Skip to content

FIX: S360 CodeQL finding in PR validation to resolve stale snapshot issue #407

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
gargsaumya wants to merge 2 commits into
base: main
Choose a base branch
from
Open

FIX: S360 CodeQL finding in PR validation to resolve stale snapshot issue #407

gargsaumya wants to merge 2 commits into from
+2 −2

Conversation

@gargsaumya
Copy link
Contributor

@gargsaumya gargsaumya commented Jan 20, 2026
edited by azure-boards bot
Loading

  • Disable CodeQL auto-injection globally in PR validation pipeline

  • Add one-time 'pytestonwindows' job to update the old stale CodeQL snapshot

  • This fixes the S360 CodeQL finding SM02986 that was stuck on outdated code

  • After the old snapshot is cleared, the pytestonwindows job should be removed

Resolves: User Story 39809 [S360] [CodeQL.SM02986]

Work Item / Issue Reference

AB#41680

GitHub Issue: #<ISSUE_NUMBER>

Summary

This pull request updates the PR validation pipeline configuration to address CodeQL analysis and snapshot management. The main changes are disabling automatic CodeQL analysis to prevent duplicate findings, and introducing a one-time job to update a legacy CodeQL snapshot for the pytestonwindows build. These adjustments ensure that CodeQL runs only where needed and help resolve an old issue with snapshot duplication.

CodeQL Analysis Configuration:

  • Disabled global CodeQL auto-injection in all jobs by setting the Codeql.Enabled variable to false, ensuring CodeQL analysis is not performed in this pipeline except where explicitly enabled.

One-time Snapshot Update Job:

  • Added a dedicated job named pytestonwindows to update the old CodeQL snapshot. This job is configured to run on windows-latest and temporarily enables CodeQL analysis for this specific purpose. The job is intended for one-time use and should be removed after the snapshot issue is resolved.

Build and Dependency Changes (Windows Compatibility):

  • Updated build and dependency installation steps in the new job to use Windows-specific commands (call build.bat x64 and cd mssql_python\pybind) and install additional dependencies required for building the C++ extension. [1] [2]

Copilot AI review requested due to automatic review settings January 20, 2026 08:03
@gargsaumya gargsaumya changed the title Fix: S360 CodeQL finding in PR validation to resolve stale snapshot issue FIX: S360 CodeQL finding in PR validation to resolve stale snapshot issue Jan 20, 2026
@github-actions github-actions bot added the pr-size: small Minimal code update label Jan 20, 2026
Copilot AI reviewed Jan 20, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR modifies the PR validation pipeline to fix a CodeQL snapshot issue. The main changes include globally disabling CodeQL auto-injection and adding a temporary job to update a stale CodeQL snapshot associated with the old 'pytestonwindows' build identifier.

Changes:

  • Disabled global CodeQL auto-injection in the PR validation pipeline to prevent duplicate analysis
  • Added a one-time 'pytestonwindows' job to update the old CodeQL snapshot on Windows with CodeQL explicitly enabled
  • Updated build commands from Linux (build.sh) to Windows (build.bat) to match the platform change

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@gargsaumya gargsaumya force-pushed the saumya/codeql branch 3 times, most recently from 6b5569d to 902a591 Compare January 21, 2026 04:21
@gargsaumya
fix: Disable CodeQL in PR validation to resolve stale snapshot issue
19d5ed2 
- Disable CodeQL auto-injection globally in PR validation pipeline

- Add one-time 'pytestonwindows' job on Ubuntu to update the old stale CodeQL snapshot

- Uses build.sh on Linux (matching original CodeQL job setup)

- This fixes the S360 CodeQL finding SM02986 that was stuck on outdated code

- After the old snapshot is cleared, the pytestonwindows job should be removed

Resolves: User Story 39809 [S360] [CodeQL.SM02986]
@github-actions
Copy link

github-actions bot commented Jan 21, 2026

📊 Code Coverage Report

🔥 Diff Coverage

100%

🎯 Overall Coverage

76%

📈 Total Lines Covered: 5433 out of 7115
📁 Project: mssql-python

Diff Coverage

Diff: main...HEAD, staged and unstaged changes

No lines with coverage information in this diff.

📋 Files Needing Attention

📉 Files with overall lowest coverage (click to expand) 
mssql_python.pybind.logger_bridge.hpp: 58.8%
mssql_python.pybind.logger_bridge.cpp: 59.2%
mssql_python.row.py: 66.2%
mssql_python.helpers.py: 67.5%
mssql_python.pybind.ddbc_bindings.cpp: 69.4%
mssql_python.pybind.ddbc_bindings.h: 69.7%
mssql_python.pybind.connection.connection.cpp: 73.6%
mssql_python.ddbc_bindings.py: 79.6%
mssql_python.pybind.connection.connection_pool.cpp: 79.6%
mssql_python.connection.py: 84.1%

🔗 Quick Links

⚙️ Build Summary 📋 Coverage Details

View Azure DevOps Build

Browse Full Coverage Report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

pr-size: small Minimal code update

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gargsaumya