From 486991cf1e1259315993e7de6f293e07e5a591ec Mon Sep 17 00:00:00 2001 From: Saagar Date: Mon, 18 May 2026 04:12:53 -0700 Subject: [PATCH] chore(codeql): document empty fallback catches --- src/analyzers/activity.py | 1 + src/analyzers/cicd.py | 1 + src/analyzers/dependencies.py | 6 ++++++ src/analyzers/testing.py | 4 ++++ src/briefing.py | 1 + src/cli.py | 5 +++++ src/cloner.py | 1 + src/excel_workbook_helpers.py | 1 + src/issue_creator.py | 1 + src/libyears.py | 3 +++ src/portfolio_truth_reconcile.py | 1 + src/readme_suggestions.py | 1 + src/serve/routes.py | 10 ++++++++++ src/web_export.py | 1 + tests/test_draft_readmes.py | 4 ++++ tests/test_plan_campaign.py | 8 ++++++++ 16 files changed, 49 insertions(+) diff --git a/src/analyzers/activity.py b/src/analyzers/activity.py index 5aa821a..356bdd8 100644 --- a/src/analyzers/activity.py +++ b/src/analyzers/activity.py @@ -138,6 +138,7 @@ def analyze( try: dates.append(datetime.fromisoformat(pub.replace("Z", "+00:00"))) except (ValueError, TypeError): + # Ignore malformed release timestamps when estimating cadence. pass if len(dates) >= 2: dates.sort() diff --git a/src/analyzers/cicd.py b/src/analyzers/cicd.py index 2ef42df..1acf5fd 100644 --- a/src/analyzers/cicd.py +++ b/src/analyzers/cicd.py @@ -89,6 +89,7 @@ def _has_build_scripts(repo_path: Path) -> bool: if "build" in scripts or "test" in scripts: return True except (json.JSONDecodeError, OSError): + # Malformed or unreadable package metadata means no script signal is detected. pass # Makefile diff --git a/src/analyzers/dependencies.py b/src/analyzers/dependencies.py index 67912bb..5d14f0c 100644 --- a/src/analyzers/dependencies.py +++ b/src/analyzers/dependencies.py @@ -63,6 +63,7 @@ def cache_inputs_hash( pieces.append(fname.encode()) pieces.append(fpath.read_bytes()) except OSError: + # Ignore unreadable dependency files in the cache fingerprint. pass if not pieces: return None @@ -192,6 +193,7 @@ def _count_dependencies(repo_path: Path, manifests: list[str]) -> int | None: dev_deps = len(pkg.get("devDependencies", {})) return deps + dev_deps except (json.JSONDecodeError, OSError): + # Unparseable package metadata falls through to other manifest types. pass if "requirements.txt" in manifests: @@ -205,6 +207,7 @@ def _count_dependencies(repo_path: Path, manifests: list[str]) -> int | None: and not line.strip().startswith("-") ) except OSError: + # Unreadable requirements files fall through to other manifest types. pass if "Cargo.toml" in manifests: @@ -223,6 +226,7 @@ def _count_dependencies(repo_path: Path, manifests: list[str]) -> int | None: count += 1 return count except OSError: + # Unreadable Cargo manifests fall through to other manifest types. pass if "go.mod" in manifests: @@ -240,6 +244,7 @@ def _count_dependencies(repo_path: Path, manifests: list[str]) -> int | None: count += 1 return count except OSError: + # Unreadable Go modules fall through to other manifest types. pass if "pyproject.toml" in manifests: @@ -258,6 +263,7 @@ def _count_dependencies(repo_path: Path, manifests: list[str]) -> int | None: count += 1 return count if count > 0 else None except OSError: + # Unreadable pyproject metadata means no dependency count is available. pass return None diff --git a/src/analyzers/testing.py b/src/analyzers/testing.py index b8e8be9..a1566a8 100644 --- a/src/analyzers/testing.py +++ b/src/analyzers/testing.py @@ -103,6 +103,7 @@ def _detect_test_framework(repo_path: Path) -> str | None: if "cypress" in all_deps: return "cypress" except (json.JSONDecodeError, OSError): + # Unreadable package metadata simply means no JS test runner was detected. pass # Python — check pyproject.toml for pytest @@ -115,6 +116,7 @@ def _detect_test_framework(repo_path: Path) -> str | None: if "unittest" in content: return "unittest" except OSError: + # Unreadable project metadata simply means no Python test runner was detected. pass # Python — check for pytest in requirements @@ -126,6 +128,7 @@ def _detect_test_framework(repo_path: Path) -> str | None: if "pytest" in content: return "pytest" except OSError: + # Unreadable requirements files are ignored during best-effort detection. pass # Rust — check Cargo.toml for dev-dependencies @@ -136,6 +139,7 @@ def _detect_test_framework(repo_path: Path) -> str | None: if "[dev-dependencies]" in content: return "cargo-test" except OSError: + # Unreadable Cargo metadata simply means no Rust test runner was detected. pass # Go — test files convention diff --git a/src/briefing.py b/src/briefing.py index 21e97e9..0991d5c 100644 --- a/src/briefing.py +++ b/src/briefing.py @@ -388,6 +388,7 @@ def _parse_suggestions_json(raw: str, top_repos: list[dict]) -> list[Suggestion] result.append(Suggestion(name=name, action=action)) return result except (json.JSONDecodeError, IndexError, TypeError): + # Fall back to regex extraction when the model response is not valid JSON. pass # Regex fallback: extract quoted strings diff --git a/src/cli.py b/src/cli.py index bbed7ae..2da03ed 100644 --- a/src/cli.py +++ b/src/cli.py @@ -109,6 +109,7 @@ def _gh_auth_token() -> str | None: if result.returncode == 0 and result.stdout.strip(): return result.stdout.strip() except (FileNotFoundError, subprocess.TimeoutExpired): + # Missing or slow gh CLI auth falls back to unauthenticated/public mode. pass return None @@ -3044,6 +3045,7 @@ def _run_list_initiatives_mode(args) -> None: if name: projects_by_name[name.lower()] = proj except (OSError, ValueError): + # Initiative listing can proceed without portfolio-truth tier context. pass open_initiatives = [i for i in initiatives if i.closed_at is None] @@ -3076,6 +3078,7 @@ def _run_list_initiatives_mode(args) -> None: days_left = (date.fromisoformat(initiative.deadline) - date.today()).days status_detail = f"at-risk (deadline ≤ {days_left}d)" except ValueError: + # Malformed deadlines keep the generic at-risk label. pass elif status == "on-track": status_detail = "on-track" @@ -3598,6 +3601,7 @@ def _run_main_audit_cycle(args, config_inspection) -> None: resumed_audits.append(_audit_from_dict(audit_dict)) resumed_names.add(audit_dict.get("metadata", {}).get("name", "")) except Exception: + # Skip corrupt resume entries and continue with the rest. pass if resumed_audits: print_info(f"Resumed {len(resumed_audits)} previously completed repo(s)") @@ -4968,6 +4972,7 @@ def _fresh_run(repo_path, meta, conn=None): try: _warehouse_conn.close() except Exception: + # Warehouse close failures are non-actionable during final cleanup. pass if _reconcile_diverged: sys.exit(1) diff --git a/src/cloner.py b/src/cloner.py index 5aa6846..df8542d 100644 --- a/src/cloner.py +++ b/src/cloner.py @@ -52,6 +52,7 @@ def _git_askpass_env(token: str | None) -> Generator[dict[str, str] | None, None try: script_path.unlink() except OSError: + # Temporary askpass cleanup is best-effort. pass diff --git a/src/excel_workbook_helpers.py b/src/excel_workbook_helpers.py index 8277539..7849e0d 100644 --- a/src/excel_workbook_helpers.py +++ b/src/excel_workbook_helpers.py @@ -102,6 +102,7 @@ def set_defined_name(wb: Workbook, name: str, attr_text: str) -> None: try: del wb.defined_names[name] except KeyError: + # The defined name may not exist yet. pass wb.defined_names.add(DefinedName(name, attr_text=attr_text)) diff --git a/src/issue_creator.py b/src/issue_creator.py index 93f53e2..4228523 100644 --- a/src/issue_creator.py +++ b/src/issue_creator.py @@ -27,6 +27,7 @@ def create_audit_issues( skipped.append(repo_name) continue except Exception: + # If issue listing fails, continue and let create_issue surface any hard error. pass actions = qw.get("actions", []) title = f"[Audit] {repo_name}: {actions[0] if actions else 'Improve audit score'}" diff --git a/src/libyears.py b/src/libyears.py index 25417bf..732fa8d 100644 --- a/src/libyears.py +++ b/src/libyears.py @@ -102,6 +102,7 @@ def _parse_pip_deps(path: Path) -> list[tuple[str, str, str]]: if match: deps.append((match.group(1), match.group(2), "pypi")) except OSError: + # Missing or unreadable requirements files have no parseable dependencies. pass return deps @@ -123,6 +124,7 @@ def _parse_cargo_deps(path: Path) -> list[tuple[str, str, str]]: if match: deps.append((match.group(1), match.group(2), "crates")) except OSError: + # Missing or unreadable Cargo manifests have no parseable dependencies. pass return deps @@ -144,6 +146,7 @@ def _parse_pyproject_deps(path: Path) -> list[tuple[str, str, str]]: if match: deps.append((match.group(1), match.group(3), "pypi")) except OSError: + # Missing or unreadable pyproject files have no parseable dependencies. pass return deps diff --git a/src/portfolio_truth_reconcile.py b/src/portfolio_truth_reconcile.py index ead9592..743b652 100644 --- a/src/portfolio_truth_reconcile.py +++ b/src/portfolio_truth_reconcile.py @@ -111,6 +111,7 @@ def _derive_has_tests(project_path: Path | None, has_git: bool) -> bool: if match: return True except StopIteration: + # No matching files for this pattern; try the next pattern. pass return False diff --git a/src/readme_suggestions.py b/src/readme_suggestions.py index f81c733..3f613ae 100644 --- a/src/readme_suggestions.py +++ b/src/readme_suggestions.py @@ -16,6 +16,7 @@ def _check_readme(repo_path: Path) -> tuple[str, list[str]]: try: content = readme.read_text(errors="replace") except OSError: + # Unreadable README candidates are treated as absent. pass break diff --git a/src/serve/routes.py b/src/serve/routes.py index 23f7119..8f11285 100644 --- a/src/serve/routes.py +++ b/src/serve/routes.py @@ -136,6 +136,7 @@ async def repo_detail(request: Request, name: str) -> HTMLResponse: ).fetchall() history = [dict(r) for r in rows] except sqlite3.Error: + # Optional warehouse history should not block the repo detail page. pass finally: conn.close() @@ -158,6 +159,7 @@ async def repo_detail(request: Request, name: str) -> HTMLResponse: ).fetchall() dimension_scores = [dict(r) for r in rows2] except sqlite3.Error: + # Optional dimension breakdown should not block the repo detail page. pass finally: conn2.close() @@ -197,6 +199,7 @@ async def runs_list(request: Request, page: int = 1) -> HTMLResponse: ).fetchall() rows = [dict(r) for r in raw] except sqlite3.Error: + # Runs can render as an empty list when the optional warehouse is unreadable. pass finally: conn.close() @@ -224,6 +227,7 @@ async def approvals(request: Request) -> HTMLResponse: # username is inferred from output_dir contents — use empty string as sentinel records = load_approval_records(output_dir, username="") except Exception: + # Approval center is best-effort; the page can render with no records. pass return templates.TemplateResponse( @@ -249,6 +253,7 @@ async def draft_diff(request: Request, record_id: str) -> HTMLResponse: None, ) except Exception: + # Missing/unreadable approval records are handled by the 404 below. pass if record is None: @@ -291,6 +296,7 @@ async def campaign_plan(request: Request, record_id: str) -> HTMLResponse: None, ) except Exception: + # Missing/unreadable campaign records are handled by the 404 below. pass if record is None: @@ -538,6 +544,7 @@ async def draft_sections(request: Request, packet_id: str) -> HTMLResponse: key=lambda r: int(r.get("section_idx") or 0), ) except Exception: + # Missing/unreadable section records are handled by the 404 below. pass if not sections: @@ -645,6 +652,7 @@ async def initiatives(request: Request) -> HTMLResponse: if name: projects_by_name[name] = p except (json.JSONDecodeError, OSError): + # Initiative list can render without truth-derived tier context. pass open_initiatives = [i for i in inits if i.closed_at is None] @@ -946,6 +954,7 @@ async def initiative_gap(request: Request, repo_name: str, target: int = 0) -> H target = init.target_tier break except Exception: + # Query parameter target remains authoritative if initiative lookup fails. pass # Load portfolio-truth @@ -959,6 +968,7 @@ async def initiative_gap(request: Request, repo_name: str, target: int = 0) -> H if name: projects_by_name[name] = p except (json.JSONDecodeError, OSError): + # The route raises a 404 below when truth data cannot be loaded. pass repo = projects_by_name.get(repo_name) diff --git a/src/web_export.py b/src/web_export.py index 0eb85fb..be440f0 100644 --- a/src/web_export.py +++ b/src/web_export.py @@ -124,6 +124,7 @@ def export_html_dashboard( "top_elevated": _te[:5], } except Exception: + # Risk posture is optional enrichment for the HTML export. pass html = _render_html( diff --git a/tests/test_draft_readmes.py b/tests/test_draft_readmes.py index cd48c19..a6052c7 100644 --- a/tests/test_draft_readmes.py +++ b/tests/test_draft_readmes.py @@ -322,8 +322,10 @@ def test_audit_report_draft_readmes_repo_calls_dispatch(self) -> None: try: main() except SystemExit: + # The test only verifies dispatch; CLI exits are expected here. pass except Exception: + # The test only verifies dispatch; mocked CLI setup may stop early. pass assert mock_dispatch.called @@ -383,8 +385,10 @@ def test_legacy_form_emits_deprecation_warning(self) -> None: main() except SystemExit: + # The test only verifies legacy routing; CLI exits are expected here. pass except Exception: + # The test only verifies legacy routing; mocked setup may stop early. pass # Either a DeprecationWarning was emitted or _run_draft_readmes_mode was called # (both indicate the flag was routed correctly) diff --git a/tests/test_plan_campaign.py b/tests/test_plan_campaign.py index 10fcd7c..766f8c0 100644 --- a/tests/test_plan_campaign.py +++ b/tests/test_plan_campaign.py @@ -417,8 +417,10 @@ def test_report_subcommand_calls_run_plan_campaign_mode(self) -> None: main() except SystemExit: + # The test only verifies dispatch; CLI exits are expected here. pass except Exception: # noqa: BLE001 + # The test only verifies dispatch; mocked CLI setup may stop early. pass mock_dispatch.assert_called_once() @@ -450,8 +452,10 @@ def test_legacy_invocation_emits_deprecation_warning(self) -> None: main() except SystemExit: + # The test only verifies warning dispatch; CLI exits are expected here. pass except Exception: # noqa: BLE001 + # The test only verifies warning dispatch; mocked setup may stop early. pass mock_warn.assert_called_once() @@ -483,8 +487,10 @@ def test_campaign_from_ledger_dispatches_run_mode(self) -> None: main() except SystemExit: + # The test only verifies dispatch; CLI exits are expected here. pass except Exception: # noqa: BLE001 + # The test only verifies dispatch; mocked CLI setup may stop early. pass mock_dispatch.assert_called_once() @@ -513,8 +519,10 @@ def test_boot_no_truth_file_exits_cleanly(self) -> None: main() except SystemExit: + # The test only verifies clean handling; CLI exits are expected here. pass except Exception: # noqa: BLE001 + # The test captures output rather than failing on setup noise. pass