feat/CUS-9293-Added action to delete all contents inside a folder while preserving the top directory

[akhil-testsigma]

Publish this addon as public

Addon Name: Delete Folder Contents
Jarvis Link: https://jarvis.testsigma.com/ui/tenants/3072/addons
Jira : https://testsigma.atlassian.net/browse/CUS-9293
Added action to delete all contents inside a folder while preserving the top directory

Summary by CodeRabbit

• New Features
  • Added a new action to delete all contents within a specified folder while preserving the folder itself. Supports recursive deletion of all files and subdirectories, includes automatic path validation to ensure the target exists, provides comprehensive error handling with informative messages, and maintains detailed logs of all operations.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Introduces a new Maven module for delete_folder_contents addon. Includes Maven build configuration with dependencies, a WebAction class implementing recursive folder content deletion while preserving the folder itself, and SDK properties for API integration.

Changes

Cohort / File(s)	Change Summary
Maven Build Configuration delete_folder_contents/pom.xml	New module definition with project coordinates (com.testsigma.addons, delete_folder_contents, 1.0.0). Configures Java 11 target, standard dependencies (testsigma-java-sdk, selenium, testng, jackson, commons-lang3), and build plugins (maven-shade-plugin, maven-source-plugin).
WebAction Implementation delete_folder_contents/src/main/java/com/testsigma/addons/web/DeleteFolderContents.java	New WebAction class that validates input path, recursively deletes all folder contents while preserving the folder, and returns SUCCESS or FAILED with detailed error logging. Includes helper methods for directory and file deletion.
SDK Configuration delete_folder_contents/src/main/resources/testsigma-sdk.properties	New properties file with testsigma-sdk.api.key entry containing JWT token for SDK authentication.

Sequence Diagram

sequenceDiagram
    participant User
    participant DeleteFolderContents
    participant FileSystem

    User->>DeleteFolderContents: execute()
    
    rect rgb(220, 240, 255)
    Note over DeleteFolderContents: Input Validation
    DeleteFolderContents->>FileSystem: path exists?
    FileSystem-->>DeleteFolderContents: check result
    DeleteFolderContents->>FileSystem: is directory?
    FileSystem-->>DeleteFolderContents: check result
    end

    alt Validation Success
        rect rgb(200, 255, 200)
        Note over DeleteFolderContents: Deletion Phase
        DeleteFolderContents->>DeleteFolderContents: deleteContentsOnly(folder)
        loop For each child item
            DeleteFolderContents->>FileSystem: delete item recursively
            FileSystem-->>DeleteFolderContents: deleted
        end
        end
        DeleteFolderContents-->>User: Result.SUCCESS
    else Validation Failure
        rect rgb(255, 200, 200)
        Note over DeleteFolderContents: Error Handling
        DeleteFolderContents->>DeleteFolderContents: log error message
        end
        DeleteFolderContents-->>User: Result.FAILED
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• DeleteFolderContents.java: Verify recursive deletion logic correctly handles file/directory differentiation and potential race conditions
• pom.xml: Validate dependency versions (testsigma-java-sdk, selenium-java, java-client) are compatible and shade plugin configuration packages correctly
• testsigma-sdk.properties: Confirm API key security (should this be committed or injected at runtime?)

Suggested reviewers

• Ganesh-Testsigma
• vigneshtestsigma

Poem

🐰 A folder lies bare, contents all cleaned,
No files remain where folders have been,
Recursive we hop, through directories deep,
Deleting each crumb, the folder we keep! 🗑️

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title directly and clearly summarizes the main change: adding an action to delete folder contents while preserving the directory itself.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/CUS-9293-Added-action-to-delete-all-contents-inside-a-folder-while-preserving-the-top-directory

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (2)

delete_folder_contents/src/main/java/com/testsigma/addons/web/DeleteFolderContents.java (1)

84-96: Consider edge cases for symbolic links and file permissions.

The recursive deletion logic is sound. However, consider handling these edge cases:

• Symbolic links: File.delete() only removes the link, not the target
• Read-only files: May require setting writable permission before deletion
• Files with special attributes (hidden, system files on Windows)

These are typically rare in test automation scenarios, but documenting this behavior or adding explicit handling could prevent future issues.

delete_folder_contents/pom.xml (1)

60-63: Update jackson-annotations to the latest stable version.

Version 2.13.0 is from 2021. The latest stable version is 2.20 (released August 28, 2025), which includes 4+ years of bug fixes and security patches.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2d4687d and eeb10d3.

📒 Files selected for processing (3)

• delete_folder_contents/pom.xml (1 hunks)
• delete_folder_contents/src/main/java/com/testsigma/addons/web/DeleteFolderContents.java (1 hunks)
• delete_folder_contents/src/main/resources/testsigma-sdk.properties (1 hunks)

🔇 Additional comments (6)

delete_folder_contents/src/main/java/com/testsigma/addons/web/DeleteFolderContents.java (2)

13-22: LGTM!

The class declaration, annotations, and field definitions are well-structured. The action text clearly describes the functionality.

---

24-61: LGTM!

The execute() method has proper validation, error handling, and logging. The flow is clear and handles both success and failure cases appropriately.

delete_folder_contents/pom.xml (4)

1-22: LGTM!

The project coordinates and properties are well-defined. Java 11 is an appropriate choice for this module.

---

71-101: LGTM!

The build configuration is appropriate. The maven-shade-plugin creates a self-contained JAR suitable for addon deployment, and the maven-source-plugin ensures source code is available.

---

48-52: No issues identified with the Selenium version.

The latest stable version of Selenium Java is 4.38.0, and the specified version 4.33.0 in the pom.xml is a valid, prior release. The version is neither invalid nor unusually high—it represents a stable, established release within the normal semantic versioning sequence.

---

54-58: I need to verify the Selenium 4.x compatibility aspect of the original concern:

All concerns verified—no issues found.

Appium java-client 9.4.0 is compatible with Selenium 4.26.0 through 4.33.0, and is a published release available on Maven Central. The specified version is valid and suitable for use.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Upgrade TestNG to a more recent version.

TestNG version 6.14.3 is from 2018 and has known security vulnerabilities. Consider upgrading to the latest stable version (7.x series).

Run the following script to check for security advisories and the latest version:

---

🏁 Script executed:

#!/bin/bash
# Check for security advisories and latest version of TestNG

# Check for security advisories
gh api graphql -f query='
{
  securityVulnerabilities(first: 10, ecosystem: MAVEN, package: "org.testng:testng") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

# Check Maven Central for latest version
curl -s "https://search.maven.org/solrsearch/select?q=g:org.testng+AND+a:testng&rows=1&wt=json" | jq -r '.response.docs[0].latestVersion'

Length of output: 475

---

Upgrade TestNG to a recent version to fix Path Traversal vulnerability.

TestNG version 6.14.3 contains a HIGH severity Path Traversal vulnerability that affects versions >= 6.13 and < 7.5.1. The first patched version is 7.5.1, and the latest version available is 7.11.0. Upgrade immediately to 7.11.0 or at least 7.5.1.

🤖 Prompt for AI Agents

In delete_folder_contents/pom.xml around lines 43 to 46, the TestNG dependency
is pinned to 6.14.3 which must be upgraded; change the <version> value to a
patched release (preferably 7.11.0 or at minimum 7.5.1), update any
dependencyManagement entries or BOMs that override TestNG, run mvn -U clean
verify to refresh and run tests, and address any API/behavior changes surfaced
by the test run.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Check return value of deleteDirectory() to prevent silent failures.

Line 71 calls deleteDirectory(file) but ignores its return value. If the subdirectory deletion fails, the method continues and returns true, incorrectly indicating success. This can lead to partial deletions without proper error reporting.

Apply this diff to check the return value:

 private boolean deleteContentsOnly(File folder) {
     File[] allContents = folder.listFiles();
 
     if (allContents != null) {
         for (File file : allContents) {
             if (file.isDirectory()) {
                 // delete entire subfolder
-                deleteDirectory(file);
+                if (!deleteDirectory(file)) {
+                    return false;
+                }
             } else {
                 // delete file
                 if (!file.delete()) {
                     return false;
                 }
             }
         }
     }
     return true;
 }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	private boolean deleteContentsOnly(File folder) {
	File[] allContents = folder.listFiles();
	if (allContents != null) {
	for (File file : allContents) {
	if (file.isDirectory()) {
	// delete entire subfolder
	deleteDirectory(file);
	} else {
	// delete file
	if (!file.delete()) {
	return false;
	}
	}
	}
	}
	return true;
	}
	private boolean deleteContentsOnly(File folder) {
	File[] allContents = folder.listFiles();
	if (allContents != null) {
	for (File file : allContents) {
	if (file.isDirectory()) {
	// delete entire subfolder
	if (!deleteDirectory(file)) {
	return false;
	}
	} else {
	// delete file
	if (!file.delete()) {
	return false;
	}
	}
	}
	}
	return true;
	}

🤖 Prompt for AI Agents

In
delete_folder_contents/src/main/java/com/testsigma/addons/web/DeleteFolderContents.java
around lines 64 to 81, deleteContentsOnly ignores the boolean result of
deleteDirectory(file) causing silent success when a subdirectory fails to
delete; update the loop to check the return value of deleteDirectory(file) and
immediately return false if it fails (propagate the failure upward), keeping
existing behavior for file deletions and the final true return only when all
deletions succeed.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Critical: Hardcoded API key/JWT token must be removed.

This file contains a hardcoded JWT token that will be exposed in version control. Since the PR description states this addon will be published publicly, this creates a serious security risk. The token should be externalized to environment variables or a secure configuration management system.

Remove the hardcoded token and use environment variables instead:

-testsigma-sdk.api.key=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIyMjMyMmM2Ni04NWYzLWIyN2UtN2FiOS0zM2U2M2Q4OWM1MGIiLCJ1bmlxdWVJZCI6IjU3MTciLCJpZGVudGl0eUFjY291bnRVVUlkIjoiNDMifQ.HtTVbnLHJcQyQYSAnYaLm0qB_UUgADl3_8ksp6dhSYeccFx8vVEcVLrO5FQYJbNvUV_WqKp2bFfpso88OGqiBw
+testsigma-sdk.api.key=${TESTSIGMA_API_KEY}

Additionally, if this token has already been committed, it should be rotated immediately as it may already be compromised.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	testsigma-sdk.api.key=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIyMjMyMmM2Ni04NWYzLWIyN2UtN2FiOS0zM2U2M2Q4OWM1MGIiLCJ1bmlxdWVJZCI6IjU3MTciLCJpZGVudGl0eUFjY291bnRVVUlkIjoiNDMifQ.HtTVbnLHJcQyQYSAnYaLm0qB_UUgADl3_8ksp6dhSYeccFx8vVEcVLrO5FQYJbNvUV_WqKp2bFfpso88OGqiBw
	testsigma-sdk.api.key=${TESTSIGMA_API_KEY}

🤖 Prompt for AI Agents

In delete_folder_contents/src/main/resources/testsigma-sdk.properties at line 1
there is a hardcoded JWT/API key which must be removed; replace the literal
value with a placeholder and change the application configuration to read the
API key from an environment variable (e.g. TESTSIGMA_API_KEY) or a secure secret
provider, update repository docs/readme to instruct setting that env var, add a
testsigma-sdk.properties.example or .env.example with the placeholder, and
ensure the real token is removed from commits and rotated immediately if it was
already committed.