Conversation
There was a problem hiding this comment.
Pull request overview
Improves resiliency and diagnostics around Microsoft Graph exports by adding explicit error handling/validation and paging-loop safety checks, plus enhancing HTTP status code extraction for retry logic.
Changes:
- Add try/catch logging and detection of Graph “error” JSON responses during export paging.
- Add “stuck nextLink” detection to prevent infinite paging loops.
- Extend
Get-ZtHttpStatusCodeto parse raw HTTP status lines from exception messages.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
src/powershell/private/export/Export-ZtGraphEntity.ps1 |
Adds error logging/validation around Graph responses and adds stuck-paging detection during export. |
src/powershell/private/core/Get-ZtHttpStatusCode.ps1 |
Adds an additional regex strategy to extract 4xx/5xx codes from raw HTTP status lines in exception messages. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Improves the robustness of Microsoft Graph exports and retry handling by adding better error detection/logging in paging exports, broadening retry behavior, and enhancing HTTP status code extraction to recognize more error message formats.
Changes:
- Add structured logging and error-response detection to
Export-ZtGraphEntity, plus stuck paging detection. - Change retry policy to treat most HTTP status codes as retryable except 401/403/404.
- Extend HTTP status code extraction to parse raw
HTTP/x.y <status>status lines and update retry tests accordingly.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| src/powershell/private/export/Export-ZtGraphEntity.ps1 | Adds logging, error-response validation, and stuck nextLink detection during paged exports. |
| src/powershell/private/core/Test-ZtRetryableError.ps1 | Changes retryability logic to a denylist (only 401/403/404 are non-retryable). |
| src/powershell/private/core/Get-ZtHttpStatusCode.ps1 | Adds regex strategy to extract status codes from raw HTTP status lines. |
| code-tests/commands/Invoke-ZtRetry.Tests.ps1 | Updates test expectation to retry HTTP 400 errors. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
…ft/zerotrustassessment into merill-860-infinite-loop
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
alexandair
left a comment
alexandair
left a comment
There was a problem hiding this comment.
@merill Please, address my feedback.
Fix infinite loop during Graph API paging (#860)
When paging through large Graph API result sets (e.g.,
UserRegistrationDetails), if the API returns an error response that still contains@odata.nextLink, the export loop runs indefinitely. This also applies when transient 400 errors (like expired skip tokens) are immediately classified as non-retryable, causing the export to fail without retry.Changes
4 files changed across 3 areas:
1. Paging loop hardening —
Export-ZtGraphEntity.ps1$results = $nullat the start of each iteration so a failed API call (that was already retried five times) can't silently reuse the previous page's@odata.nextLinkInvoke-ZtRetry, logs the entity name/page/URI, then re-throws so the export is marked asFailedInvoke-MgGraphRequestreturns error JSON as a valid hashtable (with anerrorkey) without throwing, and terminates the loop$previousNextLinkand breaks if the same@odata.nextLinkis returned on consecutive pages2. Broader retry classification —
Test-ZtRetryableError.ps1408, 429, 500, 502, 503, 504, 507) to a **denylist