fix: resolve 11 CodeQL path-injection alerts in Go CLI#411

Closed

Aureliolo wants to merge 2 commits into

mainfrom

fix/codeql-path-injection

GitHub Advanced Security / CodeQL failed Mar 14, 2026 in 2s

11 new alerts including 11 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

11 high

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 44 in cli/cmd/doctor.go

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a

.
This path depends on a user-provided value.
This path depends on a user-provided value.
This path depends on a user-provided value.

Check failure on line 189 in cli/cmd/init.go

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a

.
This path depends on a

.
This path depends on a

.

Check failure on line 240 in cli/cmd/init.go

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a

.
This path depends on a

.
This path depends on a

.
This path depends on a user-provided value.

Check failure on line 49 in cli/cmd/logs.go

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a

.
This path depends on a user-provided value.
This path depends on a user-provided value.
This path depends on a user-provided value.

Check failure on line 38 in cli/cmd/start.go

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a

.
This path depends on a user-provided value.
This path depends on a user-provided value.
This path depends on a user-provided value.

Check failure on line 44 in cli/cmd/status.go

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a

.
This path depends on a user-provided value.
This path depends on a user-provided value.
This path depends on a user-provided value.

Check failure on line 34 in cli/cmd/stop.go

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a

.
This path depends on a user-provided value.
This path depends on a user-provided value.
This path depends on a user-provided value.

Check failure on line 115 in cli/cmd/uninstall.go

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a

.
This path depends on a user-provided value.
This path depends on a user-provided value.
This path depends on a user-provided value.

Check failure on line 49 in cli/internal/config/state.go

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a

.
This path depends on a

.
This path depends on a

.
This path depends on a user-provided value.

Check failure on line 81 in cli/internal/config/state.go

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a

.
This path depends on a

.
This path depends on a

.
This path depends on a user-provided value.

Check failure on line 88 in cli/internal/config/state.go

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a

.
This path depends on a

.
This path depends on a

.
This path depends on a user-provided value.