.35.2

0.35.1

0.35.0

0.34.1

0.34.0

0.33.2

0.33.1

0.33.0

0.32.0

0.31.3

0.31.2

0.31.1

0.31.0

0.30.0

0.29.3

0.29.2

0.29.1

0.29.0

0.28.14

0.28.13

0.28.12

0.28.11

0.28.10

0.28.9

0.28.8

0.28.7

0.28.6

0.28.5

0.28.4

0.28.3

0.28.2

0.28.1

0.28.0

0.27.0

0.26.4

0.26.3

0.26.2

0.26.1

0.26.0

0.25.4

0.25.3

0.25.1

0.25.0

0.24.3

0.24.2

0.24.1

0.24.0

0.23.5

0.23.4

0.23.3

0.23.2

0.23.1

0.23.0

0.22.1

0.22.0

0.21.0

0.20.2

0.20.1

0.20.0

0.19.3

0.19.2

0.19.1

0.19.0

0.18.2

0.18.1

0.18.0

0.17.0

0.16.0

0.15.0

0.14.0

0.13.0

0.12.4

0.12.3

0.12.2

0.12.1

0.12.0

0.11.0

0.10.2

0.10.1

0.10.0

0.9.0

0.8.1

0.8.0

0.7.0

0.6.0

0.5.0

0.3.1

0.3.0

0.2.0

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Labels

Clear labels   

bug

  

bug

  

documentation

  

enhancement

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

bug

documentation

enhancement

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/App-Store-Connect-CLI#45

No description provided.