feat/TE-29201-Added already present addon to in jarvis #209
Conversation
WalkthroughA new Maven-based Java project named Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant SplitStringUsingCharacterAction
participant TestSigmaRuntime
User->>SplitStringUsingCharacterAction: Provide character, testData, count, var
SplitStringUsingCharacterAction->>SplitStringUsingCharacterAction: Split testData by character
SplitStringUsingCharacterAction->>SplitStringUsingCharacterAction: Validate count/index
alt Valid index
SplitStringUsingCharacterAction->>TestSigmaRuntime: Store substring in runtime variable (var)
SplitStringUsingCharacterAction->>User: Return SUCCESS
else Invalid index or error
SplitStringUsingCharacterAction->>User: Return FAILED with error message
end
Estimated code review effort🎯 2 (Simple) | ⏱️ ~7 minutes Suggested reviewers
Poem
Note 🔌 MCP (Model Context Protocol) integration is now available in Early Access!Pro users can now connect to remote MCP servers under the Integrations page to get reviews and chat conversations that understand additional development context. ✨ Finishing Touches
🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 10
🧹 Nitpick comments (2)
split_sting_using_character/src/main/java/com/testsigma/addons/web/SplitStringUsingCharacterAction.java (2)
12-15: Correct action text/description; clarify zero-based index semantics.Current description is a copy-paste and misleading. Also clarify that “position” is zero-based to avoid confusion.
-@Action(actionText = "Split string testdata using character and store the position into a variable", - description = "validates options count in a select drop-down", +@Action(actionText = "Split 'testdata' by 'character' and store value at zero-based 'position' into variable 'variable'", + description = "Splits the given test data using the provided delimiter and stores the substring at the specified zero-based index into a runtime variable.", applicationType = ApplicationType.WEB, useCustomScreenshot = false)
18-27: Optional: Align field names with references for readability.Not required for functionality, but consider renaming fields to match their @testdata references (character, testdata, position, variable) and removing stray whitespace.
- private com.testsigma.sdk.TestData character ; + private com.testsigma.sdk.TestData character; @@ - private com.testsigma.sdk.TestData count; + private com.testsigma.sdk.TestData position; @@ - private com.testsigma.sdk.TestData var; + private com.testsigma.sdk.TestData variable;If you adopt these names, update usages inside execute() accordingly.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
split_sting_using_character/pom.xml(1 hunks)split_sting_using_character/src/main/java/com/testsigma/addons/web/SplitStringUsingCharacterAction.java(1 hunks)split_sting_using_character/src/main/resources/testsigma-sdk.properties(1 hunks)
🧰 Additional context used
🪛 Gitleaks (8.27.2)
split_sting_using_character/src/main/resources/testsigma-sdk.properties
1-1: Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
(jwt)
| xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
| <modelVersion>4.0.0</modelVersion> | ||
| <groupId>com.testsigma.addons</groupId> | ||
| <artifactId>split_sting_using_character</artifactId> |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Fix artifact/module name typo: “sting” → “string”.
Align artifactId and finalName for correctness and discoverability.
- <artifactId>split_sting_using_character</artifactId>
+ <artifactId>split_string_using_character</artifactId>
...
- <finalName>split_sting_using_character</finalName>
+ <finalName>split_string_using_character</finalName>Note: If you accept this rename, also rename the folder and update any references in CI/CD and Jarvis metadata.
Run to find references to the old name:
Also applies to: 67-67
🏁 Script executed:
#!/bin/bash
rg -n --hidden --glob '!.git/' -e 'split_sting_using_character'Length of output: 256
Fix module name typo in POM and module folder
The artifactId and finalName still contain “sting” instead of “string”. Rename both entries and align the module directory to avoid inconsistencies:
--- split_sting_using_character/pom.xml
@@ line 8
- <artifactId>split_sting_using_character</artifactId>
+ <artifactId>split_string_using_character</artifactId>
@@ line 67
- <finalName>split_sting_using_character</finalName>
+ <finalName>split_string_using_character</finalName>• Rename the directory
• from: split_sting_using_character/
• to: split_string_using_character/
• Update any CI/CD pipelines, parent POM module listings, and Jarvis metadata that reference the old folder or artifact name.
• No other occurrences of split_sting_using_character were found in the codebase. [rg scan verified]
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| <artifactId>split_sting_using_character</artifactId> | |
| <artifactId>split_string_using_character</artifactId> |
🤖 Prompt for AI Agents
In split_sting_using_character/pom.xml at line 8, correct the typo in the
artifactId by changing "split_sting_using_character" to
"split_string_using_character". Rename the module directory from
"split_sting_using_character" to "split_string_using_character" to keep
consistency. Also, update any references to the old module name in CI/CD
pipelines, parent POM files, and Jarvis metadata to reflect the new correct
name.
| <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> | ||
| <maven.compiler.source>11</maven.compiler.source> | ||
| <maven.compiler.target>11</maven.compiler.target> | ||
| <testsigma.sdk.version>1.2.24_cloud</testsigma.sdk.version> |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Verify dependency versions and remove unused property.
- Confirm testsigma-java-sdk version “1.2.24_cloud” is current and correct for Jarvis.
- Property testsigma.addon.maven.plugin is defined but unused; remove to avoid confusion.
Also applies to: 21-21
🏁 Script executed:
#!/bin/bash
echo "Check if testsigma.addon.maven.plugin is referenced anywhere:"
rg -n --hidden --glob '!.git/' -e 'testsigma\.addon\.maven\.plugin'Length of output: 25754
I want to verify whether the testsigma.addon.maven.plugin property is actually referenced in the POM’s plugin configurations (i.e. usage of ${testsigma.addon.maven.plugin}).
🏁 Script executed:
#!/bin/bash
echo "Searching for addon-maven-plugin in split_string_using_character/pom.xml..."
rg -n 'addon-maven-plugin' split_string_using_character/pom.xml -C3 || echo "No direct mentions of addon-maven-plugin"
echo
echo "Searching for usage of the version property ${testsigma.addon.maven.plugin} in split_string_using_character/pom.xml..."
rg -n '\$\{testsigma\.addon\.maven\.plugin\}' split_string_using_character/pom.xml -C3 || echo "No usage of ${testsigma.addon.maven.plugin}"Length of output: 911
Remove unused Maven property and confirm SDK version
The testsigma.addon.maven.plugin property isn’t referenced anywhere in the POM’s plugin configurations (no occurrences of ${testsigma.addon.maven.plugin}), so it should be removed to avoid confusion. Additionally, please verify that the <testsigma.sdk.version>1.2.24_cloud</testsigma.sdk.version> is the correct and current SDK version for Jarvis.
– File split_sting_using_character/pom.xml, line 18:
- Remove this unused property:
<testsigma.addon.maven.plugin>1.0.0</testsigma.addon.maven.plugin>
🤖 Prompt for AI Agents
In split_sting_using_character/pom.xml around line 16 and nearby lines, remove
the unused Maven property
<testsigma.addon.maven.plugin>1.0.0</testsigma.addon.maven.plugin> since it is
not referenced anywhere in the POM. Also verify that the
<testsigma.sdk.version>1.2.24_cloud</testsigma.sdk.version> is the correct and
current SDK version for Jarvis and update it if necessary.
| <dependency> | ||
| <groupId>org.testng</groupId> | ||
| <artifactId>testng</artifactId> | ||
| <version>6.14.3</version> | ||
| </dependency> |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Set TestNG to test scope or remove if unused.
Currently TestNG is pulled in at compile scope and will be shaded into the JAR. This action doesn’t use it; it bloats artifacts.
- <dependency>
- <groupId>org.testng</groupId>
- <artifactId>testng</artifactId>
- <version>6.14.3</version>
- </dependency>
+ <dependency>
+ <groupId>org.testng</groupId>
+ <artifactId>testng</artifactId>
+ <version>6.14.3</version>
+ <scope>test</scope>
+ </dependency>📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| <dependency> | |
| <groupId>org.testng</groupId> | |
| <artifactId>testng</artifactId> | |
| <version>6.14.3</version> | |
| </dependency> | |
| <dependency> | |
| <groupId>org.testng</groupId> | |
| <artifactId>testng</artifactId> | |
| <version>6.14.3</version> | |
| <scope>test</scope> | |
| </dependency> |
🤖 Prompt for AI Agents
In split_sting_using_character/pom.xml around lines 42 to 46, the TestNG
dependency is declared without a scope, causing it to be included in the compile
scope and shaded into the final JAR unnecessarily. To fix this, add a
<scope>test</scope> element inside the TestNG dependency declaration to limit it
to test scope, or remove the dependency entirely if it is not used in the
project.
| <!-- https://mvnrepository.com/artifact/org.seleniumhq.selenium/selenium-java --> | ||
| <dependency> | ||
| <groupId>org.seleniumhq.selenium</groupId> | ||
| <artifactId>selenium-java</artifactId> | ||
| <version>4.33.0</version> | ||
| </dependency> | ||
| <!-- https://mvnrepository.com/artifact/io.appium/java-client --> | ||
| <dependency> | ||
| <groupId>io.appium</groupId> | ||
| <artifactId>java-client</artifactId> | ||
| <version>9.4.0</version> | ||
| </dependency> |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Remove Selenium/Appium from this module or reduce scope.
This addon only splits strings; Selenium/Appium are unused and significantly increase shaded JAR size. Also the Java class can avoid Selenium’s NoSuchElementException.
Option A (preferred): Remove both dependencies:
- <dependency>
- <groupId>org.seleniumhq.selenium</groupId>
- <artifactId>selenium-java</artifactId>
- <version>4.33.0</version>
- </dependency>
- <dependency>
- <groupId>io.appium</groupId>
- <artifactId>java-client</artifactId>
- <version>9.4.0</version>
- </dependency>Option B: If you must keep them for other actions, set scope to provided or move them to a shared parent/module rather than shading them into this utility addon.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| <!-- https://mvnrepository.com/artifact/org.seleniumhq.selenium/selenium-java --> | |
| <dependency> | |
| <groupId>org.seleniumhq.selenium</groupId> | |
| <artifactId>selenium-java</artifactId> | |
| <version>4.33.0</version> | |
| </dependency> | |
| <!-- https://mvnrepository.com/artifact/io.appium/java-client --> | |
| <dependency> | |
| <groupId>io.appium</groupId> | |
| <artifactId>java-client</artifactId> | |
| <version>9.4.0</version> | |
| </dependency> | |
| <!-- https://mvnrepository.com/artifact/org.seleniumhq.selenium/selenium-java --> | |
| <!-- https://mvnrepository.com/artifact/io.appium/java-client --> |
🤖 Prompt for AI Agents
In split_sting_using_character/pom.xml lines 47 to 58, the Selenium and Appium
dependencies are included but not used, causing unnecessary increase in the
shaded JAR size. To fix this, either remove both dependencies entirely if they
are not needed in this module, or if they must be kept for other purposes,
change their scope to "provided" or relocate them to a shared parent or separate
module to avoid shading them into this utility addon.
| <groupId>com.fasterxml.jackson.core</groupId> | ||
| <artifactId>jackson-annotations</artifactId> | ||
| <version>2.13.0</version> | ||
| </dependency> |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Update Jackson annotations or drop if unused.
This module doesn’t reference Jackson annotations. Remove to slim the JAR, or update to a current stable version to avoid known CVEs in 2.13.x.
🏁 Script executed:
#!/bin/bash
echo "Searching for direct usage of Jackson annotations in source:"
rg -n 'com\.fasterxml\.jackson\.annotation|jackson-annotations'Length of output: 10375
Remove unused Jackson annotations dependency in split_sting_using_character module
The jackson-annotations dependency isn’t referenced anywhere in this module, so it can be safely removed to slim down the artifact. If you do need Jackson annotations in the future, add it back at a current, CVE-patched version (e.g. 2.15.x or later).
• File: split_sting_using_character/pom.xml
• Lines to remove: 60–63
- <dependency>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-annotations</artifactId>
- <version>2.13.0</version>
- </dependency>🤖 Prompt for AI Agents
In split_sting_using_character/pom.xml at lines 60 to 63, remove the entire
jackson-annotations dependency block since it is unused in this module. This
will reduce unnecessary dependencies and slim down the artifact. If Jackson
annotations are needed later, re-add the dependency with a current, CVE-patched
version such as 2.15.x or later.
| import com.testsigma.sdk.annotation.RunTimeData; | ||
| import com.testsigma.sdk.annotation.TestData; | ||
| import lombok.Data; | ||
| import org.openqa.selenium.NoSuchElementException; |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Remove unused Selenium exception import and throws.
No Selenium APIs are used. Dropping this reduces unnecessary dependency coupling.
-import org.openqa.selenium.NoSuchElementException;
@@
- public com.testsigma.sdk.Result execute() throws NoSuchElementException {
+ public com.testsigma.sdk.Result execute() {Also applies to: 34-34
🤖 Prompt for AI Agents
In
split_sting_using_character/src/main/java/com/testsigma/addons/web/SplitStringUsingCharacterAction.java
at line 9 and line 34, remove the import statement for
org.openqa.selenium.NoSuchElementException and also remove any throws
declarations related to this exception in the method signatures, since no
Selenium APIs are used and this import and throws are unnecessary dependencies.
| String string = ""; | ||
| String splitCharacter = character.getValue().toString(); | ||
| String regexSafeCharacter = java.util.regex.Pattern.quote(splitCharacter); | ||
| String[] test = testData.getValue().toString().split(regexSafeCharacter); | ||
| System.out.println(test[1]); | ||
|
|
||
| int out = Integer.parseInt(count.getValue().toString()); | ||
| if (out >= 0 && out < test.length) { | ||
| string = test[out]; | ||
| logger.debug("Out: " + string); | ||
| logger.info("String: " + string); | ||
| } else { | ||
|
|
||
| result = com.testsigma.sdk.Result.FAILED; | ||
| logger.warn("Index out of bounds or invalid input"); | ||
| setErrorMessage("Index out of bounds or invalid input"); | ||
| } |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Add input validation and robust index parsing; fail fast with helpful messages.
Handle empty delimiter, null inputs, and non-integer positions. Also avoid setting an empty result on failure.
- String string = "";
- String splitCharacter = character.getValue().toString();
- String regexSafeCharacter = java.util.regex.Pattern.quote(splitCharacter);
- String[] test = testData.getValue().toString().split(regexSafeCharacter);
+ String string = "";
+ if (character == null || character.getValue() == null) {
+ setErrorMessage("Delimiter (character) is required");
+ return com.testsigma.sdk.Result.FAILED;
+ }
+ if (testData == null || testData.getValue() == null) {
+ setErrorMessage("Test data is required");
+ return com.testsigma.sdk.Result.FAILED;
+ }
+ if (var == null || var.getValue() == null || var.getValue().toString().isBlank()) {
+ setErrorMessage("Variable name (variable) is required");
+ return com.testsigma.sdk.Result.FAILED;
+ }
+ String splitCharacter = character.getValue().toString();
+ if (splitCharacter.isEmpty()) {
+ setErrorMessage("Delimiter (character) cannot be empty");
+ return com.testsigma.sdk.Result.FAILED;
+ }
+ String regexSafeCharacter = java.util.regex.Pattern.quote(splitCharacter);
+ String[] test = testData.getValue().toString().split(regexSafeCharacter);
@@
- int out = Integer.parseInt(count.getValue().toString());
+ int out;
+ try {
+ out = Integer.parseInt(count.getValue().toString());
+ } catch (NumberFormatException nfe) {
+ setErrorMessage("Position must be an integer");
+ return com.testsigma.sdk.Result.FAILED;
+ }
if (out >= 0 && out < test.length) {
string = test[out];
logger.debug("Out: " + string);
logger.info("String: " + string);
} else {
-
result = com.testsigma.sdk.Result.FAILED;
- logger.warn("Index out of bounds or invalid input");
- setErrorMessage("Index out of bounds or invalid input");
+ logger.warn("Position {} out of bounds for length {}", out, test.length);
+ setErrorMessage("Position out of bounds");
}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| String string = ""; | |
| String splitCharacter = character.getValue().toString(); | |
| String regexSafeCharacter = java.util.regex.Pattern.quote(splitCharacter); | |
| String[] test = testData.getValue().toString().split(regexSafeCharacter); | |
| System.out.println(test[1]); | |
| int out = Integer.parseInt(count.getValue().toString()); | |
| if (out >= 0 && out < test.length) { | |
| string = test[out]; | |
| logger.debug("Out: " + string); | |
| logger.info("String: " + string); | |
| } else { | |
| result = com.testsigma.sdk.Result.FAILED; | |
| logger.warn("Index out of bounds or invalid input"); | |
| setErrorMessage("Index out of bounds or invalid input"); | |
| } | |
| String string = ""; | |
| if (character == null || character.getValue() == null) { | |
| setErrorMessage("Delimiter (character) is required"); | |
| return com.testsigma.sdk.Result.FAILED; | |
| } | |
| if (testData == null || testData.getValue() == null) { | |
| setErrorMessage("Test data is required"); | |
| return com.testsigma.sdk.Result.FAILED; | |
| } | |
| if (var == null || var.getValue() == null || var.getValue().toString().isBlank()) { | |
| setErrorMessage("Variable name (variable) is required"); | |
| return com.testsigma.sdk.Result.FAILED; | |
| } | |
| String splitCharacter = character.getValue().toString(); | |
| if (splitCharacter.isEmpty()) { | |
| setErrorMessage("Delimiter (character) cannot be empty"); | |
| return com.testsigma.sdk.Result.FAILED; | |
| } | |
| String regexSafeCharacter = java.util.regex.Pattern.quote(splitCharacter); | |
| String[] test = testData.getValue().toString().split(regexSafeCharacter); | |
| System.out.println(test[1]); | |
| int out; | |
| try { | |
| out = Integer.parseInt(count.getValue().toString()); | |
| } catch (NumberFormatException nfe) { | |
| setErrorMessage("Position must be an integer"); | |
| return com.testsigma.sdk.Result.FAILED; | |
| } | |
| if (out >= 0 && out < test.length) { | |
| string = test[out]; | |
| logger.debug("Out: " + string); | |
| logger.info("String: " + string); | |
| } else { | |
| result = com.testsigma.sdk.Result.FAILED; | |
| logger.warn("Position {} out of bounds for length {}", out, test.length); | |
| setErrorMessage("Position out of bounds"); | |
| } |
🤖 Prompt for AI Agents
In
split_sting_using_character/src/main/java/com/testsigma/addons/web/SplitStringUsingCharacterAction.java
around lines 37 to 53, add validation to check if the delimiter character and
test data inputs are not null or empty before processing. Parse the index safely
by catching exceptions for non-integer inputs and handle them by setting failure
result and error messages immediately. Avoid proceeding with splitting or
accessing array elements if inputs are invalid or index is out of bounds, and
ensure the result is set to FAILED with a clear error message in all failure
cases.
| String splitCharacter = character.getValue().toString(); | ||
| String regexSafeCharacter = java.util.regex.Pattern.quote(splitCharacter); | ||
| String[] test = testData.getValue().toString().split(regexSafeCharacter); | ||
| System.out.println(test[1]); |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Remove unsafe debug print; it can throw AIOOBE and pollute stdout.
System.out.println(test[1]); can fail when split produces < 2 parts and should not be used in SDK actions. Use structured logging only after bounds checks.
- System.out.println(test[1]);📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| System.out.println(test[1]); |
🤖 Prompt for AI Agents
In
split_sting_using_character/src/main/java/com/testsigma/addons/web/SplitStringUsingCharacterAction.java
at line 41, remove the unsafe debug print statement System.out.println(test[1])
because it can throw an ArrayIndexOutOfBoundsException if the split array has
fewer than two elements and it pollutes standard output. Instead, implement a
bounds check to ensure the array length is sufficient before accessing test[1],
and replace the print with structured logging that safely logs the value only
when it exists.
| try { | ||
|
|
||
| runTimeData = new com.testsigma.sdk.RunTimeData(); | ||
| runTimeData.setKey(var.getValue().toString()); | ||
| runTimeData.setValue(string); | ||
|
|
||
|
|
||
| } catch (AssertionError error) { | ||
| result = com.testsigma.sdk.Result.FAILED; | ||
| logger.warn(error.toString()); | ||
| setErrorMessage("Failed"); | ||
| } | ||
| setSuccessMessage("Successfully splitted the string"); | ||
| return result; | ||
| } |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Set runtime variable only on success; broaden exception handling; fix success message grammar.
Currently, runtime data is set even when result is FAILED, and success message is always set. Catching only AssertionError is too narrow.
- try {
-
- runTimeData = new com.testsigma.sdk.RunTimeData();
- runTimeData.setKey(var.getValue().toString());
- runTimeData.setValue(string);
-
-
- } catch (AssertionError error) {
- result = com.testsigma.sdk.Result.FAILED;
- logger.warn(error.toString());
- setErrorMessage("Failed");
- }
- setSuccessMessage("Successfully splitted the string");
- return result;
+ try {
+ if (result == com.testsigma.sdk.Result.SUCCESS) {
+ runTimeData = new com.testsigma.sdk.RunTimeData();
+ runTimeData.setKey(var.getValue().toString());
+ runTimeData.setValue(string);
+ setSuccessMessage("Successfully split the string");
+ }
+ } catch (Exception error) {
+ result = com.testsigma.sdk.Result.FAILED;
+ logger.warn("Failed to set runtime data", error);
+ setErrorMessage("Failed to set runtime data: " + error.getMessage());
+ }
+ return result;📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| try { | |
| runTimeData = new com.testsigma.sdk.RunTimeData(); | |
| runTimeData.setKey(var.getValue().toString()); | |
| runTimeData.setValue(string); | |
| } catch (AssertionError error) { | |
| result = com.testsigma.sdk.Result.FAILED; | |
| logger.warn(error.toString()); | |
| setErrorMessage("Failed"); | |
| } | |
| setSuccessMessage("Successfully splitted the string"); | |
| return result; | |
| } | |
| try { | |
| if (result == com.testsigma.sdk.Result.SUCCESS) { | |
| runTimeData = new com.testsigma.sdk.RunTimeData(); | |
| runTimeData.setKey(var.getValue().toString()); | |
| runTimeData.setValue(string); | |
| setSuccessMessage("Successfully split the string"); | |
| } | |
| } catch (Exception error) { | |
| result = com.testsigma.sdk.Result.FAILED; | |
| logger.warn("Failed to set runtime data", error); | |
| setErrorMessage("Failed to set runtime data: " + error.getMessage()); | |
| } | |
| return result; |
🤖 Prompt for AI Agents
In
split_sting_using_character/src/main/java/com/testsigma/addons/web/SplitStringUsingCharacterAction.java
lines 55 to 69, modify the code to set the runtime variable only if the
operation succeeds by moving the runTimeData assignment inside the try block and
after successful execution. Broaden the exception handling to catch Exception
instead of just AssertionError to handle all possible errors. Also, update the
success message to correct the grammar from "Successfully splitted the string"
to "Successfully split the string" and ensure it is set only on success, not
after catching exceptions.
| @@ -0,0 +1 @@ | |||
| testsigma-sdk.api.key=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiI4NzEzNTZhMC1iNzRjLTRkMWUtZDZjZi0xNTBjMzkzYmE5NzkiLCJ1bmlxdWVJZCI6IjI3IiwiaWRlbnRpdHlBY2NvdW50VVVJZCI6ImZlMmEzOGNiLThiODktNzdhNC04OTRiLTgwZjNiOWEzNzEzZSJ9.CF7OJr6aVaLWX4SGfXEg5U2dCHVxj3T3U8wCVxNK0izqve5oY5G9xXSAKzeb1iVSE6C5wm1CLoHMoKhNtt4v8A No newline at end of file | |||
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Remove committed API key, rotate immediately, and move to secure config.
A JWT-like credential is committed in VCS. This is a critical secret leak and may provide unauthorized access.
Action items:
- Revoke/rotate this key immediately in TestSigma/Jarvis.
- Remove the key from the repo history (BFG or git filter-repo) and force-push.
- Do not ship the key inside the shaded JAR or repository. Load it from environment/secret manager at runtime instead.
Minimal fix to eliminate the secret from source:
-testsigma-sdk.api.key=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiI4NzEzNTZhMC1iNzRjLTRkMWUtZDZjZi0xNTBjMzkzYmE5NzkiLCJ1bmlxdWVJZCI6IjI3IiwiaWRlbnRpdHlBY2NvdW50VVVJZCI6ImZlMmEzOGNiLThiODktNzdhNC04OTRiLTgwZjNiOWEzNzEzZSJ9.CF7OJr6aVaLWX4SGfXEg5U2dCHVxj3T3U8wCVxNK0izqve5oY5G9xXSAKzeb1iVSE6C5wm1CLoHMoKhNtt4v8A
+testsigma-sdk.api.key=Recommended follow-ups:
- Add/ensure .gitignore excludes this file, or delete this file from the repo and configure the key via CI/CD secret injection (environment variable) or a secure config store at deploy time.
- Exclude this properties file from the shaded JAR if it must exist locally.
Verification script to detect any remaining JWT-like tokens or the property across the repo:
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "Searching for JWT-like tokens (pattern: header.payload.signature):"
rg -n --hidden --glob '!.git/' -e '[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}'
echo "Searching for testsigma-sdk.api.key occurrences:"
rg -n --hidden --glob '!.git/' -e 'testsigma-sdk\.api\.key'Length of output: 91746
Critical: Remove all committed API keys, rotate immediately, and move to secure storage
Our search (rg -n 'testsigma-sdk\.api\.key') revealed that a JWT-like credential is embedded in every add-on’s src/main/resources/testsigma-sdk.properties. Committing this secret across dozens of modules is a high-risk leak and must be addressed everywhere:
Action items:
- Revoke/rotate the exposed key in TestSigma/Jarvis immediately.
- Purge all occurrences from the repository (e.g. with BFG or
git filter-repo) and force-push. - In each
*/src/main/resources/testsigma-sdk.properties, replace the value with an empty or placeholder entry, for example:-testsigma-sdk.api.key=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxMjM…actualToken…XSAKzeb1iVSE6C5wm1… +testsigma-sdk.api.key=
- Add
src/main/resources/testsigma-sdk.propertiesto.gitignore(or delete it) and provide atestsigma-sdk.properties.templatewith instructions. - Load the real API key at runtime via environment variable or a managed secret store—never commit it.
To automate blanking out all existing files:
rg -l 'testsigma-sdk\.api\.key' | xargs -n1 sed -i 's/testsigma-sdk\.api\.key=.*/testsigma-sdk.api.key=/'Verification:
rg -n --hidden --glob '!.git/' -e 'testsigma-sdk\.api\.key'
rg -n --hidden --glob '!.git/' -e '[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}'Ensure no matches remain.
🧰 Tools
🪛 Gitleaks (8.27.2)
1-1: Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
(jwt)
🤖 Prompt for AI Agents
In split_sting_using_character/src/main/resources/testsigma-sdk.properties at
line 1, the file contains a committed API key which is a critical security risk.
Remove the actual API key value and replace it with an empty or placeholder
entry like "testsigma-sdk.api.key=". Then, add this properties file to
.gitignore or delete it entirely and provide a template file with instructions
for users to supply their own keys. Ensure the real API key is loaded at runtime
from environment variables or a secure secret store, never committed to the
repository. Finally, rotate and revoke the exposed key immediately and purge all
occurrences from the repo history.
Addon Name: Split sting using character
Jarvis Link: https://jarvis-in.testsigma.com/ui/tenants/3/addons
Jira : https://testsigma.atlassian.net/browse/TE-29201
Added already present addon to in jarvis
Summary by CodeRabbit