Skip to content

[grid] Update handling SessionId from json #16683

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
VietND96 merged 1 commit into from
Dec 5, 2025
Merged

[grid] Update handling SessionId from json #16683

VietND96 merged 1 commit into from
Dec 5, 2025

Conversation

@VietND96
Copy link
Member

@VietND96 VietND96 commented Dec 5, 2025
edited by qodo-code-review bot
Loading

User description

🔗 Related Issues

💥 What does this PR do?

Add back something since PR #16678

🔧 Implementation Notes

💡 Additional Considerations

🔄 Types of changes

  • Cleanup (formatting, renaming)
  • Bug fix (backwards compatible)
  • New feature (non-breaking change which adds functionality and tests!)
  • Breaking change (fix or feature that would cause existing functionality to change)

PR Type

Bug fix

Description

  • Restore SessionId JSON deserialization from Map objects

  • Handle legacy session ID format with "value" key

  • Change toJson() return type from Object to String

  • Add Map import for type handling

Diagram Walkthrough

flowchart LR
  A["SessionId.fromJson()"] --> B["Check if raw is String"]
  B -->|Yes| C["Create SessionId from String"]
  B -->|No| D["Check if raw is Map"]
  D -->|Yes| E["Extract value from Map"]
  E --> F["Create SessionId from value"]
  D -->|No| G["Throw JsonException"]
Loading

File Walkthrough
Relevant files
Bug fix
SessionId.java
Add Map-based SessionId JSON deserialization support         

java/src/org/openqa/selenium/remote/SessionId.java

  • Added Map import for handling Map-based session ID deserialization
  • Changed toJson() return type from Object to String for type safety
  • Extended fromJson() to handle Map objects with "value" key
  • Maintains backward compatibility with String-based session IDs
 +9/-1     

@selenium-ci selenium-ci added the C-java Java Bindings label Dec 5, 2025
@qodo-code-review
Copy link
Contributor

qodo-code-review bot commented Dec 5, 2025

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢
No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
🟡
🎫 #1234
🟢 Ensure backward compatibility so existing scripts relying on prior behavior continue to
work.
🔴 Investigate and fix regression where clicking a link with JavaScript in href does not
trigger in Selenium 2.48.x with Firefox 42 (works in 2.47.1).
Provide a reproducible behavior across versions or document the change.
🟡
🎫 #5678
🔴 Diagnose and resolve intermittent "ConnectFailure (Connection refused)" errors when
instantiating multiple ChromeDriver instances on Ubuntu 16.04.4 with Selenium 3.9.0 and
Chrome 65/ChromeDriver 2.35.
Ensure stable creation of subsequent ChromeDriver instances after the first one.
Provide guidance or configuration changes if code changes are not required.
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
🟢
Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status:
No audit logs: The new code paths for deserializing session IDs add no audit logging of critical actions,
but it is unclear if this class is within the scope of audit requirements.

Referred Code 
private static SessionId fromJson(Object raw) {
  if (raw instanceof String) {
    return new SessionId(String.valueOf(raw));
  }

  if (raw instanceof Map) {
    Map<?, ?> map = (Map<?, ?>) raw;
    if (map.get("value") instanceof String) {
      return new SessionId(String.valueOf(map.get("value")));
    }
  }

  throw new JsonException("Unable to coerce session id from " + raw);

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status:
Raw value exposure: The thrown JsonException message includes the raw input object, which could expose
sensitive content depending on caller context.

Referred Code 
  throw new JsonException("Unable to coerce session id from " + raw);
}

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status:
Minimal validation: The deserialization accepts a Map "value" as String without validating format or
length of the session ID, which might allow malformed inputs depending on upstream
guarantees.

Referred Code 
if (raw instanceof Map) {
  Map<?, ?> map = (Map<?, ?>) raw;
  if (map.get("value") instanceof String) {
    return new SessionId(String.valueOf(map.get("value")));
  }
}

Learn more about managing compliance generic rules or creating your own custom rules
Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

@qodo-code-review
Copy link
Contributor

qodo-code-review bot commented Dec 5, 2025

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
General
Improve efficiency and clarity of map value handling

To improve efficiency and clarity, store the result of map.get("value") in a
local variable to avoid a redundant lookup.

java/src/org/openqa/selenium/remote/SessionId.java [67-69]

-if (map.get("value") instanceof String) {
-  return new SessionId(String.valueOf(map.get("value")));
+Object value = map.get("value");
+if (value instanceof String) {
+  return new SessionId((String) value);
 }
  • Apply / Chat
Suggestion importance[1-10]: 4

__

Why: The suggestion correctly identifies a redundant map lookup and proposes a more efficient and readable alternative by storing the value in a local variable before use.

Low
  • More

@VietND96 VietND96 merged commit 69bbda9 into trunk Dec 5, 2025
48 of 50 checks passed
@VietND96 VietND96 deleted the session-id branch December 5, 2025 06:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

C-java Java Bindings Review effort 2/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@VietND96 @selenium-ci