Fix password exposed in the FTP error object#1496
Merged
niveathika merged 4 commits intoballerina-platform:masterfrom Sep 24, 2025
Merged
Fix password exposed in the FTP error object#1496niveathika merged 4 commits intoballerina-platform:masterfrom
niveathika merged 4 commits intoballerina-platform:masterfrom
Conversation
SachinAkash01
requested review from
DimuthuMadushan,
MohamedSabthar,
ThisaruGuruge and
shafreenAnfar
as code owners
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #1496 +/- ##
============================================
- Coverage 84.81% 83.60% -1.22%
- Complexity 244 341 +97
============================================
Files 28 37 +9
Lines 1291 1641 +350
Branches 156 238 +82
============================================
+ Hits 1095 1372 +277
- Misses 133 165 +32
- Partials 63 104 +41 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Contributor
There was a problem hiding this comment.
Pull Request Overview
Fixes a security vulnerability where FTP passwords were exposed in error messages by implementing URL password masking functionality.
- Implements a
maskUrlPasswordutility function with improved pattern matching for URL schemes and user info - Applies password masking to all FTP error messages throughout the codebase
- Updates test cases to expect masked passwords in error messages
Reviewed Changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| FtpUtil.java | Applies password masking to error creation methods |
| FileTransportUtils.java | Implements improved maskUrlPassword function with better regex patterns |
| VfsClientConnectorImpl.java | Masks passwords in file operation error messages |
| secure_client_endpoint_test.bal | Updates test expectations to use masked passwords |
| client_endpoint_test.bal | Updates test expectations to use masked passwords |
| client_endpoint_negative_test.bal | Updates test expectations to use masked passwords |
| Dependencies.toml | Version bump to 2.14.1 |
| CompilerPlugin.toml | Updates jar path for new version |
| Ballerina.toml | Updates package version to 2.14.1 |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
native/src/main/java/io/ballerina/stdlib/ftp/transport/server/util/FileTransportUtils.java
Show resolved
Hide resolved
…ror-object-password
niveathika
added
the
Skip GraalVM Check
|
niveathika
approved these changes
Sep 24, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose
Examples
Checklist