ENG-4561 Add ProjectsClient with get-by-slug support

[IgorHorta]

ENG-4561 – Add ability to get project IDs with slugs

Adds support for fetching project details by slug (e.g. from the project URL):

• ProjectsClient: GetBySlug(slug) returns full Project; GetProjectIdBySlug(slug) returns project ID string
• Model: Project (id, name, slug, orgId, description)
• API: GET /api/v1/projects/slug/{slug} (requires auth)
• SDK: sdk.Projects().GetBySlug(...) / GetProjectIdBySlug(...) after login
• Tests: ProjectsClientTest (unit tests with Mockito; no real credentials)
• Docker: test service runs ProjectsClientTest and AwsAuthProviderTest

Existing code and tests unchanged. Mockito added as test dependency for unit tests.

[linear]

ENG-4561 Add ability to get project IDs with slugs in Java SDK

[greptile-apps]

Greptile Summary

This PR adds a new ProjectsClient that allows fetching project details by slug through GetBySlug() and GetProjectIdBySlug() methods. The implementation includes proper unit tests with Mockito and follows the existing SDK patterns.

Key Changes:

• New ProjectsClient with slug-based project lookup
• Project model with id, name, slug, orgId, description fields
• Comprehensive unit tests covering edge cases
• Mockito 5.5.0 added as test dependency
• Docker compose test service for running unit tests

Issues Found:

• Critical security vulnerability: Path traversal risk in slug parameter handling - the slug is directly interpolated into the URL without sanitization or validation, allowing potential manipulation of API endpoints
• Documentation gap: No in-repository documentation for the new feature; customers may not discover this functionality

Non-Breaking: This is an additive change that doesn't modify existing APIs.

Confidence Score: 3/5

• This PR has a critical path traversal vulnerability that must be fixed before merging
• While the implementation follows good patterns with comprehensive testing and proper SDK integration, the path traversal vulnerability in ProjectsClient.GetBySlug() is a serious security concern. The slug parameter is directly interpolated into the URL without validation, allowing attackers to manipulate API endpoint paths with sequences like ../, potentially accessing unintended resources or bypassing security controls.
• Pay close attention to src/main/java/com/infisical/sdk/resources/ProjectsClient.java - the slug validation must be strengthened to prevent path traversal attacks

Important Files Changed

Filename	Overview
src/main/java/com/infisical/sdk/resources/ProjectsClient.java	New client for project slug lookups with basic validation, but has potential path traversal vulnerability
src/test/java/com/infisical/sdk/resources/ProjectsClientTest.java	Comprehensive unit tests with proper mocking, covers edge cases well
src/main/java/com/infisical/sdk/InfisicalSdk.java	Added ProjectsClient initialization, follows existing pattern correctly

_{Last reviewed commit: 1a38ef3}

[greptile-apps]

_{6 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}