Java: Include metrics in the database quality diagnostics and lower threshold.

2026-04-28 02:05:14 +02:00 · 2025-09-08 11:49:40 +02:00
parent ed11a32f42
commit b0ef0f06eb
1 changed files with 24 additions and 11 deletions
--- a/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
+++ b/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
@@ -8,26 +8,39 @@
 import java
 import DatabaseQuality

+private predicate diagnostic(string msg, float value, float threshold) {
+  CallTargetStatsReport::percentageOfOk(msg, value) and
+  threshold = 85
+  or
+  ExprTypeStatsReport::percentageOfOk(msg, value) and
+  threshold = 85
+}
+
 private newtype TDbQualityDiagnostic =
  TTheDbQualityDiagnostic() {
-    exists(float percentageGood |
-      CallTargetStatsReport::percentageOfOk(_, percentageGood)
-      or
-      ExprTypeStatsReport::percentageOfOk(_, percentageGood)
-    |
-      percentageGood < 95
+    exists(float percentageGood, float threshold |
+      diagnostic(_, percentageGood, threshold) and
+      percentageGood < threshold
    )
  }

+private string getDbHealth() {
+  result =
+    strictconcat(string msg, float value, float threshold |
+      diagnostic(msg, value, threshold)
+    |
+      msg + ": " + value.floor() + " % (threshold " + threshold.floor() + " %)", ". "
+    )
+}
+
 class DbQualityDiagnostic extends TDbQualityDiagnostic {
  string toString() {
    result =
      "Scanning Java code completed successfully, but the scan encountered issues. " +
-        "This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- "
-        +
-        "see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. "
-        +
-        "Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning Java "
+        "This may be caused by problems identifying dependencies or use of generated source code. " +
+        "Some metrics of the database quality are: " + getDbHealth() + ". " +
+        "Ideally these metrics should be above their thresholds. " +
+        "Addressing these issues is advisable to avoid false-positives or missing results. If they cannot be addressed, consider scanning Java "
        +
        "using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes)."
  }