From 5e810a418eff5912462ce13b44681fb054a9ac9b Mon Sep 17 00:00:00 2001
From: Oliver Baer <75138893+mrwind-up-bird@users.noreply.github.com>
Date: Tue, 10 Mar 2026 02:54:16 +0100
Subject: [PATCH] fix(autofix): Missing input validation for token scopes

---
 cmd/ckb/token.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/cmd/ckb/token.go b/cmd/ckb/token.go
index ea3f441a..929a4448 100644
--- a/cmd/ckb/token.go
+++ b/cmd/ckb/token.go
@@ -105,6 +105,11 @@ func init() {
 	tokenCreateCmd.Flags().StringVar(&tokenName, "name", "", "Token name (required)")
 	tokenCreateCmd.Flags().StringSliceVar(&tokenScopes, "scopes", nil, "Scopes: read, write, admin (required)")
 	tokenCreateCmd.Flags().StringSliceVar(&tokenRepos, "repos", nil, "Restrict to repos matching patterns")
+	seen := make(map[auth.Scope]bool)
+		if seen[scope] {
+			continue // Skip duplicate scopes
+		}
+		seen[scope] = true
 	tokenCreateCmd.Flags().StringVar(&tokenExpires, "expires", "", "Expiration (e.g., 30d, 1h, 2024-12-31)")
 	tokenCreateCmd.Flags().IntVar(&tokenRateLimit, "rate-limit", 0, "Rate limit (requests per minute, 0=default)")
 	_ = tokenCreateCmd.MarkFlagRequired("name")