AlertSuppression: add support for //codeql comments

aibaars · aibaars · commit c9739b21cb8f · 2022-12-19T16:10:28.000+01:00
diff --git a/java/ql/src/AlertSuppressionAnnotations.ql b/java/ql/src/AlertSuppressionAnnotations.ql
@@ -12,8 +12,8 @@ import Metrics.Internal.Extents
 /** Gets the LGTM suppression annotation text in the string `s`, if any. */
 bindingset[s]
 string getAnnotationText(string s) {
-  // match `lgtm[...]` anywhere in the comment
-  result = s.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _)
+  // match `lgtm[...]` or `codeql[...]` anywhere in the comment
+  result = s.regexpFind("(?i)\\b(lgtm|codeql)\\s*\\[[^\\]]*\\]", _, _).trim()
 }
 
 /**
@@ -96,5 +96,5 @@ where
   annotationText = getAnnotationText(text)
 select c, // suppression entity
   text, // full text of suppression string
-  annotationText, // LGTM suppression annotation text
+  annotationText.regexpReplaceAll("(?i)^codeql", "lgtm"), // LGTM suppression annotation text
   c.getScope() // scope of suppression
diff --git a/python/ql/test/query-tests/analysis/suppression/AlertSuppression.expected b/python/ql/test/query-tests/analysis/suppression/AlertSuppression.expected
@@ -65,7 +65,6 @@
 | testWindows.py:39:3:39:7 | Comment #noqa | noqa | lgtm | testWindows.py:39:1:39:7 | suppression range |
 | testWindows.py:40:4:40:9 | Comment # noqa |  noqa | lgtm | testWindows.py:40:1:40:9 | suppression range |
 | testWindows.py:45:1:45:28 | Comment # noqa -- Some extra detail. |  noqa -- Some extra detail. | lgtm | testWindows.py:45:1:45:28 | suppression range |
-| testWindows.py:45:1:45:28 | Comment # noqa -- Some extra detail. |  noqa -- Some extra detail. | lgtm | testWindows.py:46:0:46:0 | suppression range |
 | testWindows.py:48:4:48:60 | Comment # lgtm[py/line-too-long] and lgtm[py/non-callable-called] |  lgtm[py/line-too-long] and lgtm[py/non-callable-called] | lgtm[py/line-too-long] | testWindows.py:48:1:48:60 | suppression range |
 | testWindows.py:48:4:48:60 | Comment # lgtm[py/line-too-long] and lgtm[py/non-callable-called] |  lgtm[py/line-too-long] and lgtm[py/non-callable-called] | lgtm[py/non-callable-called] | testWindows.py:48:1:48:60 | suppression range |
 | testWindows.py:49:4:49:33 | Comment # lgtm[py/line-too-long]; lgtm |  lgtm[py/line-too-long]; lgtm | lgtm | testWindows.py:49:1:49:33 | suppression range |
diff --git a/shared/util/codeql/suppression/AlertSuppression.qll b/shared/util/codeql/suppression/AlertSuppression.qll
@@ -94,6 +94,34 @@ module Make<AstNode Node, SingleLineComment Comment> {
     }
   }
 
+  private class CodeQlSuppressionComment extends SuppressionComment {
+    private string annotation;
+
+    CodeQlSuppressionComment() {
+      // match `codeql[...]` anywhere in the comment
+      annotation = this.(Comment).getText().regexpFind("(?i)\\bcodeql\\s*\\[[^\\]]*\\]", _, _) and
+      exists(string filepath, int cStartLine, int cStartColumn |
+        this.(Comment).hasLocationInfo(filepath, cStartLine, cStartColumn, _, _) and
+        not exists(int c, Node n | c < cStartColumn |
+          n.hasLocationInfo(filepath, _, _, cStartLine, c) or
+          n.hasLocationInfo(filepath, cStartLine, c, _, _)
+        )
+      )
+    }
+
+    override string getAnnotation() { result = "lgtm" + annotation.suffix(6) }
+
+    override predicate covers(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      this.hasLocationInfo(filepath, _, _, startline - 1, _) and
+      // when there is no column information, a location spans the whole line
+      startcolumn = 0 and
+      endcolumn = 0 and
+      endline = startline
+    }
+  }
+
   /**
    * The scope of an alert suppression comment.
    */
