RTECO-235 - Fixed the proper handling of deletionStatus #1142

naveenku-jfrog · 2025-06-27T14:52:02Z

All tests passed. If this feature is not already covered by the tests, I added new tests.
All static analysis checks passed.
This pull request is on the dev branch.
I used gofmt for formatting the code before submitting the pull request.

lifecycle/services/status.go

…ittently-returns-an-error-despite-successful-execution

bhanurp

jfrog-client-go/README.md

Line 3094 in 85bcce0

resp, err := serviceManager.RemoteDeleteReleaseBundle(params, dryRun)

Readme has to be updated since the signature of the method is updated

lifecycle/manager.go

naveenku-jfrog · 2025-07-09T07:26:22Z

jfrog-client-go/README.md

Line 3094 in 85bcce0

resp, err := serviceManager.RemoteDeleteReleaseBundle(params, dryRun)

Readme has to be updated since the signature of the method is updated

Updated it.

README.md

github-actions · 2025-07-09T11:13:06Z

📗 Scan Summary

Frogbot scanned for vulnerabilities and found 5 issues

Scan Category	Status	Security Issues
Software Composition Analysis	ℹ️ Not Scanned	-
Contextual Analysis	ℹ️ Not Scanned	-
Static Application Security Testing (SAST)	✅ Done	5 Issues Found 5 Low
Secrets	✅ Done	-
Infrastructure as Code (IaC)	✅ Done	Not Found

🐸 JFrog Frogbot

github-actions · 2025-07-09T11:13:07Z

{"after transition", "http://platform.jfrog.io/xray/", "3.107.13", "http://platform.jfrog.io/xray/api/v1/xsc/"}

at xsc/services/utils/utils_test.go (line 15)

🎯 Static Application Security Testing (SAST) Vulnerability

Severity	Finding
Low	Detected usage of communication methods lacking encryption.

Full description

Vulnerability Details


CWE:	319
Rule ID:	go-insecure-protocol

Overview

Using insecure protocols—such as HTTP, FTP, or LDAP—can expose sensitive
data during transmission, making it vulnerable to eavesdropping and man-in-the-middle
attacks. Secure protocols like HTTPS and FTPS should be used to ensure data
encryption during communication.

Vulnerable example

In this example, the application uses insecure protocols to communicate,
taking the protocol type from hardcoded strings.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this vulnerable example, the ConnectToFrogService method uses hardcoded
insecure protocols (HTTP and FTP) to connect, making communications susceptible
to attacks.

Remediation

To mitigate the use of insecure protocols, replace them with secure alternatives
such as HTTPS or FTPS.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this remediated example, the ConnectToFrogService method utilizes
secure protocols (HTTPS and FTPS) to ensure that communications are encrypted,
thereby protecting sensitive data.

🐸 JFrog Frogbot

github-actions · 2025-07-09T11:13:08Z

{"before transition", "http://platform.jfrog.io/xray/", "3.106.0", "http://platform.jfrog.io/xsc/api/v1/"}

at xsc/services/utils/utils_test.go (line 16)

🎯 Static Application Security Testing (SAST) Vulnerability

Severity	Finding
Low	Detected usage of communication methods lacking encryption.

Full description

Vulnerability Details


CWE:	319
Rule ID:	go-insecure-protocol

Overview

Using insecure protocols—such as HTTP, FTP, or LDAP—can expose sensitive
data during transmission, making it vulnerable to eavesdropping and man-in-the-middle
attacks. Secure protocols like HTTPS and FTPS should be used to ensure data
encryption during communication.

Vulnerable example

In this example, the application uses insecure protocols to communicate,
taking the protocol type from hardcoded strings.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this vulnerable example, the ConnectToFrogService method uses hardcoded
insecure protocols (HTTP and FTP) to connect, making communications susceptible
to attacks.

Remediation

To mitigate the use of insecure protocols, replace them with secure alternatives
such as HTTPS or FTPS.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this remediated example, the ConnectToFrogService method utilizes
secure protocols (HTTPS and FTPS) to ensure that communications are encrypted,
thereby protecting sensitive data.

🐸 JFrog Frogbot

github-actions · 2025-07-09T11:13:09Z

{"withBuildProperties", "go-repo/github.com/jfrog/test/@v/v1.1.1.zip", "build.name=a;build.number=1", "http://test.url/api/go/", "http://test.url/api/go/go-repo/github.com/jfrog/test/@v/v1.1.1.zip;build.name=a;build.number=1"}

at artifactory/services/go/go_test.go (line 17)

🎯 Static Application Security Testing (SAST) Vulnerability

Severity	Finding
Low	Detected usage of communication methods lacking encryption.

Full description

Vulnerability Details


CWE:	319
Rule ID:	go-insecure-protocol

Overview

Using insecure protocols—such as HTTP, FTP, or LDAP—can expose sensitive
data during transmission, making it vulnerable to eavesdropping and man-in-the-middle
attacks. Secure protocols like HTTPS and FTPS should be used to ensure data
encryption during communication.

Vulnerable example

In this example, the application uses insecure protocols to communicate,
taking the protocol type from hardcoded strings.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this vulnerable example, the ConnectToFrogService method uses hardcoded
insecure protocols (HTTP and FTP) to connect, making communications susceptible
to attacks.

Remediation

To mitigate the use of insecure protocols, replace them with secure alternatives
such as HTTPS or FTPS.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this remediated example, the ConnectToFrogService method utilizes
secure protocols (HTTPS and FTPS) to ensure that communications are encrypted,
thereby protecting sensitive data.

🐸 JFrog Frogbot

github-actions · 2025-07-09T11:13:10Z

{"withoutBuildProperties", "go-repo/github.com/jfrog/test/@v/v1.1.1.zip", "", "http://test.url/api/go/", "http://test.url/api/go/go-repo/github.com/jfrog/test/@v/v1.1.1.zip"}

at artifactory/services/go/go_test.go (line 18)

🎯 Static Application Security Testing (SAST) Vulnerability

Severity	Finding
Low	Detected usage of communication methods lacking encryption.

Full description

Vulnerability Details


CWE:	319
Rule ID:	go-insecure-protocol

Overview

Using insecure protocols—such as HTTP, FTP, or LDAP—can expose sensitive
data during transmission, making it vulnerable to eavesdropping and man-in-the-middle
attacks. Secure protocols like HTTPS and FTPS should be used to ensure data
encryption during communication.

Vulnerable example

In this example, the application uses insecure protocols to communicate,
taking the protocol type from hardcoded strings.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this vulnerable example, the ConnectToFrogService method uses hardcoded
insecure protocols (HTTP and FTP) to connect, making communications susceptible
to attacks.

Remediation

To mitigate the use of insecure protocols, replace them with secure alternatives
such as HTTPS or FTPS.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this remediated example, the ConnectToFrogService method utilizes
secure protocols (HTTPS and FTPS) to ensure that communications are encrypted,
thereby protecting sensitive data.

🐸 JFrog Frogbot

github-actions · 2025-07-09T11:13:11Z

{"withoutBuildPropertiesModExtension", "go-repo/github.com/jfrog/test/@v/v1.1.1.mod", "", "http://test.url/api/go/", "http://test.url/api/go/go-repo/github.com/jfrog/test/@v/v1.1.1.mod"}

at artifactory/services/go/go_test.go (line 19)

🎯 Static Application Security Testing (SAST) Vulnerability

Severity	Finding
Low	Detected usage of communication methods lacking encryption.

Full description

Vulnerability Details


CWE:	319
Rule ID:	go-insecure-protocol

Overview

Using insecure protocols—such as HTTP, FTP, or LDAP—can expose sensitive
data during transmission, making it vulnerable to eavesdropping and man-in-the-middle
attacks. Secure protocols like HTTPS and FTPS should be used to ensure data
encryption during communication.

Vulnerable example

In this example, the application uses insecure protocols to communicate,
taking the protocol type from hardcoded strings.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this vulnerable example, the ConnectToFrogService method uses hardcoded
insecure protocols (HTTP and FTP) to connect, making communications susceptible
to attacks.

Remediation

To mitigate the use of insecure protocols, replace them with secure alternatives
such as HTTPS or FTPS.

package main

import (
    "fmt"
)

type SwampService struct {
    InsecureHttpProtocol string
    InsecureFtpProtocol  string
}

func NewSwampService() *SwampService {
    return &SwampService{
        InsecureHttpProtocol: "http://", // Insecure protocol
        InsecureFtpProtocol:  "ftp://",  // Insecure protocol
    }
}

func (s *SwampService) ConnectToFrogService(server string) {
    url := s.InsecureHttpProtocol + server + "/frogEndpoint"
    s.connect(url)

    url = s.InsecureFtpProtocol + server + "/frogFile"
    s.connect(url)
}

func (s *SwampService) connect(url string) {
    fmt.Printf("Connecting to %s\n", url)
    // Logic to connect to the service
}

func main() {
    service := NewSwampService()
    service.ConnectToFrogService("example.com")
}

In this remediated example, the ConnectToFrogService method utilizes
secure protocols (HTTPS and FTPS) to ensure that communications are encrypted,
thereby protecting sensitive data.

🐸 JFrog Frogbot

RTECO-235 - Fixed the proper handling of deletionStatus

ac4777c

naveenku-jfrog had a problem deploying to frogbot June 27, 2025 14:52 — with GitHub Actions Failure

RTECO-235 - Added New Status as CREATED

8c30e12

naveenku-jfrog had a problem deploying to frogbot June 27, 2025 14:55 — with GitHub Actions Failure

itsmeleela reviewed Jul 2, 2025

View reviewed changes

lifecycle/services/status.go Outdated Show resolved Hide resolved

EyalDelarea and others added 2 commits July 3, 2025 21:30

Add OIDC context struct (jfrog#1140)

1191dc7

RTECO-262 - Updated Handling of Response logic

e119506

naveenku-jfrog had a problem deploying to frogbot July 3, 2025 16:00 — with GitHub Actions Failure

Merge branch 'dev' into fix/RTECO-235-JF-CLI-command-jf-rbdelr-interm…

505886a

…ittently-returns-an-error-despite-successful-execution

naveenku-jfrog had a problem deploying to frogbot July 3, 2025 16:01 — with GitHub Actions Failure

RTECO-262 - Removed Created Status

b0a7d84

naveenku-jfrog had a problem deploying to frogbot July 3, 2025 16:03 — with GitHub Actions Failure

RTECO-262 - Updated Failed Case

1d8dfb0

naveenku-jfrog had a problem deploying to frogbot July 3, 2025 16:07 — with GitHub Actions Failure

RTECO-235 - Fixed the proper handling of Deleting Remote Release Bundle

1024304

naveenku-jfrog had a problem deploying to frogbot July 7, 2025 17:22 — with GitHub Actions Failure

RTECO-235 - Removed Unwanted Code

d68c6cf

naveenku-jfrog had a problem deploying to frogbot July 7, 2025 17:24 — with GitHub Actions Failure

Merge branch 'dev' into fix/RTECO-235-JF-CLI-command-jf-rbdelr-interm…

fcbadf1

…ittently-returns-an-error-despite-successful-execution

naveenku-jfrog had a problem deploying to frogbot July 8, 2025 05:38 — with GitHub Actions Failure

RTECO-235 - Added Test Case

d1b8cf9

naveenku-jfrog had a problem deploying to frogbot July 8, 2025 06:11 — with GitHub Actions Failure

RTECO-235 - Added Test Case

257727d

naveenku-jfrog had a problem deploying to frogbot July 8, 2025 06:43 — with GitHub Actions Failure

bhanurp added the safe to test Approve running integration tests on a pull request label Jul 8, 2025

github-actions bot removed the safe to test Approve running integration tests on a pull request label Jul 8, 2025

bhanurp self-requested a review July 8, 2025 07:21

bhanurp approved these changes Jul 8, 2025

View reviewed changes

Merge branch 'dev' into fix/RTECO-235-JF-CLI-command-jf-rbdelr-interm…

065d1d9

…ittently-returns-an-error-despite-successful-execution

naveenku-jfrog had a problem deploying to frogbot July 8, 2025 15:51 — with GitHub Actions Failure

naveenku-jfrog requested a review from bhanurp July 8, 2025 16:28

bhanurp requested changes Jul 9, 2025

View reviewed changes

lifecycle/manager.go Outdated Show resolved Hide resolved

RTECO-235 - Updated read.me file

059c0e9

naveenku-jfrog had a problem deploying to frogbot July 9, 2025 07:16 — with GitHub Actions Failure

RTECO-235 - Addressing comments

91024bd

naveenku-jfrog had a problem deploying to frogbot July 9, 2025 07:20 — with GitHub Actions Failure

bhanurp approved these changes Jul 9, 2025

View reviewed changes

README.md Show resolved Hide resolved

README.md Show resolved Hide resolved

bhanurp added the safe to test Approve running integration tests on a pull request label Jul 9, 2025

github-actions bot removed the safe to test Approve running integration tests on a pull request label Jul 9, 2025

bhanurp merged commit 5cfe81b into jfrog:dev Jul 9, 2025
15 of 27 checks passed

BrewTestBot mentioned this pull request Jul 28, 2025

jfrog-cli 2.78.1 Homebrew/homebrew-core#231457

Merged

RTECO-235 - Fixed the proper handling of deletionStatus #1142

RTECO-235 - Fixed the proper handling of deletionStatus #1142

Uh oh!

Conversation

naveenku-jfrog commented Jun 27, 2025

Uh oh!

Uh oh!

bhanurp left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

naveenku-jfrog commented Jul 9, 2025

Uh oh!

Uh oh!

Uh oh!

github-actions bot commented Jul 9, 2025

📗 Scan Summary

Uh oh!

github-actions bot commented Jul 9, 2025

🎯 Static Application Security Testing (SAST) Vulnerability

Vulnerability Details

Overview

Vulnerable example

Remediation

Uh oh!

github-actions bot commented Jul 9, 2025

🎯 Static Application Security Testing (SAST) Vulnerability

Vulnerability Details

Overview

Vulnerable example

Remediation

Uh oh!

github-actions bot commented Jul 9, 2025

🎯 Static Application Security Testing (SAST) Vulnerability

Vulnerability Details

Overview

Vulnerable example

Remediation

Uh oh!

github-actions bot commented Jul 9, 2025

🎯 Static Application Security Testing (SAST) Vulnerability

Vulnerability Details

Overview

Vulnerable example

Remediation

Uh oh!

github-actions bot commented Jul 9, 2025

🎯 Static Application Security Testing (SAST) Vulnerability

Vulnerability Details

Overview

Vulnerable example

Remediation

Uh oh!

Uh oh!

Uh oh!