feat/CUS-11564-Migrated the addon to eu region#365
Merged
akhil-testsigma merged 2 commits intoMar 26, 2026
Conversation
📝 WalkthroughWalkthroughThis PR adds a new Maven module Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 1 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (1 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Warning Review ran into problems🔥 ProblemsGit: Failed to clone repository. Please run the Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 7
🧹 Nitpick comments (4)
authenticator_code_generator_/src/main/java/com/testsigma/addons/mobileweb/AuthCodeGenerator.java (1)
16-50: Keep this as a thin platform wrapper.This class repeats the same parent-state shadowing as the Android wrapper: the superclass already owns the annotated inputs/output and TOTP implementation, but this subclass redeclares all three fields and copies
execute(). That splits the fix path again and can confuse SDK field discovery if inherited annotations are processed. Please verify in Jarvis that only onesecretkeyand onetestdatainput are registered.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@authenticator_code_generator_/src/main/java/com/testsigma/addons/mobileweb/AuthCodeGenerator.java` around lines 16 - 50, The subclass AuthCodeGenerator is redeclaring annotated fields (secret, testData, runTimeData) and duplicating execute(), shadowing the superclass behavior; remove the duplicate declarations and the copied logic so the class is a thin wrapper that either omits execute() entirely or simply delegates to super.execute(), leaving all annotations and TOTP logic in the superclass (com.testsigma.addons.web.AuthCodeGenerator); after changes, verify in Jarvis that only one secretkey and one testdata input are registered.authenticator_code_generator_/src/main/java/com/testsigma/addons/android/AuthCodeGenerator.java (1)
16-50: Keep this as a thin platform wrapper.
com.testsigma.addons.web.AuthCodeGeneratoralready definessecret,testData,runTimeData, and the full TOTP flow. Redeclaring the same annotated fields and copyingexecute()here means the failure-result and OTP-redaction fixes in the web action will not propagate, and it may also surface duplicatesecretkey/testdatainputs if the SDK walks inherited fields. Please verify in Jarvis that this action exposes each input only once.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@authenticator_code_generator_/src/main/java/com/testsigma/addons/android/AuthCodeGenerator.java` around lines 16 - 50, The subclass AuthCodeGenerator currently re-declares annotated fields (secret, testData, runTimeData) and overrides execute(), duplicating logic from com.testsigma.addons.web.AuthCodeGenerator; remove the field declarations and the execute() override so the class remains a thin platform wrapper that inherits the web action’s corrected failure/result handling and OTP redaction, or if you must customize behavior, call super.execute() from your execute() and only add minimal platform-specific bits; after making this change, verify in Jarvis that only one set of inputs (secretkey/testdata) is exposed and no duplicate runtime fields appear.authenticator_code_generator_/src/main/java/com/testsigma/addons/web/AuthCodeGenerator.java (1)
14-57: Extract the TOTP flow once instead of copying it per platform.This method is duplicated across the Android, iOS, mobile-web, Windows, and Salesforce actions, and the copies have already drifted (
printStackTraceonly in some files,"info"vs"infor"). A shared helper or abstract base will keep the failure handling and log redaction consistent.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@authenticator_code_generator_/src/main/java/com/testsigma/addons/web/AuthCodeGenerator.java` around lines 14 - 57, The TOTP generation and error-handling logic in AuthCodeGenerator is duplicated across multiple platform actions; extract it into a single reusable helper (e.g., TotpUtil.generateAndStoreTotp) and call that from each platform-specific action to remove drift. Implement a static helper class (TotpUtil) with a method that accepts the secret TestData, the testData key, the RunTimeData instance, and a logger (and returns success/failure or throws a well-defined exception); move the Totp creation, now() call, runtime key/value set, success message construction, and consistent error logging/stack-redaction into that helper; then update AuthCodeGenerator.execute to delegate to TotpUtil and only handle orchestration and mapping of messages. Ensure the helper is used by the other platform action classes so logging, exception handling, and messages remain identical.authenticator_code_generator_/src/main/java/com/testsigma/addons/ios/AuthCodeGenerator.java (1)
16-50: Keep this as a thin platform wrapper.Like the Android and mobile-web variants, this subclass redeclares the parent’s annotated fields and forks the full
execute()body. That means the failure-result and OTP-redaction fixes still have to be reapplied here, and it may also create duplicate action inputs if the SDK reflects inherited fields. Please verify in Jarvis that this action is registered with a singlesecretkeyandtestdatainput.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@authenticator_code_generator_/src/main/java/com/testsigma/addons/ios/AuthCodeGenerator.java` around lines 16 - 50, This subclass unnecessarily redeclares annotated fields (secret, testData, runTimeData) and duplicates the execute() logic, which causes duplicate action inputs and omits the failure-result and OTP redaction fixes; remove the field declarations from com.testsigma.addons.ios.AuthCodeGenerator so it inherits them from the parent, and replace the execute() body with a thin wrapper that calls super.execute() (or, if platform-specific logic is required, copy the parent’s corrected execute() implementation), ensuring on exceptions you set the result to FAILURE, do not log or include raw OTP/secret values (remove otpgenerator.toString(), avoid including newotp in logs/messages), and verify in Jarvis that only one secretkey and testdata input is registered.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In
`@authenticator_code_generator_/src/main/java/com/testsigma/addons/salesforce/AuthCodeGenerator.java`:
- Around line 38-43: The code currently logs and returns the TOTP via newOtp
(see AuthCodeGenerator.java, variables newOtp and runTimeData), which must be
removed: stop calling logger.info with runTimeData.getValue() and do not include
newOtp in setSuccessMessage; keep runTimeData.setKey(...) and
runTimeData.setValue(newOtp) so the OTP is stored, but change logger.info to
either omit the value (log only the key or a masked placeholder) and change
setSuccessMessage to a generic confirmation like "A TOTP has been generated and
stored in runtime variable <variableName>" without exposing the actual code;
update references to logger.info and setSuccessMessage in AuthCodeGenerator to
implement this.
- Around line 33-51: The catch block in AuthCodeGenerator.java currently only
logs and sets an error message but leaves the local variable result as
com.testsigma.sdk.Result.SUCCESS; update the catch to set result =
com.testsigma.sdk.Result.FAILED (or the appropriate failure enum in
com.testsigma.sdk.Result) before exiting so the method returns a failure when an
exception occurs, keeping the existing logging and setErrorMessage calls intact.
In
`@authenticator_code_generator_/src/main/java/com/testsigma/addons/web/AuthCodeGenerator.java`:
- Around line 34-55: The catch block leaves com.testsigma.sdk.Result result as
Result.SUCCESS so failures still report success; inside the catch for Exception
in AuthCodeGenerator (where result is declared as com.testsigma.sdk.Result
result = com.testsigma.sdk.Result.SUCCESS), set result =
com.testsigma.sdk.Result.FAILED (or Result.FAILURE per SDK enum) before
returning, ensuring the method returns a failure result when an exception
occurs; keep the existing setErrorMessage and logging, then return the updated
result at the end of the method.
- Around line 39-44: Remove any exposure of the generated OTP in logs and
user-visible messages: in AuthCodeGenerator (where newotp is created and
assigned via runTimeData.setValue), stop passing newotp to logger.info and to
setSuccessMessage; instead log only the destination runtime-variable name
(runTimeData.getKey()) and update the success message to reference only the
runtime variable name (testData.getValue()) without including newotp. Ensure
runTimeData.setValue(newotp) still stores the secret value but no other code
(logger.info, setSuccessMessage) prints or concatenates newotp anywhere.
In
`@authenticator_code_generator_/src/main/java/com/testsigma/addons/windows/AuthCodeGenerator.java`:
- Around line 39-44: The code currently logs and returns the live TOTP
(otpgenerator.now()) via logger.info and setSuccessMessage; remove any exposure
of the OTP by stopping logging the runtime variable value and removing the OTP
from the success message. Update the block around otpgenerator.now(),
runTimeData.setKey(...), runTimeData.setValue(...), logger.info(...) and
setSuccessMessage(...) so logger.info only logs the runtime variable name
(runTimeData.getKey()) or a confirmation message without the value, and
setSuccessMessage reports that the TOTP was generated and stored in the runtime
variable (testData.getValue()) without including the actual OTP.
- Around line 34-55: The catch block currently only logs and sets an error
message but never updates the local result variable, so the method always
returns com.testsigma.sdk.Result.SUCCESS; inside the catch(Exception error) in
AuthCodeGenerator.java update the result to the failure enum (e.g., set result =
com.testsigma.sdk.Result.FAILED), preserve existing logging and
setErrorMessage(...) calls, and ensure the method returns that failure result so
callers see the step as failed when Totp generation or runtime-data assignment
throws.
In `@authenticator_code_generator_/src/main/resources/testsigma-sdk.properties`:
- Line 1: Remove the hardcoded SDK credential by replacing the literal value for
the property testsigma-sdk.api.key in testsigma-sdk.properties with a
placeholder or environment-injected reference (e.g. ${TESTSIGMA_SDK_API_KEY})
and update the runtime config to read that secret from environment/secret
manager; then remove the committed secret from the current commit (and purge it
from history if already pushed) and rotate/revoke the exposed key before
publishing the addon.
---
Nitpick comments:
In
`@authenticator_code_generator_/src/main/java/com/testsigma/addons/android/AuthCodeGenerator.java`:
- Around line 16-50: The subclass AuthCodeGenerator currently re-declares
annotated fields (secret, testData, runTimeData) and overrides execute(),
duplicating logic from com.testsigma.addons.web.AuthCodeGenerator; remove the
field declarations and the execute() override so the class remains a thin
platform wrapper that inherits the web action’s corrected failure/result
handling and OTP redaction, or if you must customize behavior, call
super.execute() from your execute() and only add minimal platform-specific bits;
after making this change, verify in Jarvis that only one set of inputs
(secretkey/testdata) is exposed and no duplicate runtime fields appear.
In
`@authenticator_code_generator_/src/main/java/com/testsigma/addons/ios/AuthCodeGenerator.java`:
- Around line 16-50: This subclass unnecessarily redeclares annotated fields
(secret, testData, runTimeData) and duplicates the execute() logic, which causes
duplicate action inputs and omits the failure-result and OTP redaction fixes;
remove the field declarations from com.testsigma.addons.ios.AuthCodeGenerator so
it inherits them from the parent, and replace the execute() body with a thin
wrapper that calls super.execute() (or, if platform-specific logic is required,
copy the parent’s corrected execute() implementation), ensuring on exceptions
you set the result to FAILURE, do not log or include raw OTP/secret values
(remove otpgenerator.toString(), avoid including newotp in logs/messages), and
verify in Jarvis that only one secretkey and testdata input is registered.
In
`@authenticator_code_generator_/src/main/java/com/testsigma/addons/mobileweb/AuthCodeGenerator.java`:
- Around line 16-50: The subclass AuthCodeGenerator is redeclaring annotated
fields (secret, testData, runTimeData) and duplicating execute(), shadowing the
superclass behavior; remove the duplicate declarations and the copied logic so
the class is a thin wrapper that either omits execute() entirely or simply
delegates to super.execute(), leaving all annotations and TOTP logic in the
superclass (com.testsigma.addons.web.AuthCodeGenerator); after changes, verify
in Jarvis that only one secretkey and one testdata input are registered.
In
`@authenticator_code_generator_/src/main/java/com/testsigma/addons/web/AuthCodeGenerator.java`:
- Around line 14-57: The TOTP generation and error-handling logic in
AuthCodeGenerator is duplicated across multiple platform actions; extract it
into a single reusable helper (e.g., TotpUtil.generateAndStoreTotp) and call
that from each platform-specific action to remove drift. Implement a static
helper class (TotpUtil) with a method that accepts the secret TestData, the
testData key, the RunTimeData instance, and a logger (and returns
success/failure or throws a well-defined exception); move the Totp creation,
now() call, runtime key/value set, success message construction, and consistent
error logging/stack-redaction into that helper; then update
AuthCodeGenerator.execute to delegate to TotpUtil and only handle orchestration
and mapping of messages. Ensure the helper is used by the other platform action
classes so logging, exception handling, and messages remain identical.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 052b41b1-efd2-4c84-82a9-b790d6921eaa
⛔ Files ignored due to path filters (2)
.DS_Storeis excluded by!**/.DS_Storeauthenticator_code_generator_/.DS_Storeis excluded by!**/.DS_Store
📒 Files selected for processing (8)
authenticator_code_generator_/pom.xmlauthenticator_code_generator_/src/main/java/com/testsigma/addons/android/AuthCodeGenerator.javaauthenticator_code_generator_/src/main/java/com/testsigma/addons/ios/AuthCodeGenerator.javaauthenticator_code_generator_/src/main/java/com/testsigma/addons/mobileweb/AuthCodeGenerator.javaauthenticator_code_generator_/src/main/java/com/testsigma/addons/salesforce/AuthCodeGenerator.javaauthenticator_code_generator_/src/main/java/com/testsigma/addons/web/AuthCodeGenerator.javaauthenticator_code_generator_/src/main/java/com/testsigma/addons/windows/AuthCodeGenerator.javaauthenticator_code_generator_/src/main/resources/testsigma-sdk.properties
Comment on lines
+33
to
+51
| com.testsigma.sdk.Result result = com.testsigma.sdk.Result.SUCCESS; | ||
| try { | ||
| Totp otpGenerator = new Totp(secret.getValue().toString()); | ||
|
|
||
| logger.debug(otpGenerator.toString()); | ||
| String newOtp = otpGenerator.now(); | ||
| runTimeData.setKey(testData.getValue().toString()); | ||
| runTimeData.setValue(newOtp); | ||
| logger.info(runTimeData.getKey().toString() + " " + runTimeData.getValue().toString()); | ||
| setSuccessMessage("The TOTP is " + newOtp + " " + "and has been assigned to runtime variable " | ||
| + testData.getValue().toString()); | ||
|
|
||
| } catch (Exception error) { | ||
| logger.debug(error.getMessage() + error.getCause()); | ||
| logger.info("stack trace : " + ExceptionUtils.getStackTrace(error)); | ||
| setErrorMessage("Operation Failed.Please check the logs for more info"); | ||
|
|
||
| } | ||
| return result; |
There was a problem hiding this comment.
Return a failure result from the catch path.
The catch block only sets an error message; result still returns Result.SUCCESS. That will mask TOTP generation or runtime-variable assignment failures as successful addon runs.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@authenticator_code_generator_/src/main/java/com/testsigma/addons/salesforce/AuthCodeGenerator.java`
around lines 33 - 51, The catch block in AuthCodeGenerator.java currently only
logs and sets an error message but leaves the local variable result as
com.testsigma.sdk.Result.SUCCESS; update the catch to set result =
com.testsigma.sdk.Result.FAILED (or the appropriate failure enum in
com.testsigma.sdk.Result) before exiting so the method returns a failure when an
exception occurs, keeping the existing logging and setErrorMessage calls intact.
Comment on lines
+38
to
+43
| String newOtp = otpGenerator.now(); | ||
| runTimeData.setKey(testData.getValue().toString()); | ||
| runTimeData.setValue(newOtp); | ||
| logger.info(runTimeData.getKey().toString() + " " + runTimeData.getValue().toString()); | ||
| setSuccessMessage("The TOTP is " + newOtp + " " + "and has been assigned to runtime variable " | ||
| + testData.getValue().toString()); |
There was a problem hiding this comment.
Do not expose the OTP in logs or success text.
The generated code is written to the logger and echoed back in the success message. Even though it is short-lived, it is still a valid second factor and should not be surfaced in run output.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@authenticator_code_generator_/src/main/java/com/testsigma/addons/salesforce/AuthCodeGenerator.java`
around lines 38 - 43, The code currently logs and returns the TOTP via newOtp
(see AuthCodeGenerator.java, variables newOtp and runTimeData), which must be
removed: stop calling logger.info with runTimeData.getValue() and do not include
newOtp in setSuccessMessage; keep runTimeData.setKey(...) and
runTimeData.setValue(newOtp) so the OTP is stored, but change logger.info to
either omit the value (log only the key or a masked placeholder) and change
setSuccessMessage to a generic confirmation like "A TOTP has been generated and
stored in runtime variable <variableName>" without exposing the actual code;
update references to logger.info and setSuccessMessage in AuthCodeGenerator to
implement this.
Comment on lines
+34
to
+55
| com.testsigma.sdk.Result result = com.testsigma.sdk.Result.SUCCESS; | ||
| try { | ||
| Totp otpgenerator = new Totp(secret.getValue().toString()); | ||
|
|
||
| logger.debug(otpgenerator.toString()); | ||
| String newotp = otpgenerator.now(); | ||
| runTimeData.setKey(testData.getValue().toString()); | ||
| runTimeData.setValue(newotp.toString()); | ||
| logger.info(runTimeData.getKey().toString() + " " + runTimeData.getValue().toString()); | ||
| setSuccessMessage("The TOTP is " + newotp + " " + "and has been assigned to runtime variable " | ||
| + testData.getValue().toString()); | ||
|
|
||
| } catch (Exception error) { | ||
|
|
||
| error.printStackTrace(); | ||
| logger.debug(error.getMessage() + error.getCause()); | ||
| logger.info("stack trace : " + ExceptionUtils.getStackTrace(error)); | ||
| setErrorMessage("Operation Failed.Please check the logs for more infor"); | ||
|
|
||
|
|
||
| } | ||
| return result; |
There was a problem hiding this comment.
Return a failure result from the catch path.
result starts as Result.SUCCESS and never changes, so a bad or missing secret still reports a green step while the runtime variable is never populated.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@authenticator_code_generator_/src/main/java/com/testsigma/addons/web/AuthCodeGenerator.java`
around lines 34 - 55, The catch block leaves com.testsigma.sdk.Result result as
Result.SUCCESS so failures still report success; inside the catch for Exception
in AuthCodeGenerator (where result is declared as com.testsigma.sdk.Result
result = com.testsigma.sdk.Result.SUCCESS), set result =
com.testsigma.sdk.Result.FAILED (or Result.FAILURE per SDK enum) before
returning, ensuring the method returns a failure result when an exception
occurs; keep the existing setErrorMessage and logging, then return the updated
result at the end of the method.
Comment on lines
+39
to
+44
| String newotp = otpgenerator.now(); | ||
| runTimeData.setKey(testData.getValue().toString()); | ||
| runTimeData.setValue(newotp.toString()); | ||
| logger.info(runTimeData.getKey().toString() + " " + runTimeData.getValue().toString()); | ||
| setSuccessMessage("The TOTP is " + newotp + " " + "and has been assigned to runtime variable " | ||
| + testData.getValue().toString()); |
There was a problem hiding this comment.
Stop writing the OTP to logs and step output.
Lines 42-44 log the generated code and echo it in the success message. That exposes a live second factor in run logs/UI; only log the destination runtime-variable name.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@authenticator_code_generator_/src/main/java/com/testsigma/addons/web/AuthCodeGenerator.java`
around lines 39 - 44, Remove any exposure of the generated OTP in logs and
user-visible messages: in AuthCodeGenerator (where newotp is created and
assigned via runTimeData.setValue), stop passing newotp to logger.info and to
setSuccessMessage; instead log only the destination runtime-variable name
(runTimeData.getKey()) and update the success message to reference only the
runtime variable name (testData.getValue()) without including newotp. Ensure
runTimeData.setValue(newotp) still stores the secret value but no other code
(logger.info, setSuccessMessage) prints or concatenates newotp anywhere.
Comment on lines
+34
to
+55
| com.testsigma.sdk.Result result = com.testsigma.sdk.Result.SUCCESS; | ||
| try { | ||
| Totp otpgenerator = new Totp(secret.getValue().toString()); | ||
|
|
||
| logger.debug(otpgenerator.toString()); | ||
| String newotp = otpgenerator.now(); | ||
| runTimeData.setKey(testData.getValue().toString()); | ||
| runTimeData.setValue(newotp.toString()); | ||
| logger.info(runTimeData.getKey().toString() + " " + runTimeData.getValue().toString()); | ||
| setSuccessMessage("The TOTP is " + newotp + " " + "and has been assigned to runtime variable " | ||
| + testData.getValue().toString()); | ||
|
|
||
| } catch (Exception error) { | ||
|
|
||
| error.printStackTrace(); | ||
| logger.debug(error.getMessage() + error.getCause()); | ||
| logger.info("stack trace : " + ExceptionUtils.getStackTrace(error)); | ||
| setErrorMessage("Operation Failed.Please check the logs for more infor"); | ||
|
|
||
|
|
||
| } | ||
| return result; |
There was a problem hiding this comment.
Return a failure result from the catch path.
result stays Result.SUCCESS even after the catch block runs, so an invalid secret or runtime-variable write failure still marks the addon step successful.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@authenticator_code_generator_/src/main/java/com/testsigma/addons/windows/AuthCodeGenerator.java`
around lines 34 - 55, The catch block currently only logs and sets an error
message but never updates the local result variable, so the method always
returns com.testsigma.sdk.Result.SUCCESS; inside the catch(Exception error) in
AuthCodeGenerator.java update the result to the failure enum (e.g., set result =
com.testsigma.sdk.Result.FAILED), preserve existing logging and
setErrorMessage(...) calls, and ensure the method returns that failure result so
callers see the step as failed when Totp generation or runtime-data assignment
throws.
Comment on lines
+39
to
+44
| String newotp = otpgenerator.now(); | ||
| runTimeData.setKey(testData.getValue().toString()); | ||
| runTimeData.setValue(newotp.toString()); | ||
| logger.info(runTimeData.getKey().toString() + " " + runTimeData.getValue().toString()); | ||
| setSuccessMessage("The TOTP is " + newotp + " " + "and has been assigned to runtime variable " | ||
| + testData.getValue().toString()); |
There was a problem hiding this comment.
Do not disclose the generated OTP here.
The Windows action logs the runtime-variable value and includes the OTP in the success message. That leaks a live authentication code into logs and step output.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@authenticator_code_generator_/src/main/java/com/testsigma/addons/windows/AuthCodeGenerator.java`
around lines 39 - 44, The code currently logs and returns the live TOTP
(otpgenerator.now()) via logger.info and setSuccessMessage; remove any exposure
of the OTP by stopping logging the runtime variable value and removing the OTP
from the success message. Update the block around otpgenerator.now(),
runTimeData.setKey(...), runTimeData.setValue(...), logger.info(...) and
setSuccessMessage(...) so logger.info only logs the runtime variable name
(runTimeData.getKey()) or a confirmation message without the value, and
setSuccessMessage reports that the TOTP was generated and stored in the runtime
variable (testData.getValue()) without including the actual OTP.
| @@ -0,0 +1 @@ | |||
| testsigma-sdk.api.key=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIyNTgxZDNlYy02Zjk2LTg3NDktZThmNS1hYjEwMWIwZDA1NTQiLCJ1bmlxdWVJZCI6IjM0ODAiLCJpZGVudGl0eUFjY291bnRVVUlkIjoiODZlMGQ1ODUtZTVlYi05NmIxLTAyZDktOTRkODM3N2RiMzlmIn0.6IdNC-q3yAmj3ev8o9A4uRPanClnAHbndw3oCYKkcP0EU43QM05ubxJEZVGFnkZmAPxqIgRp1Sf44Oux0tl9Ag No newline at end of file | |||
There was a problem hiding this comment.
Remove the committed SDK credential before merge.
Line 1 hardcodes a testsigma-sdk.api.key in src/main/resources, so it will live in git history and be bundled into the release JAR. Replace it with an injected secret or placeholder, and revoke/rotate this key before publishing the EU addon.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@authenticator_code_generator_/src/main/resources/testsigma-sdk.properties` at
line 1, Remove the hardcoded SDK credential by replacing the literal value for
the property testsigma-sdk.api.key in testsigma-sdk.properties with a
placeholder or environment-injected reference (e.g. ${TESTSIGMA_SDK_API_KEY})
and update the runtime config to read that secret from environment/secret
manager; then remove the committed secret from the current commit (and purge it
from history if already pushed) and rotate/revoke the exposed key before
publishing the addon.
vignesh-testsigma
approved these changes
Mar 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Publish this addon as PRIVATE (EU Region)
Addon Name: Authenticator Code Generator
Jarvis Link: https://jarvis-eu.testsigma.com/ui/tenants/66076/addons
Jira : https://testsigma.atlassian.net/browse/CUS-11564
Migrated the addon to eu region
Summary by CodeRabbit