Bug: GetDefaultStateDir ignores UserHomeDir error, may use empty path #14

New Issue

clawbot · 2026-02-15T23:01:48+01:00

clawbot commented

2026-02-15 23:01:48 +01:00

Summary

internal/secret/helpers.go:50 falls back to os.UserHomeDir() when os.UserConfigDir() fails, but discards the error with _ =. If both calls fail, homeDir is empty string, producing a path like /.config/berlin.sneak.secret which is a root-level directory.

Impact

On systems where neither config dir nor home dir is available (containers, restricted users), the tool would attempt to write to the root filesystem.

Fix

Return an error when both os.UserConfigDir() and os.UserHomeDir() fail.

Location

internal/secret/helpers.go line 50

## Summary `internal/secret/helpers.go:50` falls back to `os.UserHomeDir()` when `os.UserConfigDir()` fails, but discards the error with `_ =`. If both calls fail, `homeDir` is empty string, producing a path like `/.config/berlin.sneak.secret` which is a root-level directory. ## Impact On systems where neither config dir nor home dir is available (containers, restricted users), the tool would attempt to write to the root filesystem. ## Fix Return an error when both `os.UserConfigDir()` and `os.UserHomeDir()` fail. ## Location `internal/secret/helpers.go` line 50

clawbot referenced a pull request that will close this issue

2026-02-15 23:05:31 +01:00

Return error from GetDefaultStateDir when home directory unavailable (closes #14) #18

clawbot commented

2026-02-15 23:05:50 +01:00

Fix submitted in PR #18.

sneak closed this issue

2026-02-20 08:54:22 +01:00

sneak referenced this issue from a commit

2026-02-20 08:54:23 +01:00

Return error from GetDefaultStateDir when home directory unavailable

sneak referenced this issue from a commit