Open
Conversation
- Fix verify_ssl=False impossible to set (falsy check + unconditional overwrite) - Narrow exception catch to urllib3.exceptions.HTTPError so auth errors propagate - Use dict.get() to prevent KeyError on malformed config.json - Fix @classmethod methods using self instead of cls - Guard token_url construction against None base_url - Remove bare string no-op ("File is present") - Remove duplicate userAuth block in auth_settings() Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
luke-hagar-sp
force-pushed
the
fix/cross-sdk-bug-fixes
branch
from
e61f2ad to
7686315
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Cross-SDK audit identified 7 bugs in
sailpoint/configuration.py, ranging from critical (auth errors silently swallowed, SSL verification impossible to disable) to low (dead code, naming conventions).Bug Fixes
High
P1:
verify_ssl=Falseimpossible to setsailpoint/configuration.pyL47: The checkconfigurationParams.verify_ssl if configurationParams and configurationParams.verify_ssl else TruetreatsFalseas falsy, falling through toTrue. SSL verification could never be disabled.sailpoint/configuration.pyL85:self.verify_ssl = Trueunconditionally overwrote the value set on L47.is not Nonecheck and removed the unconditional overwrite.P2:
get_access_tokenswallows auth errors, returnsNonesailpoint/configuration.pyL221-222:except Exception as e: print(...)caught the deliberately raised 401/error exceptions from lines 215-219, so authentication failures were silently swallowed andNonewas returned as the access token.except urllib3.exceptions.HTTPError as e:to only catch connection-level errors, letting auth errors propagate.Medium
P3:
KeyErroron malformedconfig.jsonsailpoint/configuration.pyL176-178: Direct dict accessdata["BaseURL"]throwsKeyErrorif the key is missing fromconfig.json.data.get("BaseURL")(same forClientId,ClientSecret).Low
P4:
@classmethodmethods useselfinstead ofclssailpoint/configuration.pyL137, L149, L170, L184: Four@classmethod-decorated methods usedselfas their first parameter instead ofcls. While Python doesn't enforce this, it's incorrect by convention and confusing.selftoclsin all four methods.P5:
str(None) + "/oauth/token"produces"None/oauth/token"sailpoint/configuration.pyL165: Whenconfig.base_urlisNone,str(config.base_url) + "/oauth/token"produces the string"None/oauth/token".(config.base_url + "/oauth/token") if config.base_url else None.P6: Bare string no-op
("File is present")sailpoint/configuration.pyL173: The expression("File is present")evaluates to a string but does nothing (not a function call, not assigned).P7: Duplicate
userAuthblock inauth_settings()sailpoint/configuration.pyL237-243: TheuserAuthdict entry was set twice with identical code, the second overwriting the first.Verification
python -m py_compile sailpoint/configuration.pypasses cleanurllib3import error when running full import is a pre-existing env issue (missing dependency), unrelated to changesTest plan
Configuration(ConfigurationParams(verify_ssl=False))correctly setsverify_ssltoFalseget_access_tokenpropagate instead of being swallowedconfig.json(missing keys) to confirm noKeyError🤖 Generated with Claude Code