CDS Extractor: Fix excessive diagnostic info#376
Open
mihai-herda-SAP wants to merge 3 commits into
Open
Conversation
When CDS compilation fails for a project, the extractor previously called `codeql database add-diagnostic` once for every source file in the project's failed compilation task. Because compilation is project-level (one task per project, with `task.sourceFiles` listing every CDS file), a project with hundreds of `.cds` files paid hundreds of `execFileSync(codeql, ...)` round trips at the end of a failed run — taking 30–40 minutes for ~1000-file projects. Emit a single diagnostic per failed task instead, attached to the project's `package.json` when available (or the project directory otherwise), and mention the affected file count in the message body so that information is preserved. The existing `cds/compilation-failure` source-id and "Failure to compile one or more SAP CAP CDS files" source-name already read as project-level, so no schema change is needed. Tests in `retry.test.ts` are updated for the new call shape and two new cases cover (a) a 250-file project emitting exactly one diagnostic and (b) projects without `package.json` falling back to the project directory.
A failed CDS compilation does not fail the overall scan — the JavaScript extractor still runs over the source root and other-language analyses proceed normally. Surfacing as a warning matches that reality and avoids flagging the run as having errors when no security-relevant findings were missed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two adjustments to how the CDS extractor reports compilation failures, motivated by a project where a failed compilation produced ~1000 per-file diagnostics and took 30–40 minutes to finalize.
Changes
One diagnostic per failed compilation, not per source file. CDS compilation is project-level (one task per project, with
task.sourceFileslisting every CDS file in the project). The previous code spawnedcodeql database add-diagnosticonce per file, which scales linearly with project size. The new behavior emits a single diagnostic per failed task, attached to the project'spackage.jsonwhen available (or the project directory otherwise), and includes the affected file count in the message body so that information is preserved.Severity downgraded from
errortowarning. A failed CDS compilation does not fail the overall scan — the JavaScript extractor still runs and other-language analyses proceed normally.warningmatches that reality.