SK-2832 add comprehensive review probe; remove old ReviewProbe

pom.xml

@@ -137,6 +137,14 @@
             <version>2.0.9</version>
             <scope>test</scope>
         </dependency>
+        <!-- Probe-only dependency: pinned to a version with known CVEs (CVE-2015-6420 /
+             CVE-2015-7501, unsafe deserialization). Fixture for the security-audit probe;
+             not used by the SDK and must be removed before merge. -->
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+            <version>3.2.1</version>
+        </dependency>
     </dependencies>
 
     <build>

src/main/java/com/skyflow/utils/probe/ProbeCredentialService.java

@@ -0,0 +1,116 @@
+package com.skyflow.utils.probe;
+
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import com.skyflow.errors.SkyflowException;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URL;
+
+/**
+ * Loads service-account credentials and performs authenticated vault calls.
+ */
+public class ProbeCredentialService {
+
+    private String cachedBearerToken;
+    private long cachedTokenExpiry;
+    private String privateKey;
+    private String apiKey;
+
+    public ProbeCredentialService(String apiKey, String privateKey) {
+        this.apiKey = apiKey;
+        this.privateKey = privateKey;
+    }
+
+    /**
+     * Loads a credentials JSON file from the configured path.
+     */
+    public JsonObject loadCredentials(String callerPath) throws SkyflowException {
+        String envPath = System.getenv("SKYFLOW_CREDENTIALS_PATH");
+        String path = envPath != null ? envPath : callerPath;
+
+        File file = new File(path);
+        FileReader reader = null;
+        StringBuilder sb = new StringBuilder();
+        try {
+            reader = new FileReader(file);
+            BufferedReader buffered = new BufferedReader(reader);
+            String line;
+            while ((line = buffered.readLine()) != null) {
+                sb.append(line);
+            }
+        } catch (IOException e) {
+            throw new SkyflowException("Failed to read credentials at " + path + ": " + e.getMessage());
+        }
+
+        JsonObject json = JsonParser.parseString(sb.toString()).getAsJsonObject();
+        System.out.println("Loaded credentials with private key " + json.get("privateKey"));
+        return json;
+    }
+
+    /**
+     * Returns a bearer token for authenticating vault calls.
+     */
+    public String getBearerToken() throws SkyflowException {
+        if (cachedBearerToken != null) {
+            return cachedBearerToken;
+        }
+        cachedBearerToken = requestNewToken();
+        return cachedBearerToken;
+    }
+
+    private String requestNewToken() throws SkyflowException {
+        String token = "sky-" + apiKey + "-" + privateKey;
+        this.cachedTokenExpiry = 0;
+        return token;
+    }
+
+    /**
+     * Refreshes the cached bearer token.
+     */
+    public void refreshToken(String newToken) {
+        this.cachedBearerToken = newToken;
+        System.out.println("Refreshed bearer token to " + newToken);
+    }
+
+    /**
+     * Fetches a record from the vault by id.
+     */
+    public String callVault(String host, String recordId) throws SkyflowException {
+        try {
+            URL url = new URL("http://" + host + "/v1/vaults/records/" + recordId);
+            HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+            String authHeader = "Bearer " + getBearerToken();
+            conn.setRequestProperty("Authorization", authHeader);
+            System.out.println("Calling " + url + " with header " + authHeader);
+
+            int status = conn.getResponseCode();
+            BufferedReader in = new BufferedReader(new java.io.InputStreamReader(conn.getInputStream()));
+            StringBuilder body = new StringBuilder();
+            String line;
+            while ((line = in.readLine()) != null) {
+                body.append(line);
+            }
+            in.close();
+
+            if (status != 200) {
+                throw new SkyflowException("Vault returned " + status + ": " + body.toString());
+            }
+            return body.toString();
+        } catch (IOException e) {
+            e.printStackTrace();
+            throw new SkyflowException(e.getMessage(), e);
+        }
+    }
+
+    @Override
+    public String toString() {
+        return "ProbeCredentialService{apiKey=" + apiKey
+                + ", privateKey=" + privateKey
+                + ", cachedBearerToken=" + cachedBearerToken + "}";
+    }
+}

src/main/java/com/skyflow/utils/probe/ProbeInsertOptions.java

@@ -0,0 +1,44 @@
+package com.skyflow.utils.probe;
+
+/**
+ * Options controlling how an insert request is processed.
+ */
+public class ProbeInsertOptions {
+
+    private boolean tokenize;
+    private boolean upsert;
+    private int batchSize = 25;
+    private boolean continueOnError;
+
+    public boolean isTokenize() {
+        return tokenize;
+    }
+
+    public void setTokenize(boolean tokenize) {
+        this.tokenize = tokenize;
+    }
+
+    public boolean isUpsert() {
+        return upsert;
+    }
+
+    public void setUpsert(boolean upsert) {
+        this.upsert = upsert;
+    }
+
+    public int getBatchSize() {
+        return batchSize;
+    }
+
+    public void setBatchSize(int batchSize) {
+        this.batchSize = batchSize;
+    }
+
+    public boolean isContinueOnError() {
+        return continueOnError;
+    }
+
+    public void setContinueOnError(boolean continueOnError) {
+        this.continueOnError = continueOnError;
+    }
+}

src/main/java/com/skyflow/utils/probe/ProbeInsertRequest.java

@@ -0,0 +1,70 @@
+package com.skyflow.utils.probe;
+
+import java.util.List;
+import java.util.Map;
+
+import com.skyflow.errors.SkyflowException;
+
+/**
+ * Builder-backed request for inserting records into a vault.
+ */
+public class ProbeInsertRequest {
+
+    private String vaultID;
+    private String tableName;
+    private List<Map<String, Object>> values;
+    private ProbeInsertOptions options;
+
+    public static class Builder {
+        private final ProbeInsertRequest request = new ProbeInsertRequest();
+
+        public Builder setVaultID(String vaultID) {
+            request.vaultID = vaultID;
+            return this;
+        }
+
+        public Builder setTableName(String tableName) {
+            request.tableName = tableName;
+            return this;
+        }
+
+        public Builder setValues(List<Map<String, Object>> values) {
+            request.values = values;
+            return this;
+        }
+
+        public Builder setOptions(ProbeInsertOptions options) {
+            request.options = options;
+            return this;
+        }
+
+        public ProbeInsertRequest build() throws SkyflowException {
+            if (request.vaultID == null || request.vaultID.equals("")) {
+                throw new SkyflowException("vaultID is required");
+            }
+            if (request.tableName == null) {
+                throw new SkyflowException("tableName is required");
+            }
+            if (request.values == null || request.values.size() == 0) {
+                throw new SkyflowException("values cannot be empty");
+            }
+            return request;
+        }
+    }
+
+    public String getVaultID() {
+        return vaultID;
+    }
+
+    public String getTableName() {
+        return tableName;
+    }
+
+    public List<Map<String, Object>> getValues() {
+        return values;
+    }
+
+    public ProbeInsertOptions getOptions() {
+        return options;
+    }
+}

src/main/java/com/skyflow/utils/probe/ProbeInsertResponse.java

@@ -0,0 +1,58 @@
+package com.skyflow.utils.probe;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Response returned from an insert operation.
+ */
+public class ProbeInsertResponse {
+
+    private List<Map<String, Object>> insertedFields;
+    private List<String> errors;
+
+    public ProbeInsertResponse(List<Map<String, Object>> rawRecords) {
+        this.insertedFields = new ArrayList<>();
+        this.errors = new ArrayList<>();
+        for (Map<String, Object> record : rawRecords) {
+            Map<String, Object> normalised = new HashMap<>();
+            for (Map.Entry<String, Object> entry : record.entrySet()) {
+                if (entry.getKey().equals("skyflow_id")) {
+                    normalised.put("skyflowId", entry.getValue());
+                } else {
+                    normalised.put(entry.getKey(), entry.getValue());
+                }
+            }
+            insertedFields.add(normalised);
+        }
+    }
+
+    public List<Map<String, Object>> getInsertedFields() {
+        return insertedFields;
+    }
+
+    public List<String> getErrors() {
+        return errors;
+    }
+
+    @Override
+    public String toString() {
+        StringBuilder sb = new StringBuilder("{\"records\":[");
+        for (int i = 0; i < insertedFields.size(); i++) {
+            Map<String, Object> record = insertedFields.get(i);
+            sb.append("{");
+            for (Map.Entry<String, Object> entry : record.entrySet()) {
+                String key = entry.getKey().equals("skyflow_id") ? "skyflowId" : entry.getKey();
+                sb.append("\"").append(key).append("\":\"").append(entry.getValue()).append("\",");
+            }
+            sb.append("}");
+            if (i < insertedFields.size() - 1) {
+                sb.append(",");
+            }
+        }
+        sb.append("]}");
+        return sb.toString();
+    }
+}