Skip to content

fix(config): harden CLI option and config-file parsing against bad input#124

Merged
pchuri merged 1 commit intomainfrom
fix/config-validation-robustness
Apr 27, 2026
Merged

fix(config): harden CLI option and config-file parsing against bad input#124
pchuri merged 1 commit intomainfrom
fix/config-validation-robustness

Conversation

@pchuri
Copy link
Copy Markdown
Owner

@pchuri pchuri commented Apr 27, 2026

Description

Two small robustness fixes in lib/config.js:

  1. --token / --cookie no longer crash on non-string values. validateCliOptions previously called .trim() after only an !== undefined guard, so null or numeric values produced a confusing TypeError: Cannot read properties of null (reading 'trim') instead of the intended --token cannot be empty validation error. Both fields now type-guard before trimming.
  2. Corrupted ~/.confluence-cli/config.json now reports the actual parse error. readConfigFile() previously caught any read/parse failure and returned null, which fell through to a generic "No configuration found! Please run "confluence init"" message — masking the real cause. We now log a yellow warning naming the file and the underlying error before returning null, so the next "No configuration found!" line still fires but the user can see why.

Type of Change

  • Bug fix (non-breaking change which fixes an issue)

Testing

  • npm test — 326/326 pass (5 new tests added)
  • npm run lint — clean
  • New tests cover: --token null, --token numeric, --cookie null with cookie auth, whitespace-only --token regression guard, and invalid-JSON config file warning path

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • New and existing unit tests pass locally with my changes
  • My changes generate no new warnings

Additional Context

Behavior is unchanged for valid inputs. null and non-string --token / --cookie now produce the same friendly cannot be empty message that whitespace-only strings already produced — programmatic callers no longer need to defensively coerce. The corrupted-config warning goes to stderr only when the file exists but cannot be parsed; the no-file case (!fs.existsSync) stays silent as before.

@pchuri
fix(config): harden CLI option and config-file parsing against bad input
7c14a29 
- Type-guard --token and --cookie validation so passing null or a non-string
  produces a clean validation error instead of a TypeError on .trim()
- Surface a stderr warning when ~/.confluence-cli/config.json fails to parse,
  instead of silently returning null and falling through to "No configuration
  found!" — making corrupted-config debugging straightforward
@pchuri pchuri merged commit 1ee18ef into main Apr 27, 2026
6 checks passed
@pchuri pchuri deleted the fix/config-validation-robustness branch April 27, 2026 09:07
github-actions Bot pushed a commit that referenced this pull request Apr 27, 2026
@semantic-release-bot
chore(release): 1.33.2 [skip ci]
cae5b0c 
## [1.33.2](v1.33.1...v1.33.2) (2026-04-27)

### Bug Fixes

* **config:** harden CLI option and config-file parsing against bad input ([#124](#124)) ([1ee18ef](1ee18ef))
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 27, 2026

🎉 This PR is included in version 1.33.2 🎉

The release is available on:

Your semantic-release bot 📦🚀

@pchuri pchuri mentioned this pull request Apr 27, 2026
Merged
8 tasks
pchuri added a commit that referenced this pull request Apr 27, 2026
@pchuri
fix(config): type-guard remaining CLI option validation against non-s…
c7c1a31 
…trings (#128)

Follow-up to #124, applying the same defensive pattern to the rest of
validateCliOptions and the providedValues construction in initConfig:

- domain, email, apiPath, protocol, authType: type-check before calling
  string methods (trim/startsWith/toLowerCase/includes), so non-string
  truthy inputs (e.g. numeric values from programmatic callers) surface
  a clean validation error instead of a TypeError
- The early authType normalization in initConfig (`.trim().toLowerCase()`
  before validateCliOptions runs) is also guarded so the crash cannot
  occur before validation gets a chance to report it
- Adds regression tests covering domain, apiPath, protocol, and authType
github-actions Bot pushed a commit that referenced this pull request Apr 27, 2026
@semantic-release-bot
chore(release): 2.0.1 [skip ci]
cde5798 
## [2.0.1](v2.0.0...v2.0.1) (2026-04-27)

### Bug Fixes

* **config:** type-guard remaining CLI option validation against non-strings ([#128](#128)) ([c7c1a31](c7c1a31)), closes [#124](#124)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pchuri