Skip to content

[CUS-11625] added nlps to fetch and update the tdp values.#368

Merged
ManojTestsigma merged 1 commit into
devfrom
CUS-11625
Mar 30, 2026
Merged

[CUS-11625] added nlps to fetch and update the tdp values.#368
ManojTestsigma merged 1 commit into
devfrom
CUS-11625

Conversation

@ManojTestsigma
Copy link
Copy Markdown
Contributor

@ManojTestsigma ManojTestsigma commented Mar 30, 2026
edited by coderabbitai Bot
Loading

please review this addon and publish as PUBLIC

Addon name : iterating_through_columns_in_tdps
Addon accont: https://jarvis.testsigma.com/ui/tenants/3072/addons
Jira: https://testsigma.atlassian.net/browse/CUS-11625

fix

Added NLP's to get and update the tdp data
Added Nlp to add new row for the given tdp in windows advanced application type

Summary by CodeRabbit

  • New Features

    • Added comprehensive Test Data Profile (TDP) management actions across Android, iOS, Web, Mobile Web, Salesforce, and Windows Advanced platforms
    • New actions: add columns, add rows, retrieve row data, get column count, retrieve specific values, store column values, and update values in TDP
    • Enhanced TDP API utilities with improved HTTP handling and request logging

  • Chores

    • Updated project version to 1.0.6
    • Added Apache Commons Lang and OkHttp dependencies

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Mar 30, 2026
edited
Loading

📝 Walkthrough

Walkthrough

This PR adds comprehensive Test Data Profile (TDP) management actions across six application types (Android, iOS, Web, Mobile Web, Salesforce, Windows Advanced), introducing 54 new action classes. It updates Maven dependencies and refactors TDPApiUtil with enhanced HTTP client support using OkHttp, SSL configuration, and logging capabilities for CRUD operations on TDP data.

Changes

Cohort / File(s) Summary
Maven Configuration
pom.xml		 Updated project version from 1.0.0 to 1.0.6; added dependencies: commons-lang3:3.17.0 and okhttp3:5.0.0-alpha.12.
TDP API Utility
com/testsigma/addons/util/TDPApiUtil.java		 Significant refactoring: added constructor with Logger parameter, refactored existing HTTP methods to include logging, introduced makeHttpRequest2 with OkHttp and all-trusting SSL, implemented makeHttpRequestWithBody for PUT/POST/PATCH operations, added convenience methods for TDP mutations (updateTDPIterationData, addTDPRow, addTDPRowWithEmptyData, addTDPColumn), updated response parsing to preserve column order using LinkedHashMap.
Android TDP Actions
com/testsigma/addons/android/* (9 files)		 Added action classes: AddColumnToTDP, AddNewRowToTDP, GetEntireRowFromTDP, GetTDPColumncount, GetTDPValue, SetTDpIteratorToZero, StoreNextColumnTdpValue, UpdateTDPValue. Each integrates with TDPApiUtil and manages runtime variables for test data manipulation.
iOS TDP Actions
com/testsigma/addons/ios/* (9 files)		 Added parallel iOS implementations of TDP action classes with identical functionality to Android variants, extending IOSAction base class.
Web TDP Actions
com/testsigma/addons/web/* (8 files)		 Added Web action classes; includes refactored StoreNextColumnTdpValue with improved variable naming (columnNameTestData/columnValueTestData) and updated GetEntireRowFromTDP, GetTDPColumncount, GetTDPValue with logger parameter in API calls.
Mobile Web TDP Actions
com/testsigma/addons/mobileweb/* (9 files)		 Added Mobile Web implementations of all TDP action classes extending WebAction.
Salesforce TDP Actions
com/testsigma/addons/salesforce/* (9 files)		 Added Salesforce-specific TDP action classes extending SalesforceAction with consistent API integration patterns.
Windows Advanced TDP Actions
com/testsigma/addons/windowsadvanced/* (9 files)		 Added Windows Advanced implementations of TDP action classes extending WindowsAdvancedAction.

Sequence Diagram

sequenceDiagram
    participant Action as TDP Action<br/>(e.g., GetTDPValue)
    participant Util as TDPApiUtil
    participant Http as OkHttp Client
    participant API as TDP API Server
    participant Runtime as Runtime Data<br/>Storage

    Action->>Util: getTDPIterationData(tdpId, setName, apiKey, logger)
    Util->>Util: validateInputs()
    Util->>Http: makeHttpRequest2(url, apiKey, logger)
    Http->>Http: createAllTrustingSSLContext()
    Http->>API: GET TDP Iteration Data
    API-->>Http: JSON Response
    Http-->>Util: responseBody
    Util->>Util: parseTDPResponse(responseBody)
    Util->>Util: buildLinkedHashMap(columnOrder)
    Util-->>Action: Map<String, String> parameterMap
    Action->>Action: validateParameter(parameterName)
    alt Parameter Found
        Action->>Runtime: setKey(runtimeVariable)
        Action->>Runtime: setValue(parameterValue)
        Action-->>Action: Result.SUCCESS
    else Parameter Not Found
        Action-->>Action: Result.FAILED<br/>(with available params)
    end
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

Suggested reviewers

  • Ganesh-Testsigma
  • vigneshtestsigma

Poem

🐰 Six platforms now dance, their columns in line,
OkHttp carries requests through SSL so fine,
Test data flows freely where iterators roam,
From Android to Salesforce, TDP finds its home! 🎉

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 13.79% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately reflects the main change: adding NLPs (natural language programs) to fetch and update TDP values across multiple application types.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch CUS-11625

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Note

Due to the large number of review comments, Critical severity comments were prioritized as inline comments.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (6)
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/GetEntireRowFromTDP.java (2)

60-73: ⚠️ Potential issue | 🟠 Major

Potential StringIndexOutOfBoundsException if all columns are skipped.

If the TDP only contains the columns S.No., ETF, and Set Name, the resultVariableForSToringOutput will remain empty, and line 73 will throw StringIndexOutOfBoundsException when attempting substring(0, -2).

Proposed fix 
             for (Map.Entry<String, String> entry : parameterValues.entrySet()) {
-                // skip the first three columns
-                
                 String key = entry.getKey();
                 if (key.equals("S.No.") || key.equals("ETF") || key.equals("Set Name")) {
                     logger.info("Skipping column: " + key);
                     continue;
                 }
                 else{
                     resultVariableForSToringOutput += entry.getValue() + ", ";
                 }
             }
-            // remove the last comma
-            resultVariableForSToringOutput = resultVariableForSToringOutput.substring(0, resultVariableForSToringOutput.length() - 2);
+            // remove the trailing ", " if present
+            if (resultVariableForSToringOutput.length() >= 2) {
+                resultVariableForSToringOutput = resultVariableForSToringOutput.substring(0, resultVariableForSToringOutput.length() - 2);
+            }
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/GetEntireRowFromTDP.java`
around lines 60 - 73, The loop in GetEntireRowFromTDP.java appends ", " to
resultVariableForSToringOutput and then unconditionally calls substring to
remove the last comma, which throws StringIndexOutOfBoundsException when all
columns are skipped; modify the code around the for-loop that iterates over
parameterValues (and the variable resultVariableForSToringOutput) to only call
substring when resultVariableForSToringOutput.length() >= 2 (or better, use a
StringBuilder and conditionally remove the trailing delimiter), i.e., check the
length before trimming and otherwise leave it empty or set a sensible default
value.

82-85: ⚠️ Potential issue | 🟡 Minor

Missing setErrorMessage() call before returning FAILED.

The catch block logs the error but does not set an error message for the user.

Proposed fix 
         } catch (Exception e) {
             logger.warn("Error occurred while processing TDP data: " + e.getMessage());
+            setErrorMessage("Error occurred while processing TDP data: " + e.getMessage());
             return com.testsigma.sdk.Result.FAILED;
         }
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/GetEntireRowFromTDP.java`
around lines 82 - 85, In GetEntireRowFromTDP's catch block where you currently
log the exception and return com.testsigma.sdk.Result.FAILED, call
setErrorMessage(...) on the current TestData or action context object (the
class's output/response setter) with a meaningful message (e.g., e.getMessage()
or a combined message) before returning FAILED so the user sees the error;
update the catch in GetEntireRowFromTDP to setErrorMessage and then return
com.testsigma.sdk.Result.FAILED.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/GetTDPColumncount.java (1)

49-52: ⚠️ Potential issue | 🟡 Minor

Missing setErrorMessage() call before returning FAILED.

Other action classes in this PR call setErrorMessage() to provide user-facing error details. This action only logs the error, leaving the test result without a meaningful message.

Proposed fix 
         catch (Exception e) {
             logger.info("Error occurred while getting total column count of TDP: " + e.getMessage());
+            setErrorMessage("Error occurred while getting total column count: " + e.getMessage());
             return com.testsigma.sdk.Result.FAILED;
         }
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/GetTDPColumncount.java`
around lines 49 - 52, The catch block in GetTDPColumncount currently logs the
exception but returns Result.FAILED without calling setErrorMessage, so the user
sees no descriptive error; update the catch in the GetTDPColumncount class (the
catch handling the exception around the column count logic) to call
setErrorMessage(...) with a meaningful message (e.g., include e.getMessage() or
a short context string) before returning com.testsigma.sdk.Result.FAILED and
keep the existing logger.info call.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/StoreNextColumnTdpValue.java (3)

39-44: ⚠️ Potential issue | 🔴 Critical

Static @RunTimeData fields cause thread-safety issues.

These static fields will be shared across all instances and concurrent test executions, leading to race conditions and data corruption. Each action instance should have its own runtime data.

     `@RunTimeData`
-    private static com.testsigma.sdk.RunTimeData runTimeData;
+    private com.testsigma.sdk.RunTimeData runTimeData;
     `@RunTimeData`
-    private static com.testsigma.sdk.RunTimeData iteratorRuntimeData;
+    private com.testsigma.sdk.RunTimeData iteratorRuntimeData;
     `@RunTimeData`
-    private static com.testsigma.sdk.RunTimeData columnNameRuntimeData;
+    private com.testsigma.sdk.RunTimeData columnNameRuntimeData;
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/StoreNextColumnTdpValue.java`
around lines 39 - 44, The three RunTimeData fields (runTimeData,
iteratorRuntimeData, columnNameRuntimeData) in StoreNextColumnTdpValue are
declared static causing shared state across threads; change them to instance
fields by removing the static modifier so each StoreNextColumnTdpValue instance
has its own RunTimeData, keeping the `@RunTimeData` annotation and access
modifiers intact to preserve behavior and thread-safety.

111-114: ⚠️ Potential issue | 🟠 Major

Missing setErrorMessage in outer catch block.

When an exception is caught here, only a warning is logged but setErrorMessage is not called. This means the failure reason won't be visible in test results, making debugging harder.

         } catch (Exception e) {
             logger.warn("Error occurred while processing TDP data: " + e.getMessage());
+            setErrorMessage("Error occurred while processing TDP data: " + e.getMessage());
             return com.testsigma.sdk.Result.FAILED;
         }
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/StoreNextColumnTdpValue.java`
around lines 111 - 114, The outer catch in StoreNextColumnTdpValue (the
catch(Exception e) block that currently logs a warn and returns Result.FAILED)
fails to call setErrorMessage, so add a call to the Testsigma step result setter
to record the failure reason (e.g., call setErrorMessage with e.getMessage() or
a combined message) before returning com.testsigma.sdk.Result.FAILED; update the
catch block in the execute/process method of StoreNextColumnTdpValue to set the
error message using the same step/result object used elsewhere in the class.

48-48: ⚠️ Potential issue | 🟡 Minor

Remove personal identifier from log message.

The log message contains "manoj" which appears to be a leftover from debugging. Clean this up before merging.

-        logger.info("Initiating execution manoj");
+        logger.info("Initiating execution");
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/StoreNextColumnTdpValue.java`
at line 48, The log message in StoreNextColumnTdpValue contains a personal
identifier ("manoj"); update the logger.info call in the StoreNextColumnTdpValue
class to remove the name and use a neutral, descriptive message (e.g.,
"Initiating StoreNextColumnTdpValue execution" or "Initiating execution") so the
log is professional and generic; locate the logger.info invocation and replace
the message accordingly.
♻️ Duplicate comments (2)
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/windowsadvanced/AddNewRowToTDP.java (1)

27-31: ⚠️ Potential issue | 🟡 Minor

Same required-input validation gap as other AddNewRow actions.

Please add early blank checks for tdp-id, row-name, and api-key before calling TDPApiUtil.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/windowsadvanced/AddNewRowToTDP.java`
around lines 27 - 31, Add early blank/empty-string validation for the three
inputs (tdpId, rowName, apiKey) before calling
TDPApiUtil.addTDPRowWithEmptyData: read their values (tdpId.getValue(),
rowName.getValue(), apiKey.getValue()), trim them into tdpIdStr, rowNameStr,
apiKeyStr, and if any is null/empty after trimming, log an error via logger (or
set the action to failed) and return without invoking TDPApiUtil; otherwise
proceed to call TDPApiUtil.addTDPRowWithEmptyData(tdpIdStr, rowNameStr,
apiKeyStr, logger).
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/mobileweb/UpdateTDPValue.java (1)

36-38: ⚠️ Potential issue | 🟡 Minor

Add early validation for empty parameter-name before payload creation.

This mirrors the same update-key validation issue raised in the iOS variant.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/mobileweb/UpdateTDPValue.java`
around lines 36 - 38, Before building the payload and calling
TDPApiUtil.updateTDPIterationData, validate that parameterName.getValue() is
non-null and its trimmed string is not empty; if it is empty, throw or return a
clear error (same behavior as the iOS variant) instead of creating updatedData.
Specifically check parameterName in the code that constructs updatedData and
only call TDPApiUtil.updateTDPIterationData when the validated key is present,
otherwise log/raise an appropriate error using logger to prevent sending an
empty key in the payload.
🟠 Major comments (25)
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/GetTDPColumncount.java-38-38 (1)

38-38: ⚠️ Potential issue | 🟠 Major

Avoid logging sensitive credentials.

The API key is logged in plain text, which could expose sensitive credentials in log files. Remove or mask the API key from log output.

🔒 Proposed fix 
-            logger.info("TDP ID: "+ tdpId +", Set Name: "+ setName +", API Key: "+ apiKey);
+            logger.info("TDP ID: "+ tdpId +", Set Name: "+ setName);
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/GetTDPColumncount.java`
at line 38, The logger line in GetTDPColumncount that prints "API Key: "+ apiKey
exposes secrets; remove the apiKey from logs or replace it with a masked value
(e.g., show only last 4 chars or a fixed placeholder) in the logger.info call so
the API key is never logged in full; update the logging statement in the
method/class GetTDPColumncount to omit or mask apiKey while keeping tdpId and
setName for context.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/android/UpdateTDPValue.java-40-40 (1)

40-40: ⚠️ Potential issue | 🟠 Major

Avoid logging sensitive credentials.

The API key is logged in plain text, which could expose sensitive credentials in log files.

Proposed fix 
-        logger.info("TDP ID: " + tdpIdStr + ", Set Name: " + setNameStr + ", Parameter: " + paramName + ", Value: " + paramValue);
+        logger.info("TDP ID: " + tdpIdStr + ", Set Name: " + setNameStr + ", Parameter: " + paramName);
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/android/UpdateTDPValue.java`
at line 40, The logger.info call in UpdateTDPValue that logs "TDP ID: " +
tdpIdStr + ", Set Name: " + setNameStr + ", Parameter: " + paramName + ", Value:
" + paramValue is exposing sensitive credentials (API key); update it to avoid
printing raw paramValue: either omit the value field entirely or detect
sensitive parameter names (e.g., when paramName contains "api", "key", "secret",
etc.) and replace paramValue with a masked string like "****" before logging;
modify the logging in the UpdateTDPValue class (the logger.info invocation) to
implement this masking/omission so credentials are never written in plain text.
iterating_through_columns_in_tdps/pom.xml-79-83 (1)

79-83: ⚠️ Potential issue | 🟠 Major

Replace the alpha version of OkHttp with the latest stable release.

Version 5.0.0-alpha.12 is a pre-release with no stability guarantees. Alpha versions may contain breaking changes or bugs affecting production reliability. Upgrade to the latest stable version, 5.3.2.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@iterating_through_columns_in_tdps/pom.xml` around lines 79 - 83, Replace the
pre-release OkHttp version with the stable release by updating the dependency
for groupId "com.squareup.okhttp3" and artifactId "okhttp" in the pom.xml:
change the <version> from "5.0.0-alpha.12" to the latest stable "5.3.2" so
builds use the supported stable OkHttp release.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/salesforce/GetTDPValue.java-51-51 (1)

51-51: ⚠️ Potential issue | 🟠 Major

Avoid exposing fetched TDP values in success messages.

Line 51 includes the raw parameter value in a user-visible message. TDP cells can contain sensitive data, so this should be redacted.

🔒 Proposed fix 
-            setSuccessMessage("Successfully retrieved parameter <b>" + paramName + "</b> = <b>" + value + "</b> from set <b>" + setNameStr + "</b>");
+            setSuccessMessage("Successfully retrieved parameter <b>" + paramName + "</b> from set <b>" + setNameStr + "</b>");
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/salesforce/GetTDPValue.java`
at line 51, The success message in GetTDPValue currently includes the raw
fetched TDP value (see the setSuccessMessage call that concatenates paramName
and value with setNameStr); change that so the actual value is not
exposed—either remove the value entirely or replace it with a redacted
placeholder (e.g., "<redacted>" or "REDACTED") when constructing the
setSuccessMessage string in the GetTDPValue class/method where value is used,
keeping paramName and setNameStr for context only.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/GetTDPValue.java-52-52 (1)

52-52: ⚠️ Potential issue | 🟠 Major

Do not log fetched TDP values.

Line 52 logs raw TDP data, which can leak secrets/PII into execution logs.

🔐 Proposed fix 
-            logger.info("Retrieved value: " + value);
+            logger.info("Successfully retrieved parameter value for key: {}", paramName);
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/GetTDPValue.java`
at line 52, The logger.info call in GetTDPValue that logs the raw TDP value
(logger.info("Retrieved value: " + value)) can leak secrets/PII; remove or
replace it with a non-sensitive message and/or masked output. Locate the logger
usage in class GetTDPValue (the logger.info referencing variable value) and
either delete that logging line or change it to a generic message such as "TDP
value retrieved" without including the value (or log a redacted/masked version),
ensuring no raw TDP data is written to logs.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/windowsadvanced/GetEntireRowFromTDP.java-37-42 (1)

37-42: ⚠️ Potential issue | 🟠 Major

Handle empty filtered rows before trimming trailing delimiter.

Lines 37–42 can throw StringIndexOutOfBoundsException when no values survive filtering (S.No., ETF, Set Name only).

✅ Proposed fix 
-            String resultVariable = "";
+            StringBuilder resultVariable = new StringBuilder();
             for (Map.Entry<String, String> entry : parameterValues.entrySet()) {
                 if (entry.getKey().equals("S.No.") || entry.getKey().equals("ETF") || entry.getKey().equals("Set Name")) continue;
-                resultVariable += entry.getValue() + ", ";
+                if (resultVariable.length() > 0) {
+                    resultVariable.append(", ");
+                }
+                resultVariable.append(entry.getValue());
             }
-            resultVariable = resultVariable.substring(0, resultVariable.length() - 2);
-            runTimeData.setValue(resultVariable);
+            runTimeData.setValue(resultVariable.toString());
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/windowsadvanced/GetEntireRowFromTDP.java`
around lines 37 - 42, The loop building resultVariable can produce an empty
string when all entries are filtered and then calling substring causes
StringIndexOutOfBoundsException; update the code around parameterValues,
resultVariable and the final runTimeData.setValue call to guard against an empty
result (e.g., only call substring/trimming if resultVariable length >= 2 or use
a StringJoiner/StringBuilder to append values and then set runTimeData.setValue
with either the joined string or an empty string/default when nothing was
appended).
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/StoreNextColumnTdpValue.java-53-53 (1)

53-53: ⚠️ Potential issue | 🟠 Major

Avoid logging API keys even at debug level.

Logging the API key, even at debug level, poses a security risk as logs may be persisted, aggregated, or accessed by unauthorized parties.

-            logger.debug("TDP ID: " + tdpId + ", Set Name: " + setName + ", API Key: " + apiKey);
+            logger.debug("TDP ID: " + tdpId + ", Set Name: " + setName);
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/StoreNextColumnTdpValue.java`
at line 53, The current logger.debug call in StoreNextColumnTdpValue logs the
sensitive apiKey (logger.debug with tdpId, setName, apiKey); remove the raw API
key from logs and either omit it entirely or log a masked value (e.g., replace
all but last few chars with asterisks) so only non-sensitive context remains;
update the logger.debug invocation to include only tdpId and setName (or include
a masked apiKey string) and ensure no other places in this class or method
concatenate and log the full apiKey.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/mobileweb/GetEntireRowFromTDP.java-36-44 (1)

36-44: ⚠️ Potential issue | 🟠 Major

Potential StringIndexOutOfBoundsException when all entries are filtered out.

If parameterValues contains only the skipped keys (S.No., ETF, Set Name), resultVariable remains empty, and substring(0, -2) throws StringIndexOutOfBoundsException.

🐛 Proposed fix with StringBuilder and empty-check 
-            String resultVariable = "";
-            for (Map.Entry<String, String> entry : parameterValues.entrySet()) {
-                if (entry.getKey().equals("S.No.") || entry.getKey().equals("ETF") || entry.getKey().equals("Set Name")) continue;
-                resultVariable += entry.getValue() + ", ";
-            }
-            resultVariable = resultVariable.substring(0, resultVariable.length() - 2);
+            StringBuilder sb = new StringBuilder();
+            for (Map.Entry<String, String> entry : parameterValues.entrySet()) {
+                if (entry.getKey().equals("S.No.") || entry.getKey().equals("ETF") || entry.getKey().equals("Set Name")) continue;
+                if (sb.length() > 0) sb.append(", ");
+                sb.append(entry.getValue());
+            }
+            String resultVariable = sb.toString();
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/mobileweb/GetEntireRowFromTDP.java`
around lines 36 - 44, The code building resultVariable in GetEntireRowFromTDP
iterates parameterValues and blindly trims the last ", " which will throw
StringIndexOutOfBoundsException when all entries are skipped; replace the
concatenation with a StringBuilder (or collect values into a list) while
skipping keys "S.No.", "ETF", "Set Name", then before trimming check if the
builder is empty—if empty set runTimeData.setValue("") (or a safe default) else
remove the trailing comma+space and call
runTimeData.setValue(builder.toString()); keep
runTimeData.setKey(testData4.getValue().toString()) and return Result.SUCCESS.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/salesforce/SetTDpIteratorToZero.java-25-27 (1)

25-27: ⚠️ Potential issue | 🟠 Major

This guard checks the iterator's current value, not the variable name.

Elsewhere in this PR the same TDP_ITERATOR_KEY_NAME runtime input is parsed as an integer, so after it contains "0" or "1" Line 25 will fail and this reset action can no longer reset it. Set the key directly and drop the literal-name check.

Suggested change 
-        if (!Objects.equals(testData1.getValue().toString(), "TDP_ITERATOR_KEY_NAME")) {
-            setErrorMessage("Don't change the TDP_ITERATOR_KEY_NAME variable name");
-            return com.testsigma.sdk.Result.FAILED;
-        }
         try {
             runTimeData.setValue("0");
             runTimeData.setKey("TDP_ITERATOR_KEY_NAME");
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/salesforce/SetTDpIteratorToZero.java`
around lines 25 - 27, The current guard in SetTDpIteratorToZero compares
testData1.getValue() to the literal "TDP_ITERATOR_KEY_NAME" (so it checks the
iterator's value rather than the variable name), which prevents resetting once
the value becomes "0" or "1"; remove that Objects.equals(...) check and instead
directly set the runtime input identified by TDP_ITERATOR_KEY_NAME to zero
(e.g., use the testData/testData1 setter to set the key/value for
TDP_ITERATOR_KEY_NAME to "0" or 0 as appropriate), dropping the literal-name
validation and ensuring the reset always writes the correct value.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/AddColumnToTDP.java-36-53 (1)

36-53: ⚠️ Potential issue | 🟠 Major

Preserve default-value verbatim and keep it out of logs/results.

default-value is payload, not an identifier. Trimming it on Line 38 changes legitimate data, and echoing it on Lines 41 and 52-53 leaks potentially sensitive TDP content into execution logs and reports.

Suggested change 
-        String defValue = defaultValue.getValue().toString().trim();
+        String defValue = defaultValue.getValue().toString();
         String apiKeyStr = apiKey.getValue().toString().trim();
 
-        logger.info("TDP ID: " + tdpIdStr + ", Column: " + colName + ", Default Value: " + defValue);
+        logger.info("Adding column " + colName + " to TDP " + tdpIdStr);
@@
-            setSuccessMessage("Successfully added new column <b>" + colName
-                    + "</b> with default value <b>" + defValue + "</b> to all rows in TDP");
+            setSuccessMessage("Successfully added new column <b>" + colName + "</b> to all rows in TDP");
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/AddColumnToTDP.java`
around lines 36 - 53, Remove trimming and logging of the defaultValue payload:
stop calling trim() on defaultValue (use defaultValue.getValue().toString() and
preserve exact content, handling nulls as needed), do not include defValue in
any logger.info or setSuccessMessage output, and instead log only non-sensitive
metadata (e.g., presence or length). Ensure TDPApiUtil.addTDPColumn(tdpIdStr,
colName, defValue, apiKeyStr, logger) continues to receive the untrimmed
defValue, and update setSuccessMessage to omit the default value (mention only
the column name or a redacted placeholder).
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/android/AddColumnToTDP.java-30-42 (1)

30-42: ⚠️ Potential issue | 🟠 Major

Preserve default-value verbatim and keep it out of logs/results.

default-value is payload, not an identifier. Trimming it on Line 32 changes legitimate data, and echoing it on Lines 34 and 42 leaks potentially sensitive TDP content into execution logs and reports.

Suggested change 
-        String defValue = defaultValue.getValue().toString().trim();
+        String defValue = defaultValue.getValue().toString();
         String apiKeyStr = apiKey.getValue().toString().trim();
-        logger.info("TDP ID: " + tdpIdStr + ", Column: " + colName + ", Default Value: " + defValue);
+        logger.info("Adding column " + colName + " to TDP " + tdpIdStr);
@@
-            setSuccessMessage("Successfully added new column <b>" + colName + "</b> with default value <b>" + defValue + "</b> to all rows in TDP");
+            setSuccessMessage("Successfully added new column <b>" + colName + "</b> to all rows in TDP");
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/android/AddColumnToTDP.java`
around lines 30 - 42, The code is trimming and logging the default value
(variable defValue), which can alter legitimate payloads and leak sensitive
content; stop trimming and remove it from all logs and user-facing messages.
Replace String defValue = defaultValue.getValue().toString().trim() with a raw
value variable (e.g., defaultValueRaw = defaultValue.getValue().toString()) and
pass that raw value to TDPApiUtil.addTDPColumn but do not include
defaultValueRaw in any logger.info or setSuccessMessage calls; update the
logger.info at line with column/TDP id to omit defValue and change
setSuccessMessage("Successfully added new column...") to avoid echoing the
default value (use a generic confirmation mentioning only the column name).
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/android/GetTDPValue.java-44-51 (1)

44-51: ⚠️ Potential issue | 🟠 Major

Do not echo the retrieved TDP value into the action result.

Line 51 writes the raw TDP cell into the step result, which can leak secrets/PII into reports. The value is already stored in runTimeData, so keep the status text generic and avoid echoing raw inputs from Line 45 as well.

Suggested change 
             if (!parameterValues.containsKey(paramName)) {
-                setErrorMessage("Parameter <b>" + paramName + "</b> not found in set <b>" + setNameStr + "</b>. Available parameters: " + parameterValues.keySet());
+                setErrorMessage("Requested parameter was not found in the given set.");
                 return Result.FAILED;
             }
             String value = parameterValues.get(paramName);
             runTimeData.setKey(runtimeVariable.getValue().toString());
             runTimeData.setValue(value);
-            setSuccessMessage("Successfully retrieved parameter <b>" + paramName + "</b> = <b>" + value + "</b> from set <b>" + setNameStr + "</b>");
+            setSuccessMessage("Successfully retrieved the requested parameter and stored it in the runtime variable.");
             return Result.SUCCESS;
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/android/GetTDPValue.java`
around lines 44 - 51, The success and error messages currently echo raw TDP data
and parameter lists; remove the retrieved cell value and any raw parameter set
contents from the log text. In GetTDPValue, keep the assignments to
runTimeData.setKey(runtimeVariable.getValue().toString()) and
runTimeData.setValue(value) and return Result.FAILED on missing keys, but change
setErrorMessage(...) to a generic message that does not include
parameterValues.keySet() or sensitive inputs and change setSuccessMessage(...)
to a generic success text (e.g., "Parameter retrieved and stored in runtime
data") that does not include paramName, value, or setNameStr.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/salesforce/GetEntireRowFromTDP.java-36-41 (1)

36-41: ⚠️ Potential issue | 🟠 Major

Guard the empty-row case before trimming the trailing delimiter.

If the row only contains skipped keys or parameterValues is empty, Line 41 becomes substring(0, -2) and throws. Build the output incrementally and fail cleanly when there are no user columns.

Suggested change 
-            String resultVariable = "";
+            StringBuilder resultVariable = new StringBuilder();
             for (Map.Entry<String, String> entry : parameterValues.entrySet()) {
                 if (entry.getKey().equals("S.No.") || entry.getKey().equals("ETF") || entry.getKey().equals("Set Name")) continue;
-                resultVariable += entry.getValue() + ", ";
+                if (resultVariable.length() > 0) {
+                    resultVariable.append(", ");
+                }
+                resultVariable.append(entry.getValue());
             }
-            resultVariable = resultVariable.substring(0, resultVariable.length() - 2);
-            runTimeData.setValue(resultVariable);
+            if (resultVariable.length() == 0) {
+                setErrorMessage("No user columns found for the requested set.");
+                return com.testsigma.sdk.Result.FAILED;
+            }
+            runTimeData.setValue(resultVariable.toString());
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/salesforce/GetEntireRowFromTDP.java`
around lines 36 - 41, The loop that builds resultVariable from parameterValues
can produce an empty string when all keys are skipped, leading to substring(0,
resultVariable.length() - 2) throwing; update the logic in GetEntireRowFromTDP
(the resultVariable construction) to build the output safely (use a
StringBuilder or conditionally append a ", " only between added values) and
before calling substring check that any user columns were appended — if none,
handle cleanly (return empty/result indicator or throw a clear exception)
instead of performing substring on a negative length.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/windowsadvanced/GetTDPValue.java-44-51 (1)

44-51: ⚠️ Potential issue | 🟠 Major

Do not echo the retrieved TDP value into the action result.

Line 51 writes the raw TDP cell into the step result, which can leak secrets/PII into reports. The value is already stored in runTimeData, so keep the status text generic and avoid echoing raw inputs from Line 45 as well.

Suggested change 
             if (!parameterValues.containsKey(paramName)) {
-                setErrorMessage("Parameter <b>" + paramName + "</b> not found in set <b>" + setNameStr + "</b>. Available parameters: " + parameterValues.keySet());
+                setErrorMessage("Requested parameter was not found in the given set.");
                 return Result.FAILED;
             }
             String value = parameterValues.get(paramName);
             runTimeData.setKey(runtimeVariable.getValue().toString());
             runTimeData.setValue(value);
-            setSuccessMessage("Successfully retrieved parameter <b>" + paramName + "</b> = <b>" + value + "</b> from set <b>" + setNameStr + "</b>");
+            setSuccessMessage("Successfully retrieved the requested parameter and stored it in the runtime variable.");
             return Result.SUCCESS;
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/windowsadvanced/GetTDPValue.java`
around lines 44 - 51, The step result currently echoes sensitive data: change
the messages to avoid including raw parameter names/values. In the block that
checks parameterValues.containsKey(paramName) and when setting success use
runTimeData, replace the setErrorMessage(...) and setSuccessMessage(...) calls
so they do not include paramName, setNameStr, parameterValues.keySet(), or the
retrieved value; instead log a generic status like "Parameter lookup failed" or
"Parameter retrieved and stored in runtime variable" while keeping the existing
runTimeData.setKey(...) and runTimeData.setValue(...) and return Result.FAILED
on error. Ensure references to parameterValues, paramName, setNameStr,
runTimeData, setErrorMessage, and setSuccessMessage are updated accordingly.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/ios/StoreNextColumnTdpValue.java-50-73 (1)

50-73: ⚠️ Potential issue | 🟠 Major

This iterator assumes a deterministic Map order that isn't enforced.

columnNamesList and columnValuesList are indexed by whatever order parameterValues.entrySet() yields. If getTDPIterationData(...) returns a HashMap, the same iterator index will point at different columns across runs, which breaks the core iteration behavior.

#!/bin/bash
# Inspect how getTDPIterationData constructs and returns its map.
# Expectation: an ordered map/list is used; a HashMap here makes iteration order unstable.
fd 'TDPApiUtil\.java$' | xargs -r rg -n -C4 'getTDPIterationData|LinkedHashMap|HashMap'
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/ios/StoreNextColumnTdpValue.java`
around lines 50 - 73, The iteration is relying on non-deterministic Map
iteration (parameterValues) which can make columnNamesList/columnValuesList
mismatched across runs; fix by enforcing a deterministic order before indexing:
either change TDPApiUtil.getTDPIterationData to return an ordered Map (e.g.,
LinkedHashMap) or, inside StoreNextColumnTdpValue, extract and sort the keys
(excluding "S.No.", "ETF", "Set Name") into a List and then populate
columnNamesList and columnValuesList by iterating that ordered key list so
columnNamesList.get(iteratorValue) always corresponds to
columnValuesList.get(iteratorValue). Ensure you reference parameterValues,
columnNamesList, columnValuesList, getTDPIterationData and update
setSuccessMessage/runTimeData logic unchanged.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/ios/GetEntireRowFromTDP.java-39-45 (1)

39-45: ⚠️ Potential issue | 🟠 Major

Guard the empty-row case before trimming the trailing delimiter.

If the row only contains skipped keys or parameterValues is empty, Line 45 becomes substring(0, -2) and throws. Build the output incrementally and fail cleanly when there are no user columns.

Suggested change 
-            String resultVariable = "";
+            StringBuilder resultVariable = new StringBuilder();
             for (Map.Entry<String, String> entry : parameterValues.entrySet()) {
                 String key = entry.getKey();
                 if (key.equals("S.No.") || key.equals("ETF") || key.equals("Set Name")) continue;
-                resultVariable += entry.getValue() + ", ";
+                if (resultVariable.length() > 0) {
+                    resultVariable.append(", ");
+                }
+                resultVariable.append(entry.getValue());
             }
-            resultVariable = resultVariable.substring(0, resultVariable.length() - 2);
-            runTimeData.setValue(resultVariable);
+            if (resultVariable.length() == 0) {
+                setErrorMessage("No user columns found for the requested set.");
+                return com.testsigma.sdk.Result.FAILED;
+            }
+            runTimeData.setValue(resultVariable.toString());
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/ios/GetEntireRowFromTDP.java`
around lines 39 - 45, The loop that builds resultVariable from parameterValues
can produce an empty string when all keys are skipped and then calls
substring(0, length-2) causing a crash; update the code in GetEntireRowFromTDP
to build the output safely (e.g., use a StringBuilder or append to a list and
join) while skipping keys "S.No.", "ETF", "Set Name", and before trimming check
whether any user columns were added—if none, fail cleanly by throwing a
descriptive exception or returning an explicit empty/placeholder value instead
of calling substring with a negative index.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/ios/StoreNextColumnTdpValue.java-36-41 (1)

36-41: ⚠️ Potential issue | 🟠 Major

Remove static keyword from @RunTimeData fields—they should be instance fields per SDK design.

The Testsigma SDK's @RunTimeData annotation is designed for instance-level injection and use; static fields break the per-instance runtime data mechanism. Official Testsigma documentation explicitly recommends declaring these as private non-static instance fields. Static mutable fields also create cross-test contamination risk in parallel execution.

Suggested change 
     `@RunTimeData`
-    private static com.testsigma.sdk.RunTimeData runTimeData;
+    private com.testsigma.sdk.RunTimeData runTimeData;
     `@RunTimeData`
-    private static com.testsigma.sdk.RunTimeData iteratorRuntimeData;
+    private com.testsigma.sdk.RunTimeData iteratorRuntimeData;
     `@RunTimeData`
-    private static com.testsigma.sdk.RunTimeData columnNameRuntimeData;
+    private com.testsigma.sdk.RunTimeData columnNameRuntimeData;
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/ios/StoreNextColumnTdpValue.java`
around lines 36 - 41, The three `@RunTimeData` fields in StoreNextColumnTdpValue
(runTimeData, iteratorRuntimeData, columnNameRuntimeData) are declared static
but must be instance fields; remove the static modifier so they are private
instance members, update any code that referenced them statically to use the
instance field (this or direct access) within instance methods, and ensure no
static initialization or static helper methods rely on them so the Testsigma SDK
can inject per-instance runtime data correctly.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/mobileweb/AddColumnToTDP.java-35-37 (1)

35-37: ⚠️ Potential issue | 🟠 Major

Don't trim persisted default values.

default-value is user data, not an identifier. Trimming it strips intentional leading/trailing spaces and makes the success message disagree with what was actually written when the input contains whitespace.

Suggested adjustment 
+            String defaultValueStr = defaultValue.getValue().toString();
-            TDPApiUtil.addTDPColumn(tdpId.getValue().toString().trim(), colName, defaultValue.getValue().toString().trim(), apiKey.getValue().toString().trim(), logger);
+            TDPApiUtil.addTDPColumn(tdpId.getValue().toString().trim(), colName, defaultValueStr, apiKey.getValue().toString().trim(), logger);
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/mobileweb/AddColumnToTDP.java`
around lines 35 - 37, The code trims the user-provided default value before
persisting and displaying it; stop trimming persisted user data by passing the
raw default value string from defaultValue.getValue().toString() (without
.trim()) into TDPApiUtil.addTDPColumn and use that same untrimmed string in
setSuccessMessage so the stored value and the success message match; keep
trimming identifiers like tdpId/apiKey but remove .trim() usage for defaultValue
in the calls around addTDPColumn and setSuccessMessage in AddColumnToTDP (the
try block where TDPApiUtil.addTDPColumn and setSuccessMessage are invoked).
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/ios/AddNewRowToTDP.java-27-31 (1)

27-31: ⚠️ Potential issue | 🟠 Major

Fail fast on blank row names.

After trim(), " " becomes an empty identifier and is still sent to addTDPRowWithEmptyData(...). That can create an unnamed row or push a basic validation error downstream.

Suggested adjustment 
         String tdpIdStr = tdpId.getValue().toString().trim();
         String rowNameStr = rowName.getValue().toString().trim();
         String apiKeyStr = apiKey.getValue().toString().trim();
+        if (rowNameStr.isEmpty()) {
+            setErrorMessage("Row name cannot be empty");
+            return Result.FAILED;
+        }
         try {
             TDPApiUtil.addTDPRowWithEmptyData(tdpIdStr, rowNameStr, apiKeyStr, logger);
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/ios/AddNewRowToTDP.java`
around lines 27 - 31, After trimming, rowNameStr can be empty (e.g., "  ") and
must be rejected before calling TDPApiUtil.addTDPRowWithEmptyData; add a guard
in AddNewRowToTDP that checks if rowNameStr.isEmpty() and fail fast (throw
IllegalArgumentException or log an error and return/fail the step) including a
clear message referencing rowNameStr so the API is not called with an empty
identifier.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/UpdateTDPValue.java-44-59 (1)

44-59: ⚠️ Potential issue | 🟠 Major

Preserve and redact parameter-value.

parameter-value is the payload being written, so trim() silently changes user data. The same raw value is then echoed into logs and the success message, which can leak secrets or PII from the TDP into execution artifacts.

Suggested adjustment 
-        String paramValue = parameterValue.getValue().toString().trim();
+        String paramValue = parameterValue.getValue().toString();
@@
-        logger.info("TDP ID: " + tdpIdStr + ", Set Name: " + setNameStr
-                + ", Parameter: " + paramName + ", Value: " + paramValue);
+        logger.info("TDP ID: " + tdpIdStr + ", Set Name: " + setNameStr
+                + ", Parameter: " + paramName);
@@
-            setSuccessMessage("Successfully updated parameter <b>" + paramName
-                    + "</b> to <b>" + paramValue + "</b> in set <b>" + setNameStr + "</b>");
+            setSuccessMessage("Successfully updated parameter <b>" + paramName
+                    + "</b> in set <b>" + setNameStr + "</b>");
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/UpdateTDPValue.java`
around lines 44 - 59, The code currently trims and logs the user-supplied
payload (parameterValue -> paramValue) which mutates the original data and may
leak secrets/PII; instead preserve the raw value from
parameterValue.getValue().toString() in a new variable (e.g., rawParamValue) and
use that raw value when building updatedData/TDPApiUtil.updateTDPIterationData
(do not call trim()), but redact or omit the actual value when calling
logger.info and setSuccessMessage (e.g., log only paramName, setNameStr and a
redacted placeholder like "<REDACTED>" or value length), updating references to
paramValue, updatedData, logger and setSuccessMessage accordingly.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/windowsadvanced/SetTDpIteratorToZero.java-18-29 (1)

18-29: ⚠️ Potential issue | 🟠 Major

Fix the runtime-variable check logic.

TestData.getValue() returns the resolved runtime variable value, not the variable name. The current check at line 23 compares this resolved value against the literal string "TDP_ITERATOR_KEY_NAME", which will only pass if the runtime variable happens to contain that exact string as its value—not what the error message ("Don't change the TDP_ITERATOR_KEY_NAME variable name") suggests you intend to verify.

If the goal is to validate that a specific runtime variable was assigned, rethink the validation approach. If it's to initialize an iterator counter to zero, the variable reference and the comparison logic need alignment.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/windowsadvanced/SetTDpIteratorToZero.java`
around lines 18 - 29, The current check in execute() incorrectly compares
testData1.getValue() (the resolved runtime value) to the literal
"TDP_ITERATOR_KEY_NAME"; instead treat getValue() as the runtime value—remove
that equality check and either validate/initialize the iterator value: read
String val = testData1.getValue().toString(), if val is null/empty or not
numeric then set runTimeData.setValue("0") (or otherwise parse
Integer.parseInt(val) for further logic), and set appropriate result; use the
existing testData1 and runTimeData symbols in execute() and update the error
path to no longer assert on the variable name string.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/util/TDPApiUtil.java-61-70 (1)

61-70: ⚠️ Potential issue | 🟠 Major

Disabling SSL certificate verification is a security risk.

Trusting all certificates and disabling hostname verification makes the application vulnerable to man-in-the-middle attacks. The API key transmitted via Bearer token could be intercepted.

If this is required for specific environments (e.g., self-hosted instances with self-signed certs), consider making it configurable rather than always disabled.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/util/TDPApiUtil.java`
around lines 61 - 70, The current code unconditionally creates an insecure
SSLContext via SSLContextBuilder and an SSLConnectionSocketFactory with
NoopHostnameVerifier (symbols: SSLContext sslContext, SSLContextBuilder,
SSLConnectionSocketFactory, NoopHostnameVerifier) which disables certificate and
hostname validation; change this to make the insecure behavior configurable
(e.g., boolean flag trustAllSsl or disableHostnameVerification read from
config/env), default to secure validation, and only when the flag is true build
the permissive SSLContext and use NoopHostnameVerifier; update the code paths
that construct the HTTP client to branch on that flag and document the config so
self-signed/test environments can opt-in without affecting production.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/util/TDPApiUtil.java-93-94 (1)

93-94: ⚠️ Potential issue | 🟠 Major

Authorization header logged — potential credential exposure.

Logging all headers at Line 94 will include the Authorization: Bearer <apiKey> token. This exposes credentials in log files, violating security best practices and potentially compliance requirements.

🔒 Suggested fix: Remove or redact sensitive headers from logs 
         logger.info("HTTP GET request headers set");
         logger.info("httpGet Details: " + httpGet);
-        logger.info("Headers" + Arrays.toString(httpGet.getAllHeaders()));
+        // Avoid logging Authorization header to prevent credential exposure
+        logger.info("Headers: Accept=" + httpGet.getFirstHeader("Accept") + 
+                    ", Content-Type=" + httpGet.getFirstHeader("Content-Type"));
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/util/TDPApiUtil.java`
around lines 93 - 94, Logging http headers in TDPApiUtil.java via the
httpGet.getAllHeaders() call exposes the Authorization bearer token; instead,
change the logging to iterate the headers from httpGet (the httpGet variable /
getAllHeaders()) and either omit the "Authorization" header or redact its value
(e.g., replace value with "[REDACTED]") before composing the log message so
other non-sensitive headers can still be logged safely.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/util/TDPApiUtil.java-330-338 (1)

330-338: ⚠️ Potential issue | 🟠 Major

Resource leak: Response not closed after use.

Same issue as makeHttpRequest2 — the okhttp3.Response must be closed to release connections.

🐛 Suggested fix: Use try-with-resources 
-        okhttp3.Response response = client.newCall(requestBuilder.build()).execute();
-        String responseBody = response.body() != null ? response.body().string() : "";
-        logger.info("Response code: " + response.code());
-        logger.info("Response body: " + responseBody);
-
-        if (!response.isSuccessful()) {
-            throw new RuntimeException("HTTP " + response.code() + ": " + responseBody);
-        }
-        return responseBody;
+        try (okhttp3.Response response = client.newCall(requestBuilder.build()).execute()) {
+            String responseBody = response.body() != null ? response.body().string() : "";
+            logger.info("Response code: " + response.code());
+            logger.info("Response body: " + responseBody);
+
+            if (!response.isSuccessful()) {
+                throw new RuntimeException("HTTP " + response.code() + ": " + responseBody);
+            }
+            return responseBody;
+        }
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/util/TDPApiUtil.java`
around lines 330 - 338, The Response returned by OkHttp in TDPApiUtil is not
closed, causing a connection/resource leak; update the method containing this
snippet (e.g., makeHttpRequest) to use try-with-resources for okhttp3.Response:
wrap the client.newCall(...).execute() call in a try (Response response =
client.newCall(requestBuilder.build()).execute()) { ... } block, move
response.body().string() and the logger calls inside that block, and return the
local responseBody so the Response is automatically closed.
iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/util/TDPApiUtil.java-154-165 (1)

154-165: ⚠️ Potential issue | 🟠 Major

Resource leak: OkHttp Response is not closed.

okhttp3.Response implements Closeable and must be closed to release the underlying connection back to the pool. Failing to close it can exhaust connection pools and cause resource starvation.

Additionally, response.body() can return null, causing an NPE at line 159.

🐛 Suggested fix: Use try-with-resources and null check 
-            okhttp3.Response response = newClient.newCall(request).execute();
-
-            // get response code
-            logger.info("Response code: " + response.code());
-
-            responseBody = response.body().string();
-            logger.info("Response body: " + responseBody);
+            try (okhttp3.Response response = newClient.newCall(request).execute()) {
+                // get response code
+                logger.info("Response code: " + response.code());
+
+                responseBody = response.body() != null ? response.body().string() : "";
+                logger.info("Response body: " + responseBody);
+            }
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/util/TDPApiUtil.java`
around lines 154 - 165, The OkHttp Response created in TDPApiUtil (the line
"okhttp3.Response response = newClient.newCall(request).execute()") is never
closed and response.body() may be null; wrap the call in a try-with-resources
(try (okhttp3.Response response = newClient.newCall(request).execute()) { ... })
so the Response is always closed, then null-check response.body() before calling
.string() (handle null by setting responseBody to "" or throwing a clear
exception) and keep the existing logging inside the try block; propagate or wrap
exceptions as currently done.
ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9d1db775-8200-4de9-8de9-210cde4c63d3

📥 Commits

Reviewing files that changed from the base of the PR and between 5099e11 and 11002cd.

📒 Files selected for processing (49)
  • iterating_through_columns_in_tdps/pom.xml
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/android/AddColumnToTDP.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/android/AddNewRowToTDP.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/android/GetEntireRowFromTDP.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/android/GetTDPColumncount.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/android/GetTDPValue.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/android/SetTDpIteratorToZero.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/android/StoreNextColumnTdpValue.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/android/UpdateTDPValue.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/ios/AddColumnToTDP.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/ios/AddNewRowToTDP.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/ios/GetEntireRowFromTDP.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/ios/GetTDPColumncount.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/ios/GetTDPValue.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/ios/SetTDpIteratorToZero.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/ios/StoreNextColumnTdpValue.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/ios/UpdateTDPValue.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/mobileweb/AddColumnToTDP.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/mobileweb/AddNewRowToTDP.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/mobileweb/GetEntireRowFromTDP.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/mobileweb/GetTDPColumncount.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/mobileweb/GetTDPValue.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/mobileweb/SetTDpIteratorToZero.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/mobileweb/StoreNextColumnTdpValue.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/mobileweb/UpdateTDPValue.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/salesforce/AddColumnToTDP.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/salesforce/AddNewRowToTDP.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/salesforce/GetEntireRowFromTDP.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/salesforce/GetTDPColumncount.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/salesforce/GetTDPValue.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/salesforce/SetTDpIteratorToZero.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/salesforce/StoreNextColumnTdpValue.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/salesforce/UpdateTDPValue.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/util/TDPApiUtil.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/AddColumnToTDP.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/AddNewRowToTDP.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/GetEntireRowFromTDP.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/GetTDPColumncount.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/GetTDPValue.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/StoreNextColumnTdpValue.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/web/UpdateTDPValue.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/windowsadvanced/AddColumnToTDP.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/windowsadvanced/AddNewRowToTDP.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/windowsadvanced/GetEntireRowFromTDP.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/windowsadvanced/GetTDPColumncount.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/windowsadvanced/GetTDPValue.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/windowsadvanced/SetTDpIteratorToZero.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/windowsadvanced/StoreNextColumnTdpValue.java
  • iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/windowsadvanced/UpdateTDPValue.java

Comment thread ..._through_columns_in_tdps/src/main/java/com/testsigma/addons/android/GetEntireRowFromTDP.java
Comment on lines +39 to +46
String resultVariable = "";
for (Map.Entry<String, String> entry : parameterValues.entrySet()) {
String key = entry.getKey();
if (key.equals("S.No.") || key.equals("ETF") || key.equals("Set Name")) continue;
resultVariable += entry.getValue() + ", ";
}
resultVariable = resultVariable.substring(0, resultVariable.length() - 2);
runTimeData.setValue(resultVariable);
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

substring can crash when no eligible columns are present.

If all keys are filtered out, resultVariable is empty and substring(0, -2) throws at runtime.

Suggested fix 
+import java.util.StringJoiner;
...
-            String resultVariable = "";
+            StringJoiner resultJoiner = new StringJoiner(", ");
             for (Map.Entry<String, String> entry : parameterValues.entrySet()) {
                 String key = entry.getKey();
                 if (key.equals("S.No.") || key.equals("ETF") || key.equals("Set Name")) continue;
-                resultVariable += entry.getValue() + ", ";
+                resultJoiner.add(String.valueOf(entry.getValue()));
             }
-            resultVariable = resultVariable.substring(0, resultVariable.length() - 2);
-            runTimeData.setValue(resultVariable);
+            runTimeData.setValue(resultJoiner.toString());
             runTimeData.setKey(testData4.getValue().toString());
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
String resultVariable = "";
for (Map.Entry<String, String> entry : parameterValues.entrySet()) {
String key = entry.getKey();
if (key.equals("S.No.") || key.equals("ETF") || key.equals("Set Name")) continue;
resultVariable += entry.getValue() + ", ";
}
resultVariable = resultVariable.substring(0, resultVariable.length() - 2);
runTimeData.setValue(resultVariable);
StringJoiner resultJoiner = new StringJoiner(", ");
for (Map.Entry<String, String> entry : parameterValues.entrySet()) {
String key = entry.getKey();
if (key.equals("S.No.") || key.equals("ETF") || key.equals("Set Name")) continue;
resultJoiner.add(String.valueOf(entry.getValue()));
}
runTimeData.setValue(resultJoiner.toString());
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In
`@iterating_through_columns_in_tdps/src/main/java/com/testsigma/addons/android/GetEntireRowFromTDP.java`
around lines 39 - 46, The current loop in GetEntireRowFromTDP builds
resultVariable by appending values then unconditionally calling substring to
strip the trailing ", ", which will throw if no eligible keys in parameterValues
exist; change the logic to avoid substring on an empty string—e.g., use a
StringBuilder or check resultVariable.length() >= 2 before calling substring,
and only call runTimeData.setValue(...) with the trimmed string (or an empty
string) when appropriate; update references around resultVariable,
parameterValues iteration, and runTimeData.setValue to implement this safe
trimming.

@ManojTestsigma ManojTestsigma merged commit 6a61429 into dev Mar 30, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@vignesh-testsigma vignesh-testsigma vignesh-testsigma approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ManojTestsigma @vignesh-testsigma