Skip to content

Comments

ENG-4561 Add ProjectsClient with get-by-slug support#18

Merged
IgorHorta merged 5 commits intomainfrom
ENG-4561-get-project-ids-by-slug
Feb 19, 2026
Merged

ENG-4561 Add ProjectsClient with get-by-slug support#18
IgorHorta merged 5 commits intomainfrom
ENG-4561-get-project-ids-by-slug

Conversation

@IgorHorta
Copy link
Contributor

ENG-4561 – Add ability to get project IDs with slugs

Adds support for fetching project details by slug (e.g. from the project URL):

  • ProjectsClient: GetBySlug(slug) returns full Project; GetProjectIdBySlug(slug) returns project ID string
  • Model: Project (id, name, slug, orgId, description)
  • API: GET /api/v1/projects/slug/{slug} (requires auth)
  • SDK: sdk.Projects().GetBySlug(...) / GetProjectIdBySlug(...) after login
  • Tests: ProjectsClientTest (unit tests with Mockito; no real credentials)
  • Docker: test service runs ProjectsClientTest and AwsAuthProviderTest

Existing code and tests unchanged. Mockito added as test dependency for unit tests.

@linear
Copy link

linear bot commented Feb 17, 2026

@greptile-apps
Copy link

greptile-apps bot commented Feb 17, 2026

Greptile Summary

This PR adds a new ProjectsClient that allows fetching project details by slug through GetBySlug() and GetProjectIdBySlug() methods. The implementation includes proper unit tests with Mockito and follows the existing SDK patterns.

Key Changes:

  • New ProjectsClient with slug-based project lookup
  • Project model with id, name, slug, orgId, description fields
  • Comprehensive unit tests covering edge cases
  • Mockito 5.5.0 added as test dependency
  • Docker compose test service for running unit tests

Issues Found:

  • Critical security vulnerability: Path traversal risk in slug parameter handling - the slug is directly interpolated into the URL without sanitization or validation, allowing potential manipulation of API endpoints
  • Documentation gap: No in-repository documentation for the new feature; customers may not discover this functionality

Non-Breaking: This is an additive change that doesn't modify existing APIs.

Confidence Score: 3/5

  • This PR has a critical path traversal vulnerability that must be fixed before merging
  • While the implementation follows good patterns with comprehensive testing and proper SDK integration, the path traversal vulnerability in ProjectsClient.GetBySlug() is a serious security concern. The slug parameter is directly interpolated into the URL without validation, allowing attackers to manipulate API endpoint paths with sequences like ../, potentially accessing unintended resources or bypassing security controls.
  • Pay close attention to src/main/java/com/infisical/sdk/resources/ProjectsClient.java - the slug validation must be strengthened to prevent path traversal attacks

Important Files Changed

Filename Overview
src/main/java/com/infisical/sdk/resources/ProjectsClient.java New client for project slug lookups with basic validation, but has potential path traversal vulnerability
src/test/java/com/infisical/sdk/resources/ProjectsClientTest.java Comprehensive unit tests with proper mocking, covers edge cases well
src/main/java/com/infisical/sdk/InfisicalSdk.java Added ProjectsClient initialization, follows existing pattern correctly

Last reviewed commit: 1a38ef3

Copy link

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

6 files reviewed, 1 comment

Edit Code Review Agent Settings | Greptile

Co-authored-by: Cursor <cursoragent@cursor.com>
@IgorHorta IgorHorta requested a review from varonix0 February 18, 2026 16:38
@IgorHorta IgorHorta requested a review from varonix0 February 18, 2026 20:07
@IgorHorta IgorHorta merged commit 5569c39 into main Feb 19, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants