Fix thread safety issues in parallel test execution#15514
Merged
nohwnd merged 1 commit intofix/thread-safety-and-xxe-vulnerabilitiesfrom Mar 19, 2026
Merged
Fix thread safety issues in parallel test execution#15514nohwnd merged 1 commit intofix/thread-safety-and-xxe-vulnerabilitiesfrom
nohwnd merged 1 commit intofix/thread-safety-and-xxe-vulnerabilitiesfrom
Conversation
Copilot
AI
changed the title
[WIP] Fix thread safety issues and XXE vulnerability
Fix thread safety issues in parallel test execution
Mar 19, 2026
nohwnd
merged commit bf0bc3e
into
fix/thread-safety-and-xxe-vulnerabilities
4 checks passed
nohwnd
added a commit
that referenced
this pull request
Mar 19, 2026
* Fix thread safety in ParallelRunDataAggregator and DiscoveryDataAggregator - GetAggregatedRunStats() now reads _testRunStatsList under lock to prevent InvalidOperationException from concurrent List<T> modification during enumeration - AggregateRunDataMetrics()/AggregateMetrics() now uses ConcurrentDictionary.AddOrUpdate instead of TryGetValue+set to prevent lost-update race conditions - Same fix applied to DiscoveryDataAggregator.AggregateMetrics() - Added concurrency tests that exercise parallel Aggregate + read * Fix thread safety in DataCollectionAttachmentManager - Replace List<Task> with ConcurrentBag<Task> for _attachmentTasks to prevent corruption when concurrent file transfers call Add() - Replace ContainsKey+TryAdd TOCTOU pattern with GetOrAdd for both AttachmentSets and _attachmentTasks dictionaries - Existing ParallelAccessShouldNotBreak test covers this scenario * Fix thread safety in BlameCollector - Add lock around _testSequence and _testObjectDictionary mutations in EventsTestCaseStart and EventsTestCaseEnd to prevent corruption under parallel test execution - Use Interlocked.Increment for _testStartCount and _testEndCount - Take snapshot under lock in SessionEndedHandler before passing to WriteTestSequence - Added concurrency test with 10 threads x 50 test events each * Fix thread safety in TrxLogger and HtmlLogger test counters - TrxLogger: use Interlocked.Increment for TotalTestCount, PassedTestCount, and FailedTestCount to prevent lost updates when test results arrive concurrently from parallel test runs - HtmlLogger: same fix for TotalTests, PassedTests, FailedTests, SkippedTests counters - Added thread safety test exercising 10 threads x 100 results each verifying exact counter values * Fix XXE vulnerability in SettingsMigrator - Set DtdProcessing = DtdProcessing.Prohibit on XmlTextReader in both MigrateRunSettings and ReadTestSettingsNodes to prevent XML External Entity attacks via crafted .runsettings/.testsettings files - Set XmlResolver = null on XmlDocument instances - Added tests verifying DTD content in both runsettings and testsettings files is rejected with XmlException * Revert * Initial plan (#15514) Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> --------- Co-authored-by: nohwnd <me@jakubjares.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Several data structures shared across concurrent test execution threads were not thread-safe, risking corrupted results and lost updates.
Changes
TryGetValue+ set pattern withConcurrentDictionary.AddOrUpdatein metrics aggregation to eliminate lost-update racesList<Task>withConcurrentBag<Task>for_attachmentTasks; replaceContainsKey+TryAddTOCTOU pattern withGetOrAddfor bothAttachmentSetsand_attachmentTasksList<Guid>/Dictionary<Guid, BlameTestObject>withConcurrentQueue/ConcurrentDictionary; useInterlocked.Incrementfor_testEndCount; snapshot collections before passing toWriteTestSequenceInterlocked.Incrementfor all test counters (TotalTestCount,PassedTestCount,FailedTestCount,SkippedTests) to prevent lost updates under concurrent result arrival✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.