Skip to content

Address CodeQL issues#1615

Merged
David-Engel merged 2 commits into
devfrom
david/codeql
May 8, 2026
Merged

Address CodeQL issues#1615
David-Engel merged 2 commits into
devfrom
david/codeql

Conversation

@David-Engel
Copy link
Copy Markdown
Collaborator

@David-Engel David-Engel commented May 8, 2026
edited
Loading

This pull request mainly improves code clarity and static analysis by adding detailed comments to justify reinterpret_cast usage when handling UTF-16 buffers from ODBC, and it also adjusts the configuration for CodeQL analysis and test certificate validity. The most important changes are grouped below:

Static Analysis and Documentation Improvements:

  • Added detailed comments and CodeQL annotations to explain the use of reinterpret_cast for buffers containing UTF-16 data from ODBC output parameters in core_stmt.cpp, core_stream.cpp, and core_util.cpp. These comments clarify that the cast is safe due to ODBC guarantees and are annotated for CodeQL suppression [1]], [2]], [3]]).

CodeQL Configuration:

  • Updated CodeQL.yml to exclude all external PHP SDK source code from analysis, but explicitly include only the sqlsrv and pdo_sqlsrv source files within the PHP SDK ([CodeQL.ymlR1-R10]).

C++ Lint Fix

  • Fix lint errors in core_sqlsrv.h: style: Virtual function 'release_data' is called from destructor 'sqlsrv_param()' at line 1465 [and 1542]. Dynamic binding is not used.

Test Improvements:

  • Reduced the validity period of generated self-signed certificates in mock_tds_server.py from 365 days to 30 days to improve test hygiene ([test/tools/mock_tds_server.pyL1344-R1344]) and also avoid CodeQL analysis thinking it was "year math without considering leap years".

@codecov
Copy link
Copy Markdown

codecov Bot commented May 8, 2026

Codecov Report

❌ Patch coverage is 33.33333% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 85.72%. Comparing base (15d7cfd) to head (c5561b6).

Files with missing lines Patch % Lines
source/shared/core_sqlsrv.h 0.00% 2 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##              dev    #1615   +/-   ##
=======================================
  Coverage   85.72%   85.72%           
=======================================
  Files          23       23           
  Lines        7210     7210           
=======================================
  Hits         6181     6181           
  Misses       1029     1029
Files with missing lines Coverage Δ
source/shared/core_stmt.cpp 93.51% <ø> (ø)
source/shared/core_stream.cpp 86.73% <ø> (ø)
source/shared/core_util.cpp 89.51% <100.00%> (ø)
source/shared/core_sqlsrv.h 89.94% <0.00%> (ø)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@David-Engel David-Engel requested a review from saurabh500 May 8, 2026 18:00
@David-Engel David-Engel merged commit 4f8f2d6 into dev May 8, 2026
14 of 15 checks passed
@David-Engel David-Engel deleted the david/codeql branch May 8, 2026 18:09
This was referenced May 15, 2026
Closed
Closed
Closed
Closed
Closed
This was referenced May 22, 2026
Closed
Closed
This was referenced May 31, 2026
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@saurabh500 saurabh500 saurabh500 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@David-Engel @saurabh500