Merge pull request github#11723 from aibaars/alert-suppression

CodeQL alert suppression

Author: aibaars

cpp/ql/src/AlertSuppression.ql

@@ -5,10 +5,18 @@
  * @id cpp/alert-suppression
  */
 
-private import codeql.suppression.AlertSuppression as AS
+private import codeql.util.suppression.AlertSuppression as AS
 private import semmle.code.cpp.Element
 
-class SingleLineComment extends Comment {
+class AstNode extends Locatable {
+  predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
+}
+
+class SingleLineComment extends Comment, AstNode {
   private string text;
 
   SingleLineComment() {
@@ -26,14 +34,8 @@ class SingleLineComment extends Comment {
     not text.matches("%\n%")
   }
 
-  predicate hasLocationInfo(
-    string filepath, int startline, int startcolumn, int endline, int endcolumn
-  ) {
-    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
-  }
-
   /** Gets the text in this comment, excluding the leading //. */
   string getText() { result = text }
 }
 
-import AS::Make<SingleLineComment>
+import AS::Make<AstNode, SingleLineComment>

cpp/ql/src/change-notes/2022-12-19-alert-suppressions.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.

cpp/ql/test/query-tests/AlertSuppression/AlertSuppression.expected

@@ -34,4 +34,11 @@ int x = 0; // lgtm
 
 */
 /* lgtm[@tag:nullness,js/invocation-of-non-function] */
-/* lgtm[@tag:nullness] */
+/* lgtm[@tag:nullness] */
+// codeql[js/debugger-statement]
+// CODEQL[js/debugger-statement]
+// codeql[js/debugger-statement] -- because I know better than codeql
+/* codeql[js/debugger-statement] */
+/* codeql[js/debugger-statement] 
+*/
+int y; // codeql[js/debugger-statement]

cpp/ql/test/query-tests/AlertSuppression/tst.c

@@ -34,4 +34,11 @@ int x = 0; // lgtm
 
 */
 /* lgtm[@tag:nullness,js/invocation-of-non-function] */
-/* lgtm[@tag:nullness] */
+/* lgtm[@tag:nullness] */
+// codeql[js/debugger-statement]
+// CODEQL[js/debugger-statement]
+// codeql[js/debugger-statement] -- because I know better than codeql
+/* codeql[js/debugger-statement] */
+/* codeql[js/debugger-statement] 
+*/
+int y; // codeql[js/debugger-statement]

cpp/ql/test/query-tests/AlertSuppression/tstWindows.c

@@ -5,9 +5,17 @@
  * @id cs/alert-suppression
  */
 
-private import codeql.suppression.AlertSuppression as AS
+private import codeql.util.suppression.AlertSuppression as AS
 private import semmle.code.csharp.Comments
 
+class AstNode extends Element {
+  predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
+}
+
 class SingleLineComment extends CommentLine {
   SingleLineComment() {
     // Must be either `// ...` or `/* ... */` on a single line.
@@ -21,4 +29,4 @@ class SingleLineComment extends CommentLine {
   }
 }
 
-import AS::Make<SingleLineComment>
+import AS::Make<AstNode, SingleLineComment>

csharp/ql/src/AlertSuppression.ql

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.

csharp/ql/src/change-notes/2022-12-19-alert-suppressions.md

@@ -26,3 +26,11 @@ class Dead { } // lgtm
 // LGTM[cs/unused-reftype]
 // lgtm[cs/unused-reftype] and lgtm[cs/unused-field]
 // lgtm[cs/unused-reftype]; lgtm
+// codeql[js/debugger-statement]
+// CODEQL[js/debugger-statement]
+// codeql[js/debugger-statement] -- because I know better than codeql
+/* codeql[js/debugger-statement] */
+/* codeql[js/debugger-statement] 
+*/
+class End { } // codeql[js/debugger-statement]
+

csharp/ql/test/query-tests/AlertSuppression/AlertSuppression.cs

@@ -34,3 +34,11 @@ class Dead2 { } // lgtm
 */
 /* lgtm[@tag:nullness,cs/unused-reftype] */
 /* lgtm[@tag:nullness] */
+// codeql[js/debugger-statement]
+// CODEQL[js/debugger-statement]
+// codeql[js/debugger-statement] -- because I know better than codeql
+/* codeql[js/debugger-statement] */
+/* codeql[js/debugger-statement] 
+*/
+class End2 { } // codeql[js/debugger-statement]
+