[GH-ISSUE #164] Audit: Safe type assertions in client_pagination.go #47

New issue

Closed

opened 2026-02-26 21:32:59 +03:00 by kerem · 1 comment

kerem commented

2026-02-26 21:32:59 +03:00

Owner

Originally created by @rudrankriyam on GitHub (Jan 25, 2026).
Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/164

Description

internal/asc/client_pagination.go:99-141 has unsafe type assertions that will panic at runtime if result is not of the expected type:

case *FeedbackResponse:
    result.(*FeedbackResponse).Data = append(result.(*FeedbackResponse).Data, p.Data...)

This is a risk if a new response type is added but the pagination switch statement isn't updated.

Impact

Runtime panic if pagination encounters unexpected type
Silent bug risk when adding new response types

Location

internal/asc/client_pagination.go:99-141

Fix

Use safe type assertion with comma-ok idiom:

if typedResult, ok := result.(*FeedbackResponse); ok {
    typedResult.Data = append(typedResult.Data, p.Data...)
}

Or add a default case that returns an error.

Severity

Critical

Originally created by @rudrankriyam on GitHub (Jan 25, 2026). Original GitHub issue: https://github.com/rudrankriyam/App-Store-Connect-CLI/issues/164 ## Description `internal/asc/client_pagination.go:99-141` has unsafe type assertions that will panic at runtime if `result` is not of the expected type: ```go case *FeedbackResponse: result.(*FeedbackResponse).Data = append(result.(*FeedbackResponse).Data, p.Data...) ``` This is a risk if a new response type is added but the pagination switch statement isn't updated. ## Impact - Runtime panic if pagination encounters unexpected type - Silent bug risk when adding new response types ## Location `internal/asc/client_pagination.go:99-141` ## Fix Use safe type assertion with comma-ok idiom: ```go if typedResult, ok := result.(*FeedbackResponse); ok { typedResult.Data = append(typedResult.Data, p.Data...) } ``` Or add a default case that returns an error. ## Severity Critical