Fix: Remove unnecessary $ sign from filter parameter in API URLs for all affected versions (Product IS issue #27138)#5986
Open
wso2-engineering-bot wants to merge 1 commit intomasterfrom
Conversation
…all affected versions (product-is#27138) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
wso2-engineering-bot seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
Contributor
WalkthroughDocumentation across six versions of the API retrieve-tenant-resources guide was updated to remove the incorrect dollar-sign prefix from the filter query parameter in example URLs. URLs previously shown as Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
📝 Coding Plan
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 6
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In
`@en/identity-server/6.0.0/docs/apis/retrieve-tenant-resources-based-on-search-parameters.md`:
- Line 231: The curl example in the docs uses real-looking credentials ("--user
admin:admin"); replace them with a non-sensitive placeholder (e.g., "--user
<username>:<password>" or similar) in the example line containing the GET
request (the curl invocation showing /api/identity/config-mgt/v1.0/search) so no
secrets appear in the documentation and it conforms to the fenced-code-block
placeholder guideline.
In
`@en/identity-server/6.1.0/docs/apis/retrieve-tenant-resources-based-on-search-parameters.md`:
- Line 231: The curl example currently contains real-looking credentials
"admin:admin" in the command shown (the curl line with --user admin:admin);
update that example to use a neutral placeholder such as --user
<USERNAME>:<PASSWORD> or --user {USERNAME}:{PASSWORD} and ensure the snippet is
in a fenced code block with the appropriate language tag (e.g., bash) instead of
embedding credentials directly so no secret-like values appear in the docs.
In
`@en/identity-server/7.0.0/docs/apis/retrieve-tenant-resources-based-on-search-parameters.md`:
- Around line 230-231: The curl example contains hardcoded credentials (--user
admin:admin); replace that with placeholders (e.g., --user
<USERNAME>:<PASSWORD>) or remove the --user flag and document using an auth
placeholder, and wrap the command in a fenced code block tagged with bash;
update the line containing the curl command string (the GET
'https://localhost:9443/api/identity/config-mgt/v1.0/search?...' example) to use
the placeholder credentials and proper fenced block formatting.
In
`@en/identity-server/7.1.0/docs/apis/retrieve-tenant-resources-based-on-search-parameters.md`:
- Line 231: Replace the hardcoded credentials in the curl example (the curl -k
-v --user admin:admin GET
'https://localhost:9443/api/identity/config-mgt/v1.0/search?...' line) with a
placeholder like <username>:<password> and ensure the example is presented as a
fenced code block (bash) without real secrets; update the --user argument only
and keep the rest of the curl invocation unchanged.
In
`@en/identity-server/7.2.0/docs/apis/retrieve-tenant-resources-based-on-search-parameters.md`:
- Line 231: The curl example currently includes hardcoded credentials (`--user
admin:admin`) — update the curl snippet in the retrieve-tenant-resources example
to remove real credentials and use clear placeholders instead (e.g., `--user
<USERNAME>:<PASSWORD>` or `-u {username}:{password}`) so the command in the
source containing the curl invocation uses placeholders rather than
`admin:admin`; ensure the change is made in the curl line shown in the doc (the
curl -k -v ... GET 'https://localhost:9443/...search?...' snippet).
In
`@en/identity-server/next/docs/apis/retrieve-tenant-resources-based-on-search-parameters.md`:
- Line 231: Replace the hardcoded credentials in the curl example (the line
containing "curl -k -v --user admin:admin GET
'https://localhost:9443/api/identity/config-mgt/v1.0/search?...'") with
placeholder credentials such as "<username>:<password>" or environment-style
placeholders like "$USERNAME:$PASSWORD"; also ensure the snippet is in a proper
fenced code block with the language tag (bash) if applicable to follow the docs
guideline and avoid exposing secrets.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: aaa61dc1-6f5f-4e38-9b7f-45b9a5817c57
📒 Files selected for processing (6)
en/identity-server/6.0.0/docs/apis/retrieve-tenant-resources-based-on-search-parameters.mden/identity-server/6.1.0/docs/apis/retrieve-tenant-resources-based-on-search-parameters.mden/identity-server/7.0.0/docs/apis/retrieve-tenant-resources-based-on-search-parameters.mden/identity-server/7.1.0/docs/apis/retrieve-tenant-resources-based-on-search-parameters.mden/identity-server/7.2.0/docs/apis/retrieve-tenant-resources-based-on-search-parameters.mden/identity-server/next/docs/apis/retrieve-tenant-resources-based-on-search-parameters.md
| <div class="code panel pdl" style="border-width: 1px;"> | ||
| <div class="codeContent panelContent pdl"> | ||
| <div class="sourceCode" id="cb4" data-syntaxhighlighter-params="brush: java; gutter: false; theme: Confluence" data-theme="Confluence" style="brush: java; gutter: false; theme: Confluence"><pre class="sourceCode java"><code class="sourceCode java"><a class="sourceLine" id="cb4-1" title="1">curl -k -v --user admin:admin GET 'https:<span class="co">//localhost:9443/api/identity/config-mgt/v1.0/search?$filter=%28tenantDomain%20eq%20%27carbon.super%27%29'</span></a></code></pre></div> | ||
| <div class="sourceCode" id="cb4" data-syntaxhighlighter-params="brush: java; gutter: false; theme: Confluence" data-theme="Confluence" style="brush: java; gutter: false; theme: Confluence"><pre class="sourceCode java"><code class="sourceCode java"><a class="sourceLine" id="cb4-1" title="1">curl -k -v --user admin:admin GET 'https:<span class="co">//localhost:9443/api/identity/config-mgt/v1.0/search?filter=%28tenantDomain%20eq%20%27carbon.super%27%29'</span></a></code></pre></div> |
Contributor
There was a problem hiding this comment.
Replace example basic-auth credentials with placeholders.
--user admin:admin should be changed to a non-sensitive placeholder value in documentation.
As per coding guidelines: "Use fenced code blocks with a language tag when known; keep code blocks focused and do not include secrets, tokens, passwords, or realistic keys."
🧰 Tools
🪛 Gitleaks (8.30.0)
[high] 231-231: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.
(curl-auth-user)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@en/identity-server/6.0.0/docs/apis/retrieve-tenant-resources-based-on-search-parameters.md`
at line 231, The curl example in the docs uses real-looking credentials ("--user
admin:admin"); replace them with a non-sensitive placeholder (e.g., "--user
<username>:<password>" or similar) in the example line containing the GET
request (the curl invocation showing /api/identity/config-mgt/v1.0/search) so no
secrets appear in the documentation and it conforms to the fenced-code-block
placeholder guideline.
| <div class="code panel pdl" style="border-width: 1px;"> | ||
| <div class="codeContent panelContent pdl"> | ||
| <div class="sourceCode" id="cb4" data-syntaxhighlighter-params="brush: java; gutter: false; theme: Confluence" data-theme="Confluence" style="brush: java; gutter: false; theme: Confluence"><pre class="sourceCode java"><code class="sourceCode java"><a class="sourceLine" id="cb4-1" title="1">curl -k -v --user admin:admin GET 'https:<span class="co">//localhost:9443/api/identity/config-mgt/v1.0/search?$filter=%28tenantDomain%20eq%20%27carbon.super%27%29'</span></a></code></pre></div> | ||
| <div class="sourceCode" id="cb4" data-syntaxhighlighter-params="brush: java; gutter: false; theme: Confluence" data-theme="Confluence" style="brush: java; gutter: false; theme: Confluence"><pre class="sourceCode java"><code class="sourceCode java"><a class="sourceLine" id="cb4-1" title="1">curl -k -v --user admin:admin GET 'https:<span class="co">//localhost:9443/api/identity/config-mgt/v1.0/search?filter=%28tenantDomain%20eq%20%27carbon.super%27%29'</span></a></code></pre></div> |
Contributor
There was a problem hiding this comment.
Please sanitize curl credentials in docs.
Use placeholders instead of admin:admin to avoid publishing credential-like values.
As per coding guidelines: "Use fenced code blocks with a language tag when known; keep code blocks focused and do not include secrets, tokens, passwords, or realistic keys."
🧰 Tools
🪛 Gitleaks (8.30.0)
[high] 231-231: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.
(curl-auth-user)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@en/identity-server/6.1.0/docs/apis/retrieve-tenant-resources-based-on-search-parameters.md`
at line 231, The curl example currently contains real-looking credentials
"admin:admin" in the command shown (the curl line with --user admin:admin);
update that example to use a neutral placeholder such as --user
<USERNAME>:<PASSWORD> or --user {USERNAME}:{PASSWORD} and ensure the snippet is
in a fenced code block with the appropriate language tag (e.g., bash) instead of
embedding credentials directly so no secret-like values appear in the docs.
Comment on lines
+230
to
231
| <div class="sourceCode" id="cb4" data-syntaxhighlighter-params="brush: java; gutter: false; theme: Confluence" data-theme="Confluence" style="brush: java; gutter: false; theme: Confluence"><pre class="sourceCode java"><code class="sourceCode java"><a class="sourceLine" id="cb4-1" title="1">curl -k -v --user admin:admin GET 'https:<span class="co">//localhost:9443/api/identity/config-mgt/v1.0/search?filter=%28tenantDomain%20eq%20%27carbon.super%27%29'</span></a></code></pre></div> | ||
| </div> |
Contributor
There was a problem hiding this comment.
Replace hardcoded basic-auth credentials in curl example.
The sample command includes --user admin:admin, which is a realistic password pattern and should be replaced with placeholders.
🔧 Suggested documentation-safe update
-curl -k -v --user admin:admin GET 'https://localhost:9443/api/identity/config-mgt/v1.0/search?filter=%28tenantDomain%20eq%20%27carbon.super%27%29'
+curl -k -v --user <username>:<password> GET 'https://localhost:9443/api/identity/config-mgt/v1.0/search?filter=%28tenantDomain%20eq%20%27carbon.super%27%29'As per coding guidelines: "Use fenced code blocks with a language tag when known; keep code blocks focused and do not include secrets, tokens, passwords, or realistic keys."
🧰 Tools
🪛 Gitleaks (8.30.0)
[high] 230-230: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.
(curl-auth-user)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@en/identity-server/7.0.0/docs/apis/retrieve-tenant-resources-based-on-search-parameters.md`
around lines 230 - 231, The curl example contains hardcoded credentials (--user
admin:admin); replace that with placeholders (e.g., --user
<USERNAME>:<PASSWORD>) or remove the --user flag and document using an auth
placeholder, and wrap the command in a fenced code block tagged with bash;
update the line containing the curl command string (the GET
'https://localhost:9443/api/identity/config-mgt/v1.0/search?...' example) to use
the placeholder credentials and proper fenced block formatting.
| <div class="code panel pdl" style="border-width: 1px;"> | ||
| <div class="codeContent panelContent pdl"> | ||
| <div class="sourceCode" id="cb4" data-syntaxhighlighter-params="brush: java; gutter: false; theme: Confluence" data-theme="Confluence" style="brush: java; gutter: false; theme: Confluence"><pre class="sourceCode java"><code class="sourceCode java"><a class="sourceLine" id="cb4-1" title="1">curl -k -v --user admin:admin GET 'https:<span class="co">//localhost:9443/api/identity/config-mgt/v1.0/search?$filter=%28tenantDomain%20eq%20%27carbon.super%27%29'</span></a></code></pre></div> | ||
| <div class="sourceCode" id="cb4" data-syntaxhighlighter-params="brush: java; gutter: false; theme: Confluence" data-theme="Confluence" style="brush: java; gutter: false; theme: Confluence"><pre class="sourceCode java"><code class="sourceCode java"><a class="sourceLine" id="cb4-1" title="1">curl -k -v --user admin:admin GET 'https:<span class="co">//localhost:9443/api/identity/config-mgt/v1.0/search?filter=%28tenantDomain%20eq%20%27carbon.super%27%29'</span></a></code></pre></div> |
Contributor
There was a problem hiding this comment.
Use placeholders instead of admin:admin in curl examples.
This still looks like hardcoded credentials and should be generalized to <username>:<password>.
As per coding guidelines: "Use fenced code blocks with a language tag when known; keep code blocks focused and do not include secrets, tokens, passwords, or realistic keys."
🧰 Tools
🪛 Gitleaks (8.30.0)
[high] 231-231: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.
(curl-auth-user)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@en/identity-server/7.1.0/docs/apis/retrieve-tenant-resources-based-on-search-parameters.md`
at line 231, Replace the hardcoded credentials in the curl example (the curl -k
-v --user admin:admin GET
'https://localhost:9443/api/identity/config-mgt/v1.0/search?...' line) with a
placeholder like <username>:<password> and ensure the example is presented as a
fenced code block (bash) without real secrets; update the --user argument only
and keep the rest of the curl invocation unchanged.
| <div class="code panel pdl" style="border-width: 1px;"> | ||
| <div class="codeContent panelContent pdl"> | ||
| <div class="sourceCode" id="cb4" data-syntaxhighlighter-params="brush: java; gutter: false; theme: Confluence" data-theme="Confluence" style="brush: java; gutter: false; theme: Confluence"><pre class="sourceCode java"><code class="sourceCode java"><a class="sourceLine" id="cb4-1" title="1">curl -k -v --user admin:admin GET 'https:<span class="co">//localhost:9443/api/identity/config-mgt/v1.0/search?$filter=%28tenantDomain%20eq%20%27carbon.super%27%29'</span></a></code></pre></div> | ||
| <div class="sourceCode" id="cb4" data-syntaxhighlighter-params="brush: java; gutter: false; theme: Confluence" data-theme="Confluence" style="brush: java; gutter: false; theme: Confluence"><pre class="sourceCode java"><code class="sourceCode java"><a class="sourceLine" id="cb4-1" title="1">curl -k -v --user admin:admin GET 'https:<span class="co">//localhost:9443/api/identity/config-mgt/v1.0/search?filter=%28tenantDomain%20eq%20%27carbon.super%27%29'</span></a></code></pre></div> |
Contributor
There was a problem hiding this comment.
Avoid hardcoded credentials in published curl snippets.
Please replace --user admin:admin with placeholders to prevent credential-like data in docs.
As per coding guidelines: "Use fenced code blocks with a language tag when known; keep code blocks focused and do not include secrets, tokens, passwords, or realistic keys."
🧰 Tools
🪛 Gitleaks (8.30.0)
[high] 231-231: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.
(curl-auth-user)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@en/identity-server/7.2.0/docs/apis/retrieve-tenant-resources-based-on-search-parameters.md`
at line 231, The curl example currently includes hardcoded credentials (`--user
admin:admin`) — update the curl snippet in the retrieve-tenant-resources example
to remove real credentials and use clear placeholders instead (e.g., `--user
<USERNAME>:<PASSWORD>` or `-u {username}:{password}`) so the command in the
source containing the curl invocation uses placeholders rather than
`admin:admin`; ensure the change is made in the curl line shown in the doc (the
curl -k -v ... GET 'https://localhost:9443/...search?...' snippet).
| <div class="code panel pdl" style="border-width: 1px;"> | ||
| <div class="codeContent panelContent pdl"> | ||
| <div class="sourceCode" id="cb4" data-syntaxhighlighter-params="brush: java; gutter: false; theme: Confluence" data-theme="Confluence" style="brush: java; gutter: false; theme: Confluence"><pre class="sourceCode java"><code class="sourceCode java"><a class="sourceLine" id="cb4-1" title="1">curl -k -v --user admin:admin GET 'https:<span class="co">//localhost:9443/api/identity/config-mgt/v1.0/search?$filter=%28tenantDomain%20eq%20%27carbon.super%27%29'</span></a></code></pre></div> | ||
| <div class="sourceCode" id="cb4" data-syntaxhighlighter-params="brush: java; gutter: false; theme: Confluence" data-theme="Confluence" style="brush: java; gutter: false; theme: Confluence"><pre class="sourceCode java"><code class="sourceCode java"><a class="sourceLine" id="cb4-1" title="1">curl -k -v --user admin:admin GET 'https:<span class="co">//localhost:9443/api/identity/config-mgt/v1.0/search?filter=%28tenantDomain%20eq%20%27carbon.super%27%29'</span></a></code></pre></div> |
Contributor
There was a problem hiding this comment.
Update curl auth sample to placeholder credentials.
Avoid hardcoded admin:admin; use placeholder values in docs examples.
As per coding guidelines: "Use fenced code blocks with a language tag when known; keep code blocks focused and do not include secrets, tokens, passwords, or realistic keys."
🧰 Tools
🪛 Gitleaks (8.30.0)
[high] 231-231: Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.
(curl-auth-user)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@en/identity-server/next/docs/apis/retrieve-tenant-resources-based-on-search-parameters.md`
at line 231, Replace the hardcoded credentials in the curl example (the line
containing "curl -k -v --user admin:admin GET
'https://localhost:9443/api/identity/config-mgt/v1.0/search?...'") with
placeholder credentials such as "<username>:<password>" or environment-style
placeholders like "$USERNAME:$PASSWORD"; also ensure the snippet is in a proper
fenced code block with the language tag (bash) if applicable to follow the docs
guideline and avoid exposing secrets.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR was automatically generated by Claude AI.
$sign beforefilterparameter in API example URLs. The incorrect syntax?$filter=has been corrected to?filter=throughout the documentation.Changes made:
Summary by CodeRabbit
Release Notes
?filter=instead of?$filter=for improved clarity and consistency.