CodeQL 6: refactor: catch specific exceptions across CTS/RAPS/shared

[rlorenzo]

Summary

Closes ~44 of 46 remaining cs/catch-of-all-exceptions alerts. Same when-filter pattern as #193, applied across the rest of the codebase.

Files changed (28)

• CTS controllers (9): BundleCompetencyController, BundleCompetencyGroupController, BundleController, CompetencyController, CourseController, DomainController, EpaController, LevelsController, RoleController
• ClinicalScheduler controllers (4): CliniciansController, InstructorScheduleController, PermissionsController, RotationsController
• RAPS (5): AdGroupsController, RoleMembersController, RolesController, OuGroupService, VMACSExport
• Shared (7): BiorenderStudentLookup, ClaimsTransformer, SitemapMiddleware, UserHelper, ActiveDirectoryService, F5HttpRequest, IamApi
• Top-level web (3): EmailService, Program.cs, ViteProxyHelpers

Filter is DbUpdateException ∨ SqlException ∨ InvalidOperationException ∨ OperationCanceledException for most catches, with IOException added in ViteProxyHelpers (proxy-and-file-fallback) and FormatException/ArgumentException for the MailAddress email validator.

Bare catch { } in RoleMembersController (VMACS JSON parse) and BiorenderStudentLookup (MailAddress validation) tightened to the specific exceptions those calls actually throw.

Why 2 broad catches are kept

• web/Program.cs:527 - top-level startup must catch any exception to log fatal before rethrowing. Marked #pragma warning disable CA1031.

The 4 ClinicalScheduler/Services post-transaction catches kept broad in #193 remain so on this branch. Test files (test/CTS/AssessmentControllerTest.cs helpers, test/ClinicalScheduler/EmailNotificationTest.cs diagnostic catches) are intentionally left as broad catches - they are test infrastructure, not production code.

Context

Sixth in the CodeQL N: cleanup series (after #189, #190, #191, #192, #193).

Test plan

• npm run test:backend - 1946 tests passing
• npm run verify:build - clean (0 errors)
• Pre-commit lint+test+verify all passed
• CodeQL workflow on this PR shows ~44 of 46 listed alerts closed

[coderabbitai]

Important

Review skipped

Auto reviews are limited based on label configuration.

🏷️ Required labels (at least one) (1)

• review-ready

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 124fc005-0b2b-43cf-8f03-af6b504404c7

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codeql/6-other-exceptions

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov-commenter]

Bundle Report

Bundle size has no change ✅

[codecov-commenter]

Codecov Report

❌ Patch coverage is 8.33333% with 44 lines in your changes missing coverage. Please review.
✅ Project coverage is 42.95%. Comparing base (38de1ad) to head (fd88995).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
...eduler/Controllers/InstructorScheduleController.cs	0.00%	5 Missing ⚠️
...nicalScheduler/Controllers/CliniciansController.cs	0.00%	4 Missing ⚠️
...inicalScheduler/Controllers/RotationsController.cs	25.00%	3 Missing ⚠️
web/Classes/UserHelper.cs	0.00%	3 Missing ⚠️
web/Program.cs	0.00%	3 Missing ⚠️
web/Areas/CTS/Controllers/CourseController.cs	0.00%	2 Missing ⚠️
web/Areas/RAPS/Services/VMACSExport.cs	0.00%	2 Missing ⚠️
web/Classes/Utilities/ActiveDirectoryService.cs	0.00%	2 Missing ⚠️
web/ViteProxyHelpers.cs	0.00%	2 Missing ⚠️
...reas/CTS/Controllers/BundleCompetencyController.cs	0.00%	1 Missing ⚠️
... and 17 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #194      +/-   ##
==========================================
- Coverage   42.96%   42.95%   -0.02%     
==========================================
  Files         877      877              
  Lines       51468    51468              
  Branches     4802     4802              
==========================================
- Hits        22113    22107       -6     
- Misses      28831    28837       +6     
  Partials      524      524              

Flag	Coverage Δ
backend	43.03% <8.33%> (-0.02%)	⬇️
frontend	41.34% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.