[dotnet] [bidi] Use `System.Threading.Channels` dependency for events dispatching by nvborisenko · Pull Request #17004

[dotnet] [bidi] Use `System.Threading.Channels` dependency for events dispatching by nvborisenko · Pull Request #17004 · SeleniumHQ/selenium

Security Compliance
⚪	Denial of service Description: An unbounded `Channel` is used for `_pendingEvents` and writes ignore the `TryWrite` return value, which can allow uncontrolled queue growth (memory exhaustion) or silent event dropping under stress, creating a realistic denial-of-service vector if a remote endpoint can generate events faster than they are processed. Broker.cs [40-295] Referred Code private readonly Channel<(string Method, EventArgs Params)> _pendingEvents = Channel.CreateUnbounded<(string Method, EventArgs Params)>(new(){ SingleReader = true, SingleWriter = true }); private readonly Dictionary<string, JsonTypeInfo> _eventTypesMap = []; private readonly ConcurrentDictionary<string, List<EventHandler>> _eventHandlers = new(); private long _currentCommandId; private static readonly TaskFactory _myTaskFactory = new(CancellationToken.None, TaskCreationOptions.DenyChildAttach, TaskContinuationOptions.None, TaskScheduler.Default); private Task? _receivingMessageTask; private Task? _eventEmitterTask; private CancellationTokenSource? _receiveMessagesCancellationTokenSource; internal Broker(BiDi bidi, Uri url) { _bidi = bidi; _transport = new WebSocketTransport(url); } public async Task ConnectAsync(CancellationToken cancellationToken) { ... (clipped 235 lines)
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
🔴	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Dropped event on write: The result of `_pendingEvents.Writer.TryWrite(messageEvent)` is ignored, so a failed write can silently drop events without fallback handling or logging. Referred Code var messageEvent = (method, eventArgs); _pendingEvents.Writer.TryWrite(messageEvent); } Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Exception details logged: The error log interpolates the full exception object (`{ex}`), which may include stack traces and sensitive runtime data and is not structured for safe auditing. Referred Code catch (Exception ex) { if (_logger.IsEnabled(LogEventLevel.Error)) { _logger.Error($"Unhandled error processing BiDi event handler: {ex}"); } Learn more about managing compliance generic rules or creating your own custom rules
Update