diff --git a/csharp/ql/integration-tests/all-platforms/standalone/DatabaseQualityDiagnostics.expected b/csharp/ql/integration-tests/all-platforms/standalone/DatabaseQualityDiagnostics.expected index b26e22079462..e9b4f2e24283 100644 --- a/csharp/ql/integration-tests/all-platforms/standalone/DatabaseQualityDiagnostics.expected +++ b/csharp/ql/integration-tests/all-platforms/standalone/DatabaseQualityDiagnostics.expected @@ -1,6 +1,6 @@ diagnosticAttributes -| Scanning C# code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning C# using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityCliSummaryTable | true | -| Scanning C# code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning C# using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityStatusPage | true | -| Scanning C# code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning C# using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityTelemetry | true | +| Scanning C# code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code. Some metrics of the database quality are: Percentage of calls with call target: 25 % (threshold 85 %). Percentage of expressions with known type: 58 % (threshold 85 %). Ideally these metrics should be above their thresholds. Addressing these issues is advisable to avoid false-positives or missing results. If they cannot be addressed, consider scanning C# using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityCliSummaryTable | true | +| Scanning C# code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code. Some metrics of the database quality are: Percentage of calls with call target: 25 % (threshold 85 %). Percentage of expressions with known type: 58 % (threshold 85 %). Ideally these metrics should be above their thresholds. Addressing these issues is advisable to avoid false-positives or missing results. If they cannot be addressed, consider scanning C# using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityStatusPage | true | +| Scanning C# code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code. Some metrics of the database quality are: Percentage of calls with call target: 25 % (threshold 85 %). Percentage of expressions with known type: 58 % (threshold 85 %). Ideally these metrics should be above their thresholds. Addressing these issues is advisable to avoid false-positives or missing results. If they cannot be addressed, consider scanning C# using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityTelemetry | true | #select -| Scanning C# code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning C# using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | Scanning C# code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning C# using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | 1 | +| Scanning C# code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code. Some metrics of the database quality are: Percentage of calls with call target: 25 % (threshold 85 %). Percentage of expressions with known type: 58 % (threshold 85 %). Ideally these metrics should be above their thresholds. Addressing these issues is advisable to avoid false-positives or missing results. If they cannot be addressed, consider scanning C# using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | Scanning C# code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code. Some metrics of the database quality are: Percentage of calls with call target: 25 % (threshold 85 %). Percentage of expressions with known type: 58 % (threshold 85 %). Ideally these metrics should be above their thresholds. Addressing these issues is advisable to avoid false-positives or missing results. If they cannot be addressed, consider scanning C# using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | 1 | diff --git a/csharp/ql/src/Telemetry/DatabaseQualityDiagnostics.ql b/csharp/ql/src/Telemetry/DatabaseQualityDiagnostics.ql index bde07633d941..207a25081a20 100644 --- a/csharp/ql/src/Telemetry/DatabaseQualityDiagnostics.ql +++ b/csharp/ql/src/Telemetry/DatabaseQualityDiagnostics.ql @@ -8,26 +8,39 @@ import csharp import DatabaseQuality +private predicate diagnostic(string msg, float value, float threshold) { + CallTargetStatsReport::percentageOfOk(msg, value) and + threshold = 85 + or + ExprTypeStatsReport::percentageOfOk(msg, value) and + threshold = 85 +} + private newtype TDbQualityDiagnostic = TTheDbQualityDiagnostic() { - exists(float percentageGood | - CallTargetStatsReport::percentageOfOk(_, percentageGood) - or - ExprTypeStatsReport::percentageOfOk(_, percentageGood) - | - percentageGood < 95 + exists(float percentageGood, float threshold | + diagnostic(_, percentageGood, threshold) and + percentageGood < threshold ) } +private string getDbHealth() { + result = + strictconcat(string msg, float value, float threshold | + diagnostic(msg, value, threshold) + | + msg + ": " + value.floor() + " % (threshold " + threshold.floor() + " %)", ". " + ) +} + class DbQualityDiagnostic extends TDbQualityDiagnostic { string toString() { result = "Scanning C# code completed successfully, but the scan encountered issues. " + - "This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- " - + - "see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. " - + - "Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning C# " + "This may be caused by problems identifying dependencies or use of generated source code. " + + "Some metrics of the database quality are: " + getDbHealth() + ". " + + "Ideally these metrics should be above their thresholds. " + + "Addressing these issues is advisable to avoid false-positives or missing results. If they cannot be addressed, consider scanning C# " + "using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes)." } diff --git a/csharp/ql/src/change-notes/2025-09-04-database-diagnostics.md b/csharp/ql/src/change-notes/2025-09-04-database-diagnostics.md new file mode 100644 index 000000000000..8bf63438089d --- /dev/null +++ b/csharp/ql/src/change-notes/2025-09-04-database-diagnostics.md @@ -0,0 +1,4 @@ +--- +category: fix +--- +* The message for `csharp/diagnostic/database-quality` has been updated to include detailed database health metrics. Additionally, the threshold for reporting database health issues has been lowered from 95% to 85% (if any metric falls below this percentage). These changes are visible on the tool status page. diff --git a/java/ql/integration-tests/java/buildless-erroneous/DatabaseQualityDiagnostics.expected b/java/ql/integration-tests/java/buildless-erroneous/DatabaseQualityDiagnostics.expected index e50a800d25c3..a22cf324a384 100644 --- a/java/ql/integration-tests/java/buildless-erroneous/DatabaseQualityDiagnostics.expected +++ b/java/ql/integration-tests/java/buildless-erroneous/DatabaseQualityDiagnostics.expected @@ -1,6 +1,6 @@ diagnosticAttributes -| Scanning Java code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning Java using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityCliSummaryTable | true | -| Scanning Java code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning Java using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityStatusPage | true | -| Scanning Java code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning Java using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityTelemetry | true | +| Scanning Java code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code. Some metrics of the database quality are: Percentage of calls with call target: 20 % (threshold 85 %). Percentage of expressions with known type: 14 % (threshold 85 %). Ideally these metrics should be above their thresholds. Addressing these issues is advisable to avoid false-positives or missing results. If they cannot be addressed, consider scanning Java using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityCliSummaryTable | true | +| Scanning Java code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code. Some metrics of the database quality are: Percentage of calls with call target: 20 % (threshold 85 %). Percentage of expressions with known type: 14 % (threshold 85 %). Ideally these metrics should be above their thresholds. Addressing these issues is advisable to avoid false-positives or missing results. If they cannot be addressed, consider scanning Java using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityStatusPage | true | +| Scanning Java code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code. Some metrics of the database quality are: Percentage of calls with call target: 20 % (threshold 85 %). Percentage of expressions with known type: 14 % (threshold 85 %). Ideally these metrics should be above their thresholds. Addressing these issues is advisable to avoid false-positives or missing results. If they cannot be addressed, consider scanning Java using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityTelemetry | true | #select -| Scanning Java code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning Java using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | Scanning Java code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning Java using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | 1 | +| Scanning Java code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code. Some metrics of the database quality are: Percentage of calls with call target: 20 % (threshold 85 %). Percentage of expressions with known type: 14 % (threshold 85 %). Ideally these metrics should be above their thresholds. Addressing these issues is advisable to avoid false-positives or missing results. If they cannot be addressed, consider scanning Java using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | Scanning Java code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code. Some metrics of the database quality are: Percentage of calls with call target: 20 % (threshold 85 %). Percentage of expressions with known type: 14 % (threshold 85 %). Ideally these metrics should be above their thresholds. Addressing these issues is advisable to avoid false-positives or missing results. If they cannot be addressed, consider scanning Java using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | 1 | diff --git a/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql b/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql index 6bbe1d11ee1c..ad58b90bc95c 100644 --- a/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql +++ b/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql @@ -8,26 +8,39 @@ import java import DatabaseQuality +private predicate diagnostic(string msg, float value, float threshold) { + CallTargetStatsReport::percentageOfOk(msg, value) and + threshold = 85 + or + ExprTypeStatsReport::percentageOfOk(msg, value) and + threshold = 85 +} + private newtype TDbQualityDiagnostic = TTheDbQualityDiagnostic() { - exists(float percentageGood | - CallTargetStatsReport::percentageOfOk(_, percentageGood) - or - ExprTypeStatsReport::percentageOfOk(_, percentageGood) - | - percentageGood < 95 + exists(float percentageGood, float threshold | + diagnostic(_, percentageGood, threshold) and + percentageGood < threshold ) } +private string getDbHealth() { + result = + strictconcat(string msg, float value, float threshold | + diagnostic(msg, value, threshold) + | + msg + ": " + value.floor() + " % (threshold " + threshold.floor() + " %)", ". " + ) +} + class DbQualityDiagnostic extends TDbQualityDiagnostic { string toString() { result = "Scanning Java code completed successfully, but the scan encountered issues. " + - "This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- " - + - "see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. " - + - "Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning Java " + "This may be caused by problems identifying dependencies or use of generated source code. " + + "Some metrics of the database quality are: " + getDbHealth() + ". " + + "Ideally these metrics should be above their thresholds. " + + "Addressing these issues is advisable to avoid false-positives or missing results. If they cannot be addressed, consider scanning Java " + "using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes)." } diff --git a/java/ql/src/change-notes/2025-09-04-database-diagnostics.md b/java/ql/src/change-notes/2025-09-04-database-diagnostics.md new file mode 100644 index 000000000000..ca035346f9f1 --- /dev/null +++ b/java/ql/src/change-notes/2025-09-04-database-diagnostics.md @@ -0,0 +1,4 @@ +--- +category: fix +--- +* The message for `java/diagnostic/database-quality` has been updated to include detailed database health metrics. Additionally, the threshold for reporting database health issues has been lowered from 95% to 85% (if any metric falls below this percentage). These changes are visible on the tool status page. diff --git a/rust/ql/src/change-notes/2025-09-04-database-diagnostics.md b/rust/ql/src/change-notes/2025-09-04-database-diagnostics.md new file mode 100644 index 000000000000..b578fcef1411 --- /dev/null +++ b/rust/ql/src/change-notes/2025-09-04-database-diagnostics.md @@ -0,0 +1,4 @@ +--- +category: fix +--- +* The message for `rust/diagnostic/database-quality` has been updated to include detailed database health metrics. These changes are visible on the tool status page. diff --git a/rust/ql/src/queries/telemetry/DatabaseQualityDiagnostics.ql b/rust/ql/src/queries/telemetry/DatabaseQualityDiagnostics.ql index 18e7445939f9..63fb1e4c6cc5 100644 --- a/rust/ql/src/queries/telemetry/DatabaseQualityDiagnostics.ql +++ b/rust/ql/src/queries/telemetry/DatabaseQualityDiagnostics.ql @@ -9,22 +9,36 @@ import rust import DatabaseQuality import codeql.util.Unit +private predicate diagnostic(string msg, float value, float threshold) { + CallTargetStatsReport::percentageOfOk(msg, value) and threshold = 50 + or + MacroCallTargetStatsReport::percentageOfOk(msg, value) and threshold = 50 +} + +private string getDbHealth() { + result = + strictconcat(string msg, float value, float threshold | + diagnostic(msg, value, threshold) + | + msg + ": " + value.floor() + " % (threshold " + threshold.floor() + " %)", ". " + ) +} + class DbQualityDiagnostic extends Unit { DbQualityDiagnostic() { - exists(float percentageGood | - CallTargetStatsReport::percentageOfOk(_, percentageGood) and percentageGood < 50 - or - MacroCallTargetStatsReport::percentageOfOk(_, percentageGood) and percentageGood < 50 + exists(float percentageGood, float threshold | + diagnostic(_, percentageGood, threshold) and + percentageGood < threshold ) } string toString() { result = "Scanning Rust code completed successfully, but the scan encountered issues. " + - "This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- " - + - "see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. " - + "Addressing these warnings is advisable to avoid false-positive or missing results." + "This may be caused by problems identifying dependencies or use of generated source code. " + + "Some metrics of the database quality are: " + getDbHealth() + ". " + + "Ideally these metrics should be above their thresholds. " + + "Addressing these issues is advisable to avoid false-positives or missing results." } }