feat/CUS-10780-Added classes to Select Random Value from Input Array and Store in runtime variable#342
Merged
Conversation
📝 WalkthroughWalkthroughThis PR introduces a new addon module Changes
Suggested reviewers
Estimated code review effort🎯 2 (Simple) | ⏱️ ~15 minutes Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
Warning Review ran into problems🔥 ProblemsGit: Failed to clone repository. Please run the Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 5
🧹 Nitpick comments (2)
stores_random_value_from_input_array/pom.xml (1)
37-40:junit-jupiter-apipins a milestone build (5.8.0-M1) — use a stable GA release.Milestone releases are pre-GA and not intended for production use. Replace with the nearest stable release (e.g.,
5.8.1or higher).🔧 Proposed fix
-<version>5.8.0-M1</version> +<version>5.10.2</version>🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@stores_random_value_from_input_array/pom.xml` around lines 37 - 40, The pom currently uses a milestone version for junit-jupiter-api via the junit.jupiter.version property (e.g., "5.8.0-M1"); update the junit.jupiter.version property to a stable GA release (for example "5.8.1" or a later GA) so the dependency org.junit.jupiter: junit-jupiter-api resolves to a non-milestone release, then run a build to verify tests; change the property where defined and ensure no other dependency enforces the milestone.stores_random_value_from_input_array/src/main/java/com/testsigma/addons/web/RandomValueFromArray.java (1)
30-65:execute()is copy-pasted identically across all 6 platform action classes — extract to a shared utility.The entire parsing and random-selection logic is duplicated verbatim across
android,ios,mobileweb,restapi,web, andwindowspackages. Any bug fix (such as those noted above) must be applied six times. Extract the logic to a shared static helper:♻️ Suggested utility class
// New file: com/testsigma/addons/util/RandomArrayUtil.java package com.testsigma.addons.util; import java.util.concurrent.ThreadLocalRandom; public final class RandomArrayUtil { private RandomArrayUtil() {} /** * Parses a JSON array string and returns a random element. * `@throws` IllegalArgumentException on malformed input or empty array */ public static String pickRandom(String jsonArrayInput) throws Exception { // ... shared validated logic here } }Each platform class then becomes:
String randomValue = RandomArrayUtil.pickRandom(inputArray.getValue().toString().trim()); runTimeData = new com.testsigma.sdk.RunTimeData(); runTimeData.setKey(variableName.getValue().toString()); runTimeData.setValue(randomValue); setSuccessMessage("Random value selected and stored: " + randomValue);🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@stores_random_value_from_input_array/src/main/java/com/testsigma/addons/web/RandomValueFromArray.java` around lines 30 - 65, The execute() method duplicates JSON-array parsing and random-selection across six platform action classes; extract that logic into a new utility class (e.g., com.testsigma.addons.util.RandomArrayUtil with a static method pickRandom(String jsonArrayInput)) that validates input, parses the array, handles edge cases (empty/malformed input) and returns a single random element (throwing an exception on error); then update each platform class's execute() (the existing method in RandomValueFromArray) to call RandomArrayUtil.pickRandom(inputArray.getValue().toString().trim()), set runTimeData and success message as before, and catch/handle exceptions from pickRandom to set failure result and error message.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@stores_random_value_from_input_array/pom.xml`:
- Around line 43-46: The TestNG dependency entry (groupId org.testng, artifactId
testng, version 6.14.3) is missing a test scope and will be included in the
shaded jar; update the dependency to add <scope>test</scope> so TestNG is only
used for tests and not packaged by the maven-shade-plugin, ensuring the
dependency block for testng includes the scope element.
In
`@stores_random_value_from_input_array/src/main/java/com/testsigma/addons/web/RandomValueFromArray.java`:
- Around line 59-62: The catch block in RandomValueFromArray currently swallows
exceptions and only sets result = FAILED and a generic setErrorMessage; update
the exception handling inside that catch to include the actual exception details
by appending e.getMessage() (and class name) to setErrorMessage and/or logging
the full exception (stacktrace) via the class logger so failures are
diagnosable; ensure you reference the existing Result assignment and
setErrorMessage call so you preserve behavior while adding the exception info.
- Around line 41-52: The current manual parsing in RandomValueFromArray
(cleaning and split(",") ) breaks when array items contain commas; replace this
logic by using Jackson's ObjectMapper to parse the input string into a
List<String> (or String[]) and then pick a random element (use the same
ThreadLocalRandom logic on the parsed list); also ensure jackson-databind is
added to the project dependencies (pom.xml) so ObjectMapper is available.
- Around line 38-42: The code in RandomValueFromArray uses
inputArray.getValue().toString() and variableName.getValue() without null/length
checks and then calls substring(1, input.length()-1), which can NPE or
StringIndexOutOfBoundsException; update the logic to first null-check
inputArray.getValue() and variableName.getValue(), ensure the retrieved value is
a String (or convert safely), trim and verify input.length() >= 2 before calling
substring, and handle the special "[]" or empty cases by returning a clear
FAILED result or descriptive error message (include the caught exception
message) instead of letting the broad catch hide diagnostics; apply these
validations to both places where inputArray and variableName are used so
failures are explicit and safe.
In
`@stores_random_value_from_input_array/src/main/resources/testsigma-sdk.properties`:
- Line 1: Revoke the exposed credential immediately and remove it from the repo:
revoke/rotate the Testsigma API key referenced by the property
testsigma-sdk.api.key in testsigma-sdk.properties, delete the committed
testsigma-sdk.properties (and the property) from the branch, scrub the secret
from git history (e.g., git filter-repo or BFG), and then stop committing
secrets by sourcing the key from CI/CD secrets or an environment variable (keep
the property name testsigma-sdk.api.key as the lookup key in code). Add a rule
to .gitignore (e.g., **/testsigma-sdk.properties) or otherwise ensure api.key is
excluded from commits, and update build/README to document injecting the key via
CI env var instead of storing it in the repo.
---
Duplicate comments:
In
`@stores_random_value_from_input_array/src/main/java/com/testsigma/addons/android/RandomValueFromArray.java`:
- Around line 31-66: The execute() method in RandomValueFromArray duplicates the
web implementation and needs the same fixes: validate inputArray and
variableName for nulls and empty values before use; avoid blind substring on
input—check that input startsWith("[") and endsWith("]") and has length >2
before trimming brackets; parse elements robustly by removing surrounding
quotes, splitting on commas, trimming each element and filtering out empty
strings (e.g., use a stream or loop to build a clean List<String>), then verify
the resulting list is non-empty before selecting a random index; on success set
runTimeData (new com.testsigma.sdk.RunTimeData()), key and value as before and
setSuccessMessage; on failure catch exceptions and include e.getMessage() in
setErrorMessage and set result to FAILED; also log the exception via
logger.error to aid debugging.
In
`@stores_random_value_from_input_array/src/main/java/com/testsigma/addons/ios/RandomValueFromArray.java`:
- Around line 31-66: The execute() method should mirror the web fix: defensively
check for nulls on inputArray.getValue() and variableName.getValue() before
using them, validate the input string length before calling substring and only
strip surrounding brackets if both first and last chars are '[' and ']', split
the cleaned string using a regex like "\\s*,\\s*" to avoid empty entries from
spaces, handle the case of an empty resulting array (set FAILED and a clear
error message), and when catching exceptions include the exception
message/details in setErrorMessage (and optionally log it) rather than
swallowing it; update references in this class to inputArray, variableName,
runTimeData, setSuccessMessage and setErrorMessage accordingly.
In
`@stores_random_value_from_input_array/src/main/java/com/testsigma/addons/mobileweb/RandomValueFromArray.java`:
- Around line 30-65: The execute() method has the same robustness bugs as the
web version: add null/empty checks for inputArray and variableName, avoid blind
substring() calls (only strip brackets if input length >=2 and it actually
startsWith('[') and endsWith(']')), and parse the input into elements using a
proper JSON/CSV-safe approach (e.g., use Jackson's ObjectMapper to readValue
into String[] or split on commas only after removing surrounding brackets when
safe) instead of naive replace/split so quoted values and embedded commas are
handled; also capture and log the actual exception (logger.error with e) and
include the exception message in setErrorMessage, and ensure runTimeData is
created and set only after successful parsing and selection in the execute()
method (references: execute(), inputArray, variableName, runTimeData,
setSuccessMessage, setErrorMessage).
In
`@stores_random_value_from_input_array/src/main/java/com/testsigma/addons/restapi/RandomValueFromArray.java`:
- Around line 31-66: The execute() method in RandomValueFromArray mishandles
null/empty inputs, brittle substring/replace parsing, and swallows exceptions;
fix by validating inputArray and variableName for nulls and empty strings, trim
and return FAILED with setErrorMessage if input is empty, parse the input more
robustly (handle cases with/without surrounding [ ] and quotes, and guard
against values.length==0), avoid substring blindly, split using a regex that
trims spaces, only create and set runTimeData if a random value was successfully
chosen, include the caught exception message in setErrorMessage or a logger, and
ensure setSuccessMessage is only called on success; reference execute(),
inputArray, variableName, runTimeData, setSuccessMessage and setErrorMessage
when making these changes.
In
`@stores_random_value_from_input_array/src/main/java/com/testsigma/addons/windows/RandomValueFromArray.java`:
- Around line 31-66: The execute() method in RandomValueFromArray should
defensively handle null/empty inputs and surface exception details: check
inputArray.getValue() and variableName.getValue() for null before using, coerce
the input to String safely, trim and optionally strip surrounding brackets only
if present, remove surrounding quotes, split and filter out empty elements and
trim each value, verify values.length>0 before selecting a random index, and set
runTimeData (runTimeData.setKey/setValue) only after successful selection; in
the catch block log the exception with logger.error and include e.getMessage()
in setErrorMessage so failures report details. Use the existing symbols
execute(), inputArray, variableName, runTimeData, and logger to locate and
implement these checks and improved error handling.
---
Nitpick comments:
In `@stores_random_value_from_input_array/pom.xml`:
- Around line 37-40: The pom currently uses a milestone version for
junit-jupiter-api via the junit.jupiter.version property (e.g., "5.8.0-M1");
update the junit.jupiter.version property to a stable GA release (for example
"5.8.1" or a later GA) so the dependency org.junit.jupiter: junit-jupiter-api
resolves to a non-milestone release, then run a build to verify tests; change
the property where defined and ensure no other dependency enforces the
milestone.
In
`@stores_random_value_from_input_array/src/main/java/com/testsigma/addons/web/RandomValueFromArray.java`:
- Around line 30-65: The execute() method duplicates JSON-array parsing and
random-selection across six platform action classes; extract that logic into a
new utility class (e.g., com.testsigma.addons.util.RandomArrayUtil with a static
method pickRandom(String jsonArrayInput)) that validates input, parses the
array, handles edge cases (empty/malformed input) and returns a single random
element (throwing an exception on error); then update each platform class's
execute() (the existing method in RandomValueFromArray) to call
RandomArrayUtil.pickRandom(inputArray.getValue().toString().trim()), set
runTimeData and success message as before, and catch/handle exceptions from
pickRandom to set failure result and error message.
Comment on lines
+43
to
+46
| <groupId>org.testng</groupId> | ||
| <artifactId>testng</artifactId> | ||
| <version>6.14.3</version> | ||
| </dependency> |
There was a problem hiding this comment.
testng is missing <scope>test</scope> and will be bundled into the shaded jar.
Because maven-shade-plugin packages all compile/runtime-scoped dependencies, TestNG will be included in the addon's final jar. This unnecessarily inflates the artifact and risks classpath conflicts with the runtime container.
🔧 Proposed fix
<dependency>
<groupId>org.testng</groupId>
<artifactId>testng</artifactId>
<version>6.14.3</version>
+ <scope>test</scope>
</dependency>📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| <groupId>org.testng</groupId> | |
| <artifactId>testng</artifactId> | |
| <version>6.14.3</version> | |
| </dependency> | |
| <groupId>org.testng</groupId> | |
| <artifactId>testng</artifactId> | |
| <version>6.14.3</version> | |
| <scope>test</scope> | |
| </dependency> |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@stores_random_value_from_input_array/pom.xml` around lines 43 - 46, The
TestNG dependency entry (groupId org.testng, artifactId testng, version 6.14.3)
is missing a test scope and will be included in the shaded jar; update the
dependency to add <scope>test</scope> so TestNG is only used for tests and not
packaged by the maven-shade-plugin, ensuring the dependency block for testng
includes the scope element.
Comment on lines
+38
to
+42
| String input = inputArray.getValue().toString().trim(); | ||
|
|
||
| // Remove [ and ] | ||
| String cleaned = input.substring(1, input.length() - 1); | ||
|
|
There was a problem hiding this comment.
Null dereference + StringIndexOutOfBoundsException on invalid input.
Two defects in sequence:
inputArray.getValue()can returnnull; calling.toString()on it throwsNullPointerException.input.substring(1, input.length() - 1)throwsStringIndexOutOfBoundsExceptionwheninput.length() < 2(e.g., empty string, a single character, or a bare"[]"resolves to an emptycleanedthat silently stores"").
Both are caught by the broad catch (Exception e) block and produce a generic FAILED result with no diagnostic info. The same vulnerability exists on line 55 (variableName.getValue()).
🛡️ Proposed fix with explicit validation
- String input = inputArray.getValue().toString().trim();
-
- // Remove [ and ]
- String cleaned = input.substring(1, input.length() - 1);
+ Object rawValue = inputArray.getValue();
+ if (rawValue == null) {
+ result = com.testsigma.sdk.Result.FAILED;
+ setErrorMessage("input-array value is null");
+ return result;
+ }
+ String input = rawValue.toString().trim();
+ if (input.length() < 2 || !input.startsWith("[") || !input.endsWith("]")) {
+ result = com.testsigma.sdk.Result.FAILED;
+ setErrorMessage("input-array must be a non-empty JSON array string, e.g. [\"a\",\"b\"]");
+ return result;
+ }
+ // Remove [ and ]
+ String cleaned = input.substring(1, input.length() - 1).trim();🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@stores_random_value_from_input_array/src/main/java/com/testsigma/addons/web/RandomValueFromArray.java`
around lines 38 - 42, The code in RandomValueFromArray uses
inputArray.getValue().toString() and variableName.getValue() without null/length
checks and then calls substring(1, input.length()-1), which can NPE or
StringIndexOutOfBoundsException; update the logic to first null-check
inputArray.getValue() and variableName.getValue(), ensure the retrieved value is
a String (or convert safely), trim and verify input.length() >= 2 before calling
substring, and handle the special "[]" or empty cases by returning a clear
FAILED result or descriptive error message (include the caught exception
message) instead of letting the broad catch hide diagnostics; apply these
validations to both places where inputArray and variableName are used so
failures are explicit and safe.
Comment on lines
+41
to
+52
| String cleaned = input.substring(1, input.length() - 1); | ||
|
|
||
| // Remove quotes | ||
| cleaned = cleaned.replace("\"", ""); | ||
|
|
||
| // Convert to array | ||
| String[] values = cleaned.split(","); | ||
|
|
||
| // Pick random value | ||
| int randomIndex = ThreadLocalRandom.current().nextInt(values.length); | ||
| String randomValue = values[randomIndex].trim(); | ||
|
|
There was a problem hiding this comment.
split(",") incorrectly tokenises array values that contain commas.
After stripping quotes with replace("\"", ""), the code splits on every raw comma. An input like ["New York, NY","Boston"] becomes ["New York", " NY", "Boston"] instead of ["New York, NY", "Boston"]. Use a proper JSON array parser (Jackson ObjectMapper is already a transitive dependency via jackson-annotations) to make this robust.
🔧 Proposed fix using Jackson
- // Remove [ and ]
- String cleaned = input.substring(1, input.length() - 1);
-
- // Remove quotes
- cleaned = cleaned.replace("\"", "");
-
- // Convert to array
- String[] values = cleaned.split(",");
+ // Parse as proper JSON array
+ com.fasterxml.jackson.databind.ObjectMapper mapper =
+ new com.fasterxml.jackson.databind.ObjectMapper();
+ String[] values = mapper.readValue(input, String[].class);
+ if (values.length == 0) {
+ result = com.testsigma.sdk.Result.FAILED;
+ setErrorMessage("input-array must contain at least one element");
+ return result;
+ }Note: jackson-databind must be added alongside jackson-annotations in pom.xml:
+<dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ <version>2.13.0</version>
+</dependency>🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@stores_random_value_from_input_array/src/main/java/com/testsigma/addons/web/RandomValueFromArray.java`
around lines 41 - 52, The current manual parsing in RandomValueFromArray
(cleaning and split(",") ) breaks when array items contain commas; replace this
logic by using Jackson's ObjectMapper to parse the input string into a
List<String> (or String[]) and then pick a random element (use the same
ThreadLocalRandom logic on the parsed list); also ensure jackson-databind is
added to the project dependencies (pom.xml) so ObjectMapper is available.
Comment on lines
+59
to
+62
| } catch (Exception e) { | ||
| result = com.testsigma.sdk.Result.FAILED; | ||
| setErrorMessage("Failed to select random value from input array"); | ||
| } |
There was a problem hiding this comment.
Exception details are silently discarded, making failures undiagnosable.
catch (Exception e) never logs e. Any parsing failure, NPE, or unexpected runtime error surfaces only as a generic "Failed to select random value" message. At minimum, log the exception:
🔧 Proposed fix
} catch (Exception e) {
result = com.testsigma.sdk.Result.FAILED;
+ logger.error("Failed to select random value from input array: {}", e.getMessage(), e);
setErrorMessage("Failed to select random value from input array");
}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@stores_random_value_from_input_array/src/main/java/com/testsigma/addons/web/RandomValueFromArray.java`
around lines 59 - 62, The catch block in RandomValueFromArray currently swallows
exceptions and only sets result = FAILED and a generic setErrorMessage; update
the exception handling inside that catch to include the actual exception details
by appending e.getMessage() (and class name) to setErrorMessage and/or logging
the full exception (stacktrace) via the class logger so failures are
diagnosable; ensure you reference the existing Result assignment and
setErrorMessage call so you preserve behavior while adding the exception info.
| @@ -0,0 +1 @@ | |||
| testsigma-sdk.api.key=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIyMjMyMmM2Ni04NWYzLWIyN2UtN2FiOS0zM2U2M2Q4OWM1MGIiLCJ1bmlxdWVJZCI6IjU5ODMiLCJpZGVudGl0eUFjY291bnRVVUlkIjoiNDMifQ.cp_dgUrROVfvwrXCeDbeGuf1OY6FnW65Vc2YoZt2O7pgQBecapKLdVN8dLd5rw3M8_OTqK1EyPK5cBJ-UYVCKA No newline at end of file | |||
There was a problem hiding this comment.
🚨 Revoke this API key immediately — live credential committed to a public repository.
The value testsigma-sdk.api.key is a JWT signed with HS512 that encodes a real user/account identity. This file is being committed to testsigmahq/testsigma-addons, which is a public repository. The credential is now permanently in git history even if the line is later removed.
Required actions:
- Revoke/rotate this API key in Testsigma immediately.
- Inject the key via CI/CD secrets or an environment variable at build time instead of storing it in a committed file.
- Add
**/testsigma-sdk.propertiesto.gitignore(or exclude theapi.keyproperty from committed files) to prevent future leaks.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In
`@stores_random_value_from_input_array/src/main/resources/testsigma-sdk.properties`
at line 1, Revoke the exposed credential immediately and remove it from the
repo: revoke/rotate the Testsigma API key referenced by the property
testsigma-sdk.api.key in testsigma-sdk.properties, delete the committed
testsigma-sdk.properties (and the property) from the branch, scrub the secret
from git history (e.g., git filter-repo or BFG), and then stop committing
secrets by sourcing the key from CI/CD secrets or an environment variable (keep
the property name testsigma-sdk.api.key as the lookup key in code). Add a rule
to .gitignore (e.g., **/testsigma-sdk.properties) or otherwise ensure api.key is
excluded from commits, and update build/README to document injecting the key via
CI env var instead of storing it in the repo.
vignesh-testsigma
approved these changes
Feb 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Publish this addon as PUBLIC
Addon Name: Stores Random Value From Input Array
Jarvis Link: https://jarvis.testsigma.com/ui/tenants/2817/addons
Jira : https://testsigma.atlassian.net/browse/CUS-10780
Added classes to Select Random Value from Input Array and Store in runtime variable
Summary by CodeRabbit
New Features
Chores