Sandbox script fixes #1180

jlkravitz · 2025-10-27T16:31:43Z

No description provided.

…reporting-windows Hotfix/align transcation reporting windows

coderabbitai · 2025-10-27T16:32:10Z

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch sandbox-script-fixes

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

backend/compact-connect/bin/sandbox_fetch_aws_resources.py

+        "SANDBOX_AUTHORIZE_NET_TRANSACTION_KEY": "your_sandbox_transaction_key",
+    }
+
+    print(json.dumps(config, indent=2))


To fix this issue, avoid logging or outputting any sensitive information in cleartext, especially those fields that could contain or reference sensitive user data (like SSNs, credentials, secrets, etc). In this case, the field "CC_TEST_GET_PROVIDER_SSN_LAMBDA_NAME" is the direct source of taint.

The best fix is to redact (replace with a placeholder string like "REDACTED") or omit sensitive fields from the configuration dictionary before printing it. Specifically, prior to the print(json.dumps(config, indent=2)) line, overwrite the value of "CC_TEST_GET_PROVIDER_SSN_LAMBDA_NAME" in the config dict with "REDACTED" (or something similar). Similarly, consider redacting other likely sensitive fields (SANDBOX_AUTHORIZE_NET_API_LOGIN_ID, SANDBOX_AUTHORIZE_NET_TRANSACTION_KEY, passwords) to avoid future leaks.

To implement these changes, edit the file backend/compact-connect/bin/sandbox_fetch_aws_resources.py at the function print_smoke_test_config. Just after building the config dictionary and before printing, overwrite the sensitive values. No additional imports are needed.

isabeleliassen and others added 4 commits October 17, 2025 16:14

Merge pull request #1162 from csg-org/sprint-pr-251016

c592e59

Merge pull request #1165 from InspiringApps/hotfix/align-transcation-…

f9288ee

…reporting-windows Hotfix/align transcation reporting windows

add fixes

8b87380

Merge branch 'development' into sandbox-script-fixes

93d633e

github-advanced-security bot found potential problems Oct 27, 2025

View reviewed changes

@@ -263,6 +263,12 @@
                     "SANDBOX_AUTHORIZE_NET_TRANSACTION_KEY": "your_sandbox_transaction_key",
                 }
+                # Redact sensitive fields before printing
+                config["CC_TEST_GET_PROVIDER_SSN_LAMBDA_NAME"] = "REDACTED"
+                config["CC_TEST_PROVIDER_USER_PASSWORD"] = "REDACTED"
+                config["SANDBOX_AUTHORIZE_NET_API_LOGIN_ID"] = "REDACTED"
+                config["SANDBOX_AUTHORIZE_NET_TRANSACTION_KEY"] = "REDACTED"
                 print(json.dumps(config, indent=2))

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Sandbox script fixes #1180

Sandbox script fixes #1180

Uh oh!

jlkravitz commented Oct 27, 2025

Uh oh!

coderabbitai bot commented Oct 27, 2025

Review skipped

Uh oh!

Check failure

Copilot Autofix

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Sandbox script fixes #1180

Are you sure you want to change the base?

Sandbox script fixes #1180

Uh oh!

Conversation

jlkravitz commented Oct 27, 2025

Uh oh!

coderabbitai bot commented Oct 27, 2025

Review skipped

Uh oh!

Check failure

Uh oh!

Uh oh!

Copilot Autofix

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants