[PR #531] [MERGED] Ipa symlink rejection #594

New issue

Closed

opened 2026-02-26 22:31:41 +03:00 by kerem · 0 comments

kerem commented

2026-02-26 22:31:41 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/rudrankriyam/App-Store-Connect-CLI/pull/531
Author: @rudrankriyam
Created: 2/14/2026
Status: ✅ Merged
Merged: 2/14/2026
Merged by: @rudrankriyam

Base: main ← Head: cursor/ipa-symlink-rejection-a2e3

📝 Commits (1)

8e7819b Harden publish IPA handling against symlink paths

📊 Changes

7 files changed (+191 additions, -3 deletions)

View changed files

➕ internal/asc/secure_open_other.go (+9 -0)
➕ internal/asc/secure_open_unix.go (+14 -0)
📝 internal/asc/upload.go (+22 -2)
📝 internal/asc/upload_test.go (+30 -0)
📝 internal/cli/cmdtest/commands_test.go (+66 -0)
📝 internal/cli/publish/publish.go (+4 -1)
➕ internal/cli/publish/publish_test.go (+46 -0)

📄 Description

Summary

Hardens IPA handling in publish and upload operations to explicitly reject symlink paths, preventing potential security vulnerabilities.
validateIPAPath now uses os.Lstat to detect and refuse symlinks before upload.
Introduces a new openUploadSourceFile helper in internal/asc that uses O_NOFOLLOW on Unix-like systems and provides a secure fallback for other platforms to prevent following symlinks when opening upload sources.
Adds comprehensive unit and CLI-level regression tests to cover symlink rejection for both publish testflight and publish appstore commands.

Validation

make format
make lint
make test

Wall of Apps (only if this PR adds/updates a Wall app)

I edited docs/wall-of-apps.json (not the generated Wall block in README.md directly)
I ran make update-wall-of-apps
I committed all generated files:
- docs/wall-of-apps.json
- README.md

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/rudrankriyam/App-Store-Connect-CLI/pull/531 **Author:** [@rudrankriyam](https://github.com/rudrankriyam) **Created:** 2/14/2026 **Status:** ✅ Merged **Merged:** 2/14/2026 **Merged by:** [@rudrankriyam](https://github.com/rudrankriyam) **Base:** `main` ← **Head:** `cursor/ipa-symlink-rejection-a2e3` --- ### 📝 Commits (1) - [`8e7819b`](https://github.com/rudrankriyam/App-Store-Connect-CLI/commit/8e7819b0bec8c5f861d730a9effe53ff78077273) Harden publish IPA handling against symlink paths ### 📊 Changes **7 files changed** (+191 additions, -3 deletions) <details> <summary>View changed files</summary> ➕ `internal/asc/secure_open_other.go` (+9 -0) ➕ `internal/asc/secure_open_unix.go` (+14 -0) 📝 `internal/asc/upload.go` (+22 -2) 📝 `internal/asc/upload_test.go` (+30 -0) 📝 `internal/cli/cmdtest/commands_test.go` (+66 -0) 📝 `internal/cli/publish/publish.go` (+4 -1) ➕ `internal/cli/publish/publish_test.go` (+46 -0) </details> ### 📄 Description ## Summary - Hardens IPA handling in `publish` and `upload` operations to explicitly reject symlink paths, preventing potential security vulnerabilities. - `validateIPAPath` now uses `os.Lstat` to detect and refuse symlinks before upload. - Introduces a new `openUploadSourceFile` helper in `internal/asc` that uses `O_NOFOLLOW` on Unix-like systems and provides a secure fallback for other platforms to prevent following symlinks when opening upload sources. - Adds comprehensive unit and CLI-level regression tests to cover symlink rejection for both `publish testflight` and `publish appstore` commands. ## Validation - [x] `make format` - [x] `make lint` - [x] `make test` ## Wall of Apps (only if this PR adds/updates a Wall app) - [ ] I edited `docs/wall-of-apps.json` (not the generated Wall block in `README.md` directly) - [ ] I ran `make update-wall-of-apps` - [ ] I committed all generated files: - `docs/wall-of-apps.json` - `README.md` --- <p><a href="https://cursor.com/background-agent?bcId=bc-bc9ee075-7cfd-4b93-824b-cbd05febcabb"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-cursor-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-cursor-light.png"><img alt="Open in Cursor" width="131" height="28" src="https://cursor.com/assets/images/open-in-cursor-dark.png"></picture></a> <a href="https://cursor.com/agents?id=bc-bc9ee075-7cfd-4b93-824b-cbd05febcabb"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-web-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-web-light.png"><img alt="Open in Web" width="114" height="28" src="https://cursor.com/assets/images/open-in-web-dark.png"></picture></a></p> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>