Skip to content

Comments

Fix password exposed in the FTP error object#1496

Merged
niveathika merged 4 commits intoballerina-platform:masterfrom
SachinAkash01:mask-error-object-password
Sep 24, 2025
Merged

Fix password exposed in the FTP error object#1496
niveathika merged 4 commits intoballerina-platform:masterfrom
SachinAkash01:mask-error-object-password

Conversation

@SachinAkash01
Copy link
Member

Purpose

$subject

Examples

Checklist

  • Linked to an issue
  • Updated the changelog
  • Added tests
  • Updated the spec
  • Checked native-image compatibility

@codecov
Copy link

codecov bot commented Sep 24, 2025

Codecov Report

❌ Patch coverage is 81.25000% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 83.60%. Comparing base (922c974) to head (3c20e24).
⚠️ Report is 5 commits behind head on master.

Files with missing lines Patch % Lines
...connector/contractimpl/VfsClientConnectorImpl.java 62.50% 2 Missing and 1 partial ⚠️
Additional details and impacted files
@@             Coverage Diff              @@
##             master    #1496      +/-   ##
============================================
- Coverage     84.81%   83.60%   -1.22%     
- Complexity      244      341      +97     
============================================
  Files            28       37       +9     
  Lines          1291     1641     +350     
  Branches        156      238      +82     
============================================
+ Hits           1095     1372     +277     
- Misses          133      165      +32     
- Partials         63      104      +41     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@niveathika niveathika requested a review from Copilot September 24, 2025 04:13
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Fixes a security vulnerability where FTP passwords were exposed in error messages by implementing URL password masking functionality.

  • Implements a maskUrlPassword utility function with improved pattern matching for URL schemes and user info
  • Applies password masking to all FTP error messages throughout the codebase
  • Updates test cases to expect masked passwords in error messages

Reviewed Changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
FtpUtil.java Applies password masking to error creation methods
FileTransportUtils.java Implements improved maskUrlPassword function with better regex patterns
VfsClientConnectorImpl.java Masks passwords in file operation error messages
secure_client_endpoint_test.bal Updates test expectations to use masked passwords
client_endpoint_test.bal Updates test expectations to use masked passwords
client_endpoint_negative_test.bal Updates test expectations to use masked passwords
Dependencies.toml Version bump to 2.14.1
CompilerPlugin.toml Updates jar path for new version
Ballerina.toml Updates package version to 2.14.1

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@niveathika niveathika added the Skip GraalVM Check This will skip the GraalVM compatibility check label Sep 24, 2025
@sonarqubecloud
Copy link

@niveathika niveathika merged commit fc374a9 into ballerina-platform:master Sep 24, 2025
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Skip GraalVM Check This will skip the GraalVM compatibility check

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants