[PR #532] [MERGED] Cross-platform symlink security #596

New issue

Closed

opened 2026-02-26 22:31:41 +03:00 by kerem · 0 comments

kerem commented

2026-02-26 22:31:41 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/rudrankriyam/App-Store-Connect-CLI/pull/532
Author: @rudrankriyam
Created: 2/14/2026
Status: ✅ Merged
Merged: 2/14/2026
Merged by: @rudrankriyam

Base: main ← Head: cursor/cross-platform-symlink-security-cd97

📝 Commits (2)

aad5d95 Harden non-unix secure open with best-effort nofollow checks
37d7b1a Format secure open best-effort helper

📊 Changes

5 files changed (+231 additions, -12 deletions)

View changed files

📝 README.md (+2 -0)
📝 internal/cli/shared/junit_report_test.go (+1 -6)
➕ internal/cli/shared/secure_open_best_effort.go (+91 -0)
➕ internal/cli/shared/secure_open_best_effort_test.go (+128 -0)
📝 internal/cli/shared/secure_open_other.go (+9 -6)

📄 Description

Summary

Implemented best-effort symlink protection for non-Unix secure_open paths by adding secure_open_best_effort helper. This helper performs pre-open Lstat symlink rejection and post-open path/handle consistency checks to mitigate TOCTOU vulnerabilities where O_NOFOLLOW is unavailable.
Updated secure_open_other.go to use this new hardened flow.
Added new tests for the best-effort helper and updated existing symlink tests to use capability-based skips.
Updated README.md to document platform-specific security behavior and TOCTOU limitations.

Validation

make format
make lint
make test

Wall of Apps (only if this PR adds/updates a Wall app)

I edited docs/wall-of-apps.json (not the generated Wall block in README.md directly)
I ran make update-wall-of-apps
I committed all generated files:
- docs/wall-of-apps.json
- README.md

Entry template:

{
  "app": "Your App Name",
  "link": "https://apps.apple.com/app/id1234567890",
  "creator": "your-github-handle",
  "platform": ["iOS"]
}

Common Apple labels: iOS, macOS, watchOS, tvOS, visionOS.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/rudrankriyam/App-Store-Connect-CLI/pull/532 **Author:** [@rudrankriyam](https://github.com/rudrankriyam) **Created:** 2/14/2026 **Status:** ✅ Merged **Merged:** 2/14/2026 **Merged by:** [@rudrankriyam](https://github.com/rudrankriyam) **Base:** `main` ← **Head:** `cursor/cross-platform-symlink-security-cd97` --- ### 📝 Commits (2) - [`aad5d95`](https://github.com/rudrankriyam/App-Store-Connect-CLI/commit/aad5d95e071053655db786a65c11347ba682fad0) Harden non-unix secure open with best-effort nofollow checks - [`37d7b1a`](https://github.com/rudrankriyam/App-Store-Connect-CLI/commit/37d7b1a2fc284d055d2460aea9bc7153295f40fb) Format secure open best-effort helper ### 📊 Changes **5 files changed** (+231 additions, -12 deletions) <details> <summary>View changed files</summary> 📝 `README.md` (+2 -0) 📝 `internal/cli/shared/junit_report_test.go` (+1 -6) ➕ `internal/cli/shared/secure_open_best_effort.go` (+91 -0) ➕ `internal/cli/shared/secure_open_best_effort_test.go` (+128 -0) 📝 `internal/cli/shared/secure_open_other.go` (+9 -6) </details> ### 📄 Description ## Summary - Implemented best-effort symlink protection for non-Unix `secure_open` paths by adding `secure_open_best_effort` helper. This helper performs pre-open `Lstat` symlink rejection and post-open path/handle consistency checks to mitigate TOCTOU vulnerabilities where `O_NOFOLLOW` is unavailable. - Updated `secure_open_other.go` to use this new hardened flow. - Added new tests for the best-effort helper and updated existing symlink tests to use capability-based skips. - Updated `README.md` to document platform-specific security behavior and TOCTOU limitations. ## Validation - [x] `make format` - [x] `make lint` - [x] `make test` ## Wall of Apps (only if this PR adds/updates a Wall app) - [ ] I edited `docs/wall-of-apps.json` (not the generated Wall block in `README.md` directly) - [ ] I ran `make update-wall-of-apps` - [ ] I committed all generated files: - `docs/wall-of-apps.json` - `README.md` Entry template: ```json { "app": "Your App Name", "link": "https://apps.apple.com/app/id1234567890", "creator": "your-github-handle", "platform": ["iOS"] } ``` Common Apple labels: `iOS`, `macOS`, `watchOS`, `tvOS`, `visionOS`. --- <p><a href="https://cursor.com/background-agent?bcId=bc-856d6e41-eefa-4d77-b57c-0afd9af403c6"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-cursor-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-cursor-light.png"><img alt="Open in Cursor" width="131" height="28" src="https://cursor.com/assets/images/open-in-cursor-dark.png"></picture></a> <a href="https://cursor.com/agents?id=bc-856d6e41-eefa-4d77-b57c-0afd9af403c6"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-web-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-web-light.png"><img alt="Open in Web" width="114" height="28" src="https://cursor.com/assets/images/open-in-web-dark.png"></picture></a></p> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>