Description
save_api_key() in src/config/loader.rs:390 writes the API key using string interpolation:
format!("api_key = "{}"\n", key)
If the key value contains a " character, this produces invalid TOML or allows injection of additional key-value pairs. The migration code at lines 170-172 correctly uses toml::Table — save_api_key() should match.
Impact
- API key containing
" could corrupt auth file
- Inconsistent with migration code pattern
- Defensive coding issue (unlikely for real API keys but still a vulnerability)
Suggested Fix
Use toml::Table serialization:
let mut table = toml::Table::new();
table.insert("api_key".to_string(), toml::Value::String(key.to_string()));
let content = table.to_string();
References
Found via code audit. Full report: commit SHA on develop.
Description
save_api_key()insrc/config/loader.rs:390writes the API key using string interpolation:If the key value contains a
"character, this produces invalid TOML or allows injection of additional key-value pairs. The migration code at lines 170-172 correctly usestoml::Table—save_api_key()should match.Impact
"could corrupt auth fileSuggested Fix
Use
toml::Tableserialization:References
Found via code audit. Full report: commit SHA on develop.