👟 Reproduction steps
In the main src/client.rs file, the Client::new() constructor and setter methods use .parse().unwrap() for header values and .expect() for HTTP client construction:
In Client::new() (lines 91-96):
headers.insert("X-Appwrite-Response-Format", "1.9.0".parse().unwrap());
headers.insert("user-agent", format!("AppwriteRustSDK/0.1.0 ...").parse().unwrap());
headers.insert("x-sdk-name", "Rust".parse().unwrap());
headers.insert("x-sdk-platform", "server".parse().unwrap());
headers.insert("x-sdk-language", "rust".parse().unwrap());
headers.insert("x-sdk-version", "0.1.0".parse().unwrap());👍 Expected behavior
- Header values from constant strings in
new() are safe and could use // SAFETY: comments to document why unwrap() is acceptable, or be converted to compile-time constants.
- Header values from user input in
set_project(), set_key(), set_jwt(), set_locale(), and set_session() should return Result<Self, AppwriteError> instead of panicking, since user-provided strings can contain invalid header characters (newlines, non-visible ASCII, etc.).
set_endpoint() already validates with panic! — it should also return Result.
👎 Actual Behavior
If a user passes a string with invalid header characters (e.g., client.set_key("my\nkey")), the SDK panics at runtime instead of returning an error.
🎲 Appwrite version
Version 0.10.x
💻 Operating system
Linux
🧱 Your Environment
No response
👀 Have you spent some time to check if this issue has been raised before?
🏢 Have you read the Code of Conduct?
👟 Reproduction steps
In the main
src/client.rsfile, theClient::new()constructor and setter methods use.parse().unwrap()for header values and.expect()for HTTP client construction:In
Client::new()(lines 91-96):👍 Expected behavior
new()are safe and could use// SAFETY:comments to document whyunwrap()is acceptable, or be converted to compile-time constants.set_project(),set_key(),set_jwt(),set_locale(), andset_session()should returnResult<Self, AppwriteError>instead of panicking, since user-provided strings can contain invalid header characters (newlines, non-visible ASCII, etc.).set_endpoint()already validates withpanic!— it should also returnResult.👎 Actual Behavior
If a user passes a string with invalid header characters (e.g.,
client.set_key("my\nkey")), the SDK panics at runtime instead of returning an error.🎲 Appwrite version
Version 0.10.x
💻 Operating system
Linux
🧱 Your Environment
No response
👀 Have you spent some time to check if this issue has been raised before?
🏢 Have you read the Code of Conduct?