fix[SP-7317]: fix testDoIsParameterizableError unit test

[joana-fb]

original commit: 7ddb343
@pentaho/tatooine_dev

[Copilot]

Pull request overview

This PR updates a unit test expectation in FileResourceTest#testDoIsParameterizableError to reflect the current behavior of FileResource#doIsParameterizable, where the exception message is only read once in the error path being exercised.

Changes:

• Adjusted Mockito verification for NoSuchBeanDefinitionException#getMessage() invocation count from 3 to 1 in testDoIsParameterizableError.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[hitachivantarasonarqube]

Quality Gate passed

Issues

• 0 New Issues
• 0 Fixed Issues
• 0 Accepted Issues

Measures

• 0 Security Hotspots
• No data about coverage (35.20% Estimated after merge)
• 0.00% Duplicated Code (3.10% Estimated after merge)

Project ID: pentaho:pentaho-platform-ce-parent

View in SonarQube

[buildguy]

📦 Vulnerable Dependencies

✍️ Summary

SEVERITY	DIRECT DEPENDENCIES	IMPACTED DEPENDENCY	FIXED VERSIONS	CVES
High	org.bouncycastle:bcprov-jdk15on:1.65	org.bouncycastle:bcprov-jdk15on 1.65	[1.67]	CVE-2020-28052
Medium	org.apache.commons:commons-lang3:3.14.0	org.apache.commons:commons-lang3 3.14.0	[3.18.0]	CVE-2025-48924
Medium	org.bouncycastle:bcprov-jdk15on:1.65	org.bouncycastle:bcprov-jdk15on 1.65	[1.78]	CVE-2024-30171
Medium	org.bouncycastle:bcprov-jdk15on:1.65	org.bouncycastle:bcprov-jdk15on 1.65	[1.78]	CVE-2024-29857
Medium	org.bouncycastle:bcprov-jdk15on:1.65	org.bouncycastle:bcprov-jdk15on 1.65	-	CVE-2023-33202
Medium	org.bouncycastle:bcprov-jdk15on:1.65	org.bouncycastle:bcprov-jdk15on 1.65	-	CVE-2023-33201
Medium	org.bouncycastle:bcprov-jdk15on:1.65	org.bouncycastle:bcprov-jdk15on 1.65	[1.66]	CVE-2020-15522

🔬 Research Details

[ CVE-2020-28052 ] org.bouncycastle:bcprov-jdk15on 1.65

Description:
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

[ CVE-2025-48924 ] org.apache.commons:commons-lang3 3.14.0

Description:
Uncontrolled Recursion vulnerability in Apache Commons Lang.

This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.

The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a
StackOverflowError could cause an application to stop.

Users are recommended to upgrade to version 3.18.0, which fixes the issue.

[ CVE-2024-30171 ] org.bouncycastle:bcprov-jdk15on 1.65

Description:
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.

[ CVE-2024-29857 ] org.bouncycastle:bcprov-jdk15on 1.65

Description:
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.

[ CVE-2023-33202 ] org.bouncycastle:bcprov-jdk15on 1.65

Description:
Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)

[ CVE-2023-33201 ] org.bouncycastle:bcprov-jdk15on 1.65

Description:
Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.

[ CVE-2020-15522 ] org.bouncycastle:bcprov-jdk15on 1.65

Description:
Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.

Note:

---

Frogbot also supports Contextual Analysis, Secret Detection, IaC and SAST Vulnerabilities Scanning. This features are included as part of the JFrog Advanced Security package, which isn't enabled on your system.

---

🐸 JFrog Frogbot

[buildguy]

❌ Build failed in 40m 31s

Build command:

mvn clean verify -B -e -Daudit -Djs.no.sandbox -pl extensions

---

👌 All tests passed!

Tests run: 1792, Failures: 0, Skipped: 1    Test Results

---

ℹ️ This is an automatic message