Merge pull request #11723 from aibaars/alert-suppression

CodeQL alert suppression

cpp/ql/src/AlertSuppression.ql

@@ -5,10 +5,18 @@
  * @id cpp/alert-suppression
  */
 
-private import codeql.suppression.AlertSuppression as AS
+private import codeql.util.suppression.AlertSuppression as AS
 private import semmle.code.cpp.Element
 
-class SingleLineComment extends Comment {
+class AstNode extends Locatable {
+  predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
+}
+
+class SingleLineComment extends Comment, AstNode {
   private string text;
 
   SingleLineComment() {
@@ -26,14 +34,8 @@ class SingleLineComment extends Comment {
     not text.matches("%\n%")
   }
 
-  predicate hasLocationInfo(
-    string filepath, int startline, int startcolumn, int endline, int endcolumn
-  ) {
-    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
-  }
-
   /** Gets the text in this comment, excluding the leading //. */
   string getText() { result = text }
 }
 
-import AS::Make<SingleLineComment>
+import AS::Make<AstNode, SingleLineComment>

cpp/ql/src/change-notes/2022-12-19-alert-suppressions.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.

cpp/ql/test/query-tests/AlertSuppression/AlertSuppression.expected

@@ -1,58 +1,122 @@
 | tst.c:1:12:1:18 | // lgtm |  lgtm | lgtm | tst.c:1:1:1:18 | suppression range |
 | tst.c:2:1:2:30 | // lgtm[js/debugger-statement] |  lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:2:1:2:30 | suppression range |
+| tst.c:2:1:2:30 | // lgtm[js/debugger-statement] |  lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:3:0:3:0 | suppression range |
 | tst.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] |  lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tst.c:3:1:3:61 | suppression range |
+| tst.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] |  lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tst.c:4:0:4:0 | suppression range |
 | tst.c:4:1:4:22 | // lgtm[@tag:nullness] |  lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:4:1:4:22 | suppression range |
+| tst.c:4:1:4:22 | // lgtm[@tag:nullness] |  lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:5:0:5:0 | suppression range |
 | tst.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] |  lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tst.c:5:1:5:44 | suppression range |
+| tst.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] |  lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tst.c:6:0:6:0 | suppression range |
 | tst.c:6:1:6:28 | // lgtm[@expires:2017-06-11] |  lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tst.c:6:1:6:28 | suppression range |
+| tst.c:6:1:6:28 | // lgtm[@expires:2017-06-11] |  lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tst.c:7:0:7:0 | suppression range |
 | tst.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm |  lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tst.c:7:1:7:70 | suppression range |
+| tst.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm |  lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tst.c:8:0:8:0 | suppression range |
 | tst.c:8:1:8:18 | // lgtm: blah blah |  lgtm: blah blah | lgtm | tst.c:8:1:8:18 | suppression range |
+| tst.c:8:1:8:18 | // lgtm: blah blah |  lgtm: blah blah | lgtm | tst.c:9:0:9:0 | suppression range |
 | tst.c:9:1:9:32 | // lgtm blah blah #falsepositive |  lgtm blah blah #falsepositive | lgtm | tst.c:9:1:9:32 | suppression range |
+| tst.c:9:1:9:32 | // lgtm blah blah #falsepositive |  lgtm blah blah #falsepositive | lgtm | tst.c:10:0:10:0 | suppression range |
 | tst.c:10:1:10:39 | //lgtm  [js/invocation-of-non-function] | lgtm  [js/invocation-of-non-function] | lgtm  [js/invocation-of-non-function] | tst.c:10:1:10:39 | suppression range |
+| tst.c:10:1:10:39 | //lgtm  [js/invocation-of-non-function] | lgtm  [js/invocation-of-non-function] | lgtm  [js/invocation-of-non-function] | tst.c:11:0:11:0 | suppression range |
 | tst.c:11:1:11:10 | /* lgtm */ |  lgtm  | lgtm | tst.c:11:1:11:10 | suppression range |
+| tst.c:11:1:11:10 | /* lgtm */ |  lgtm  | lgtm | tst.c:12:0:12:0 | suppression range |
 | tst.c:12:1:12:9 | // lgtm[] |  lgtm[] | lgtm[] | tst.c:12:1:12:9 | suppression range |
+| tst.c:12:1:12:9 | // lgtm[] |  lgtm[] | lgtm[] | tst.c:13:0:13:0 | suppression range |
 | tst.c:14:1:14:6 | //lgtm | lgtm | lgtm | tst.c:14:1:14:6 | suppression range |
+| tst.c:14:1:14:6 | //lgtm | lgtm | lgtm | tst.c:15:0:15:0 | suppression range |
 | tst.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tst.c:15:1:15:7 | suppression range |
+| tst.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tst.c:16:0:16:0 | suppression range |
 | tst.c:16:1:16:31 | // lgtm\t[js/debugger-statement] |  lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tst.c:16:1:16:31 | suppression range |
+| tst.c:16:1:16:31 | // lgtm\t[js/debugger-statement] |  lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tst.c:17:0:17:0 | suppression range |
 | tst.c:19:1:19:12 | // foo; lgtm |  foo; lgtm | lgtm | tst.c:19:1:19:12 | suppression range |
+| tst.c:19:1:19:12 | // foo; lgtm |  foo; lgtm | lgtm | tst.c:20:0:20:0 | suppression range |
 | tst.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] |  foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:20:1:20:35 | suppression range |
+| tst.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] |  foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:21:0:21:0 | suppression range |
 | tst.c:22:1:22:34 | // foo lgtm[js/debugger-statement] |  foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:22:1:22:34 | suppression range |
+| tst.c:22:1:22:34 | // foo lgtm[js/debugger-statement] |  foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:23:0:23:0 | suppression range |
 | tst.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar |  foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tst.c:24:1:24:38 | suppression range |
+| tst.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar |  foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tst.c:25:0:25:0 | suppression range |
 | tst.c:25:1:25:8 | // LGTM! |  LGTM! | LGTM | tst.c:25:1:25:8 | suppression range |
+| tst.c:25:1:25:8 | // LGTM! |  LGTM! | LGTM | tst.c:26:0:26:0 | suppression range |
 | tst.c:26:1:26:30 | // LGTM[js/debugger-statement] |  LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tst.c:26:1:26:30 | suppression range |
+| tst.c:26:1:26:30 | // LGTM[js/debugger-statement] |  LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tst.c:27:0:27:0 | suppression range |
 | tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tst.c:27:1:27:70 | suppression range |
+| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tst.c:28:0:28:0 | suppression range |
 | tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:27:1:27:70 | suppression range |
+| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:28:0:28:0 | suppression range |
 | tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm | tst.c:28:1:28:36 | suppression range |
+| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm | tst.c:29:0:29:0 | suppression range |
 | tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tst.c:28:1:28:36 | suppression range |
+| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tst.c:29:0:29:0 | suppression range |
 | tst.c:29:1:29:12 | /* lgtm[] */ |  lgtm[]  | lgtm[] | tst.c:29:1:29:12 | suppression range |
+| tst.c:29:1:29:12 | /* lgtm[] */ |  lgtm[]  | lgtm[] | tst.c:30:0:30:0 | suppression range |
 | tst.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ |  lgtm[js/invocation-of-non-function]  | lgtm[js/invocation-of-non-function] | tst.c:30:1:30:41 | suppression range |
+| tst.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ |  lgtm[js/invocation-of-non-function]  | lgtm[js/invocation-of-non-function] | tst.c:31:0:31:0 | suppression range |
 | tst.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ |  lgtm[@tag:nullness,js/invocation-of-non-function]  | lgtm[@tag:nullness,js/invocation-of-non-function] | tst.c:36:1:36:55 | suppression range |
+| tst.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ |  lgtm[@tag:nullness,js/invocation-of-non-function]  | lgtm[@tag:nullness,js/invocation-of-non-function] | tst.c:37:0:37:0 | suppression range |
 | tst.c:37:1:37:25 | /* lgtm[@tag:nullness] */ |  lgtm[@tag:nullness]  | lgtm[@tag:nullness] | tst.c:37:1:37:25 | suppression range |
+| tst.c:37:1:37:25 | /* lgtm[@tag:nullness] */ |  lgtm[@tag:nullness]  | lgtm[@tag:nullness] | tst.c:38:0:38:0 | suppression range |
+| tst.c:38:1:38:32 | // codeql[js/debugger-statement] |  codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:39:0:39:0 | suppression range |
+| tst.c:39:1:39:32 | // CODEQL[js/debugger-statement] |  CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:40:0:40:0 | suppression range |
+| tst.c:40:1:40:69 | // codeql[js/debugger-statement] -- because I know better than codeql |  codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tst.c:41:0:41:0 | suppression range |
+| tst.c:41:1:41:35 | /* codeql[js/debugger-statement] */ |  codeql[js/debugger-statement]  | lgtm[js/debugger-statement] | tst.c:42:0:42:0 | suppression range |
 | tstWindows.c:1:12:1:18 | // lgtm |  lgtm | lgtm | tstWindows.c:1:1:1:18 | suppression range |
 | tstWindows.c:2:1:2:30 | // lgtm[js/debugger-statement] |  lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:2:1:2:30 | suppression range |
+| tstWindows.c:2:1:2:30 | // lgtm[js/debugger-statement] |  lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:3:0:3:0 | suppression range |
 | tstWindows.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] |  lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tstWindows.c:3:1:3:61 | suppression range |
+| tstWindows.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] |  lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tstWindows.c:4:0:4:0 | suppression range |
 | tstWindows.c:4:1:4:22 | // lgtm[@tag:nullness] |  lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:4:1:4:22 | suppression range |
+| tstWindows.c:4:1:4:22 | // lgtm[@tag:nullness] |  lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:5:0:5:0 | suppression range |
 | tstWindows.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] |  lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tstWindows.c:5:1:5:44 | suppression range |
+| tstWindows.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] |  lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tstWindows.c:6:0:6:0 | suppression range |
 | tstWindows.c:6:1:6:28 | // lgtm[@expires:2017-06-11] |  lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tstWindows.c:6:1:6:28 | suppression range |
+| tstWindows.c:6:1:6:28 | // lgtm[@expires:2017-06-11] |  lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tstWindows.c:7:0:7:0 | suppression range |
 | tstWindows.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm |  lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tstWindows.c:7:1:7:70 | suppression range |
+| tstWindows.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm |  lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tstWindows.c:8:0:8:0 | suppression range |
 | tstWindows.c:8:1:8:18 | // lgtm: blah blah |  lgtm: blah blah | lgtm | tstWindows.c:8:1:8:18 | suppression range |
+| tstWindows.c:8:1:8:18 | // lgtm: blah blah |  lgtm: blah blah | lgtm | tstWindows.c:9:0:9:0 | suppression range |
 | tstWindows.c:9:1:9:32 | // lgtm blah blah #falsepositive |  lgtm blah blah #falsepositive | lgtm | tstWindows.c:9:1:9:32 | suppression range |
+| tstWindows.c:9:1:9:32 | // lgtm blah blah #falsepositive |  lgtm blah blah #falsepositive | lgtm | tstWindows.c:10:0:10:0 | suppression range |
 | tstWindows.c:10:1:10:39 | //lgtm  [js/invocation-of-non-function] | lgtm  [js/invocation-of-non-function] | lgtm  [js/invocation-of-non-function] | tstWindows.c:10:1:10:39 | suppression range |
+| tstWindows.c:10:1:10:39 | //lgtm  [js/invocation-of-non-function] | lgtm  [js/invocation-of-non-function] | lgtm  [js/invocation-of-non-function] | tstWindows.c:11:0:11:0 | suppression range |
 | tstWindows.c:11:1:11:10 | /* lgtm */ |  lgtm  | lgtm | tstWindows.c:11:1:11:10 | suppression range |
+| tstWindows.c:11:1:11:10 | /* lgtm */ |  lgtm  | lgtm | tstWindows.c:12:0:12:0 | suppression range |
 | tstWindows.c:12:1:12:9 | // lgtm[] |  lgtm[] | lgtm[] | tstWindows.c:12:1:12:9 | suppression range |
+| tstWindows.c:12:1:12:9 | // lgtm[] |  lgtm[] | lgtm[] | tstWindows.c:13:0:13:0 | suppression range |
 | tstWindows.c:14:1:14:6 | //lgtm | lgtm | lgtm | tstWindows.c:14:1:14:6 | suppression range |
+| tstWindows.c:14:1:14:6 | //lgtm | lgtm | lgtm | tstWindows.c:15:0:15:0 | suppression range |
 | tstWindows.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tstWindows.c:15:1:15:7 | suppression range |
+| tstWindows.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tstWindows.c:16:0:16:0 | suppression range |
 | tstWindows.c:16:1:16:31 | // lgtm\t[js/debugger-statement] |  lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tstWindows.c:16:1:16:31 | suppression range |
+| tstWindows.c:16:1:16:31 | // lgtm\t[js/debugger-statement] |  lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tstWindows.c:17:0:17:0 | suppression range |
 | tstWindows.c:19:1:19:12 | // foo; lgtm |  foo; lgtm | lgtm | tstWindows.c:19:1:19:12 | suppression range |
+| tstWindows.c:19:1:19:12 | // foo; lgtm |  foo; lgtm | lgtm | tstWindows.c:20:0:20:0 | suppression range |
 | tstWindows.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] |  foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:20:1:20:35 | suppression range |
+| tstWindows.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] |  foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:21:0:21:0 | suppression range |
 | tstWindows.c:22:1:22:34 | // foo lgtm[js/debugger-statement] |  foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:22:1:22:34 | suppression range |
+| tstWindows.c:22:1:22:34 | // foo lgtm[js/debugger-statement] |  foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:23:0:23:0 | suppression range |
 | tstWindows.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar |  foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tstWindows.c:24:1:24:38 | suppression range |
+| tstWindows.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar |  foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tstWindows.c:25:0:25:0 | suppression range |
 | tstWindows.c:25:1:25:8 | // LGTM! |  LGTM! | LGTM | tstWindows.c:25:1:25:8 | suppression range |
+| tstWindows.c:25:1:25:8 | // LGTM! |  LGTM! | LGTM | tstWindows.c:26:0:26:0 | suppression range |
 | tstWindows.c:26:1:26:30 | // LGTM[js/debugger-statement] |  LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tstWindows.c:26:1:26:30 | suppression range |
+| tstWindows.c:26:1:26:30 | // LGTM[js/debugger-statement] |  LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tstWindows.c:27:0:27:0 | suppression range |
 | tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tstWindows.c:27:1:27:70 | suppression range |
+| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tstWindows.c:28:0:28:0 | suppression range |
 | tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:27:1:27:70 | suppression range |
+| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:28:0:28:0 | suppression range |
 | tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm | tstWindows.c:28:1:28:36 | suppression range |
+| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm | tstWindows.c:29:0:29:0 | suppression range |
 | tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tstWindows.c:28:1:28:36 | suppression range |
+| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tstWindows.c:29:0:29:0 | suppression range |
 | tstWindows.c:29:1:29:12 | /* lgtm[] */ |  lgtm[]  | lgtm[] | tstWindows.c:29:1:29:12 | suppression range |
+| tstWindows.c:29:1:29:12 | /* lgtm[] */ |  lgtm[]  | lgtm[] | tstWindows.c:30:0:30:0 | suppression range |
 | tstWindows.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ |  lgtm[js/invocation-of-non-function]  | lgtm[js/invocation-of-non-function] | tstWindows.c:30:1:30:41 | suppression range |
+| tstWindows.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ |  lgtm[js/invocation-of-non-function]  | lgtm[js/invocation-of-non-function] | tstWindows.c:31:0:31:0 | suppression range |
 | tstWindows.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ |  lgtm[@tag:nullness,js/invocation-of-non-function]  | lgtm[@tag:nullness,js/invocation-of-non-function] | tstWindows.c:36:1:36:55 | suppression range |
+| tstWindows.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ |  lgtm[@tag:nullness,js/invocation-of-non-function]  | lgtm[@tag:nullness,js/invocation-of-non-function] | tstWindows.c:37:0:37:0 | suppression range |
 | tstWindows.c:37:1:37:25 | /* lgtm[@tag:nullness] */ |  lgtm[@tag:nullness]  | lgtm[@tag:nullness] | tstWindows.c:37:1:37:25 | suppression range |
+| tstWindows.c:37:1:37:25 | /* lgtm[@tag:nullness] */ |  lgtm[@tag:nullness]  | lgtm[@tag:nullness] | tstWindows.c:38:0:38:0 | suppression range |
+| tstWindows.c:38:1:38:32 | // codeql[js/debugger-statement] |  codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:39:0:39:0 | suppression range |
+| tstWindows.c:39:1:39:32 | // CODEQL[js/debugger-statement] |  CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:40:0:40:0 | suppression range |
+| tstWindows.c:40:1:40:69 | // codeql[js/debugger-statement] -- because I know better than codeql |  codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tstWindows.c:41:0:41:0 | suppression range |
+| tstWindows.c:41:1:41:35 | /* codeql[js/debugger-statement] */ |  codeql[js/debugger-statement]  | lgtm[js/debugger-statement] | tstWindows.c:42:0:42:0 | suppression range |

cpp/ql/test/query-tests/AlertSuppression/tst.c

@@ -34,4 +34,11 @@ int x = 0; // lgtm
 
 */
 /* lgtm[@tag:nullness,js/invocation-of-non-function] */
-/* lgtm[@tag:nullness] */
+/* lgtm[@tag:nullness] */
+// codeql[js/debugger-statement]
+// CODEQL[js/debugger-statement]
+// codeql[js/debugger-statement] -- because I know better than codeql
+/* codeql[js/debugger-statement] */
+/* codeql[js/debugger-statement] 
+*/
+int y; // codeql[js/debugger-statement]

cpp/ql/test/query-tests/AlertSuppression/tstWindows.c

@@ -34,4 +34,11 @@ int x = 0; // lgtm
 
 */
 /* lgtm[@tag:nullness,js/invocation-of-non-function] */
-/* lgtm[@tag:nullness] */
+/* lgtm[@tag:nullness] */
+// codeql[js/debugger-statement]
+// CODEQL[js/debugger-statement]
+// codeql[js/debugger-statement] -- because I know better than codeql
+/* codeql[js/debugger-statement] */
+/* codeql[js/debugger-statement] 
+*/
+int y; // codeql[js/debugger-statement]

csharp/ql/src/AlertSuppression.ql

@@ -5,9 +5,17 @@
  * @id cs/alert-suppression
  */
 
-private import codeql.suppression.AlertSuppression as AS
+private import codeql.util.suppression.AlertSuppression as AS
 private import semmle.code.csharp.Comments
 
+class AstNode extends Element {
+  predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
+}
+
 class SingleLineComment extends CommentLine {
   SingleLineComment() {
     // Must be either `// ...` or `/* ... */` on a single line.
@@ -21,4 +29,4 @@ class SingleLineComment extends CommentLine {
   }
 }
 
-import AS::Make<SingleLineComment>
+import AS::Make<AstNode, SingleLineComment>

csharp/ql/src/change-notes/2022-12-19-alert-suppressions.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.

csharp/ql/test/query-tests/AlertSuppression/AlertSuppression.cs

@@ -26,3 +26,11 @@ class Dead { } // lgtm
 // LGTM[cs/unused-reftype]
 // lgtm[cs/unused-reftype] and lgtm[cs/unused-field]
 // lgtm[cs/unused-reftype]; lgtm
+// codeql[js/debugger-statement]
+// CODEQL[js/debugger-statement]
+// codeql[js/debugger-statement] -- because I know better than codeql
+/* codeql[js/debugger-statement] */
+/* codeql[js/debugger-statement] 
+*/
+class End { } // codeql[js/debugger-statement]
+

csharp/ql/test/query-tests/AlertSuppression/AlertSuppression.expected

@@ -1,54 +1,114 @@
 | AlertSuppression.cs:1:16:1:22 | // ... | lgtm | lgtm | AlertSuppression.cs:1:1:1:22 | suppression range |
 | AlertSuppression.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:2:1:2:26 | suppression range |
+| AlertSuppression.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:3:0:3:0 | suppression range |
 | AlertSuppression.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppression.cs:3:1:3:43 | suppression range |
+| AlertSuppression.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppression.cs:4:0:4:0 | suppression range |
 | AlertSuppression.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppression.cs:4:1:4:22 | suppression range |
+| AlertSuppression.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppression.cs:5:0:5:0 | suppression range |
 | AlertSuppression.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppression.cs:5:1:5:44 | suppression range |
+| AlertSuppression.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppression.cs:6:0:6:0 | suppression range |
 | AlertSuppression.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppression.cs:6:1:6:28 | suppression range |
+| AlertSuppression.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppression.cs:7:0:7:0 | suppression range |
 | AlertSuppression.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:7:1:7:58 | suppression range |
+| AlertSuppression.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:8:0:8:0 | suppression range |
 | AlertSuppression.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppression.cs:8:1:8:18 | suppression range |
+| AlertSuppression.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppression.cs:9:0:9:0 | suppression range |
 | AlertSuppression.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppression.cs:9:1:9:32 | suppression range |
+| AlertSuppression.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppression.cs:10:0:10:0 | suppression range |
 | AlertSuppression.cs:10:1:10:27 | // ... | lgtm  [cs/unused-reftype] | lgtm  [cs/unused-reftype] | AlertSuppression.cs:10:1:10:27 | suppression range |
+| AlertSuppression.cs:10:1:10:27 | // ... | lgtm  [cs/unused-reftype] | lgtm  [cs/unused-reftype] | AlertSuppression.cs:11:0:11:0 | suppression range |
 | AlertSuppression.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppression.cs:11:1:11:10 | suppression range |
+| AlertSuppression.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppression.cs:12:0:12:0 | suppression range |
 | AlertSuppression.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppression.cs:12:1:12:9 | suppression range |
+| AlertSuppression.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppression.cs:13:0:13:0 | suppression range |
 | AlertSuppression.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppression.cs:14:1:14:6 | suppression range |
+| AlertSuppression.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppression.cs:15:0:15:0 | suppression range |
 | AlertSuppression.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppression.cs:15:1:15:8 | suppression range |
+| AlertSuppression.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppression.cs:16:0:16:0 | suppression range |
 | AlertSuppression.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppression.cs:16:1:16:27 | suppression range |
+| AlertSuppression.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppression.cs:17:0:17:0 | suppression range |
 | AlertSuppression.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppression.cs:19:1:19:12 | suppression range |
+| AlertSuppression.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppression.cs:20:0:20:0 | suppression range |
 | AlertSuppression.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:20:1:20:31 | suppression range |
+| AlertSuppression.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:21:0:21:0 | suppression range |
 | AlertSuppression.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:22:1:22:30 | suppression range |
+| AlertSuppression.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:23:0:23:0 | suppression range |
 | AlertSuppression.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppression.cs:24:1:24:34 | suppression range |
+| AlertSuppression.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppression.cs:25:0:25:0 | suppression range |
 | AlertSuppression.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppression.cs:25:1:25:8 | suppression range |
+| AlertSuppression.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppression.cs:26:0:26:0 | suppression range |
 | AlertSuppression.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppression.cs:26:1:26:26 | suppression range |
+| AlertSuppression.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppression.cs:27:0:27:0 | suppression range |
 | AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppression.cs:27:1:27:52 | suppression range |
+| AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppression.cs:28:0:28:0 | suppression range |
 | AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppression.cs:27:1:27:52 | suppression range |
+| AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppression.cs:28:0:28:0 | suppression range |
 | AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppression.cs:28:1:28:32 | suppression range |
+| AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppression.cs:29:0:29:0 | suppression range |
 | AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:28:1:28:32 | suppression range |
+| AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:29:0:29:0 | suppression range |
+| AlertSuppression.cs:29:1:29:32 | // ... | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppression.cs:30:0:30:0 | suppression range |
+| AlertSuppression.cs:30:1:30:32 | // ... | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppression.cs:31:0:31:0 | suppression range |
+| AlertSuppression.cs:31:1:31:69 | // ... | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | AlertSuppression.cs:32:0:32:0 | suppression range |
+| AlertSuppression.cs:32:1:32:35 | /* ... */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppression.cs:33:0:33:0 | suppression range |
 | AlertSuppressionWindows.cs:1:17:1:23 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:1:1:1:23 | suppression range |
 | AlertSuppressionWindows.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:2:1:2:26 | suppression range |
+| AlertSuppressionWindows.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:3:0:3:0 | suppression range |
 | AlertSuppressionWindows.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppressionWindows.cs:3:1:3:43 | suppression range |
+| AlertSuppressionWindows.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppressionWindows.cs:4:0:4:0 | suppression range |
 | AlertSuppressionWindows.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:4:1:4:22 | suppression range |
+| AlertSuppressionWindows.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:5:0:5:0 | suppression range |
 | AlertSuppressionWindows.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppressionWindows.cs:5:1:5:44 | suppression range |
+| AlertSuppressionWindows.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppressionWindows.cs:6:0:6:0 | suppression range |
 | AlertSuppressionWindows.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppressionWindows.cs:6:1:6:28 | suppression range |
+| AlertSuppressionWindows.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppressionWindows.cs:7:0:7:0 | suppression range |
 | AlertSuppressionWindows.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:7:1:7:58 | suppression range |
+| AlertSuppressionWindows.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:8:0:8:0 | suppression range |
 | AlertSuppressionWindows.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppressionWindows.cs:8:1:8:18 | suppression range |
+| AlertSuppressionWindows.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppressionWindows.cs:9:0:9:0 | suppression range |
 | AlertSuppressionWindows.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppressionWindows.cs:9:1:9:32 | suppression range |
+| AlertSuppressionWindows.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppressionWindows.cs:10:0:10:0 | suppression range |
 | AlertSuppressionWindows.cs:10:1:10:27 | // ... | lgtm  [cs/unused-reftype] | lgtm  [cs/unused-reftype] | AlertSuppressionWindows.cs:10:1:10:27 | suppression range |
+| AlertSuppressionWindows.cs:10:1:10:27 | // ... | lgtm  [cs/unused-reftype] | lgtm  [cs/unused-reftype] | AlertSuppressionWindows.cs:11:0:11:0 | suppression range |
 | AlertSuppressionWindows.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppressionWindows.cs:11:1:11:10 | suppression range |
+| AlertSuppressionWindows.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppressionWindows.cs:12:0:12:0 | suppression range |
 | AlertSuppressionWindows.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:12:1:12:9 | suppression range |
+| AlertSuppressionWindows.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:13:0:13:0 | suppression range |
 | AlertSuppressionWindows.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:14:1:14:6 | suppression range |
+| AlertSuppressionWindows.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:15:0:15:0 | suppression range |
 | AlertSuppressionWindows.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:15:1:15:8 | suppression range |
+| AlertSuppressionWindows.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:16:0:16:0 | suppression range |
 | AlertSuppressionWindows.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppressionWindows.cs:16:1:16:27 | suppression range |
+| AlertSuppressionWindows.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppressionWindows.cs:17:0:17:0 | suppression range |
 | AlertSuppressionWindows.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppressionWindows.cs:19:1:19:12 | suppression range |
+| AlertSuppressionWindows.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppressionWindows.cs:20:0:20:0 | suppression range |
 | AlertSuppressionWindows.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:20:1:20:31 | suppression range |
+| AlertSuppressionWindows.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:21:0:21:0 | suppression range |
 | AlertSuppressionWindows.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:22:1:22:30 | suppression range |
+| AlertSuppressionWindows.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:23:0:23:0 | suppression range |
 | AlertSuppressionWindows.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:24:1:24:34 | suppression range |
+| AlertSuppressionWindows.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:25:0:25:0 | suppression range |
 | AlertSuppressionWindows.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppressionWindows.cs:25:1:25:8 | suppression range |
+| AlertSuppressionWindows.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppressionWindows.cs:26:0:26:0 | suppression range |
 | AlertSuppressionWindows.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppressionWindows.cs:26:1:26:26 | suppression range |
+| AlertSuppressionWindows.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppressionWindows.cs:27:0:27:0 | suppression range |
 | AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppressionWindows.cs:27:1:27:52 | suppression range |
+| AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppressionWindows.cs:28:0:28:0 | suppression range |
 | AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:27:1:27:52 | suppression range |
+| AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:28:0:28:0 | suppression range |
 | AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppressionWindows.cs:28:1:28:32 | suppression range |
+| AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppressionWindows.cs:29:0:29:0 | suppression range |
 | AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:28:1:28:32 | suppression range |
+| AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:29:0:29:0 | suppression range |
 | AlertSuppressionWindows.cs:29:1:29:12 | /* ... */ | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:29:1:29:12 | suppression range |
+| AlertSuppressionWindows.cs:29:1:29:12 | /* ... */ | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:30:0:30:0 | suppression range |
 | AlertSuppressionWindows.cs:30:1:30:29 | /* ... */ | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:30:1:30:29 | suppression range |
+| AlertSuppressionWindows.cs:30:1:30:29 | /* ... */ | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:31:0:31:0 | suppression range |
 | AlertSuppressionWindows.cs:35:1:35:43 | /* ... */ | lgtm[@tag:nullness,cs/unused-reftype] | lgtm[@tag:nullness,cs/unused-reftype] | AlertSuppressionWindows.cs:35:1:35:43 | suppression range |
+| AlertSuppressionWindows.cs:35:1:35:43 | /* ... */ | lgtm[@tag:nullness,cs/unused-reftype] | lgtm[@tag:nullness,cs/unused-reftype] | AlertSuppressionWindows.cs:36:0:36:0 | suppression range |
 | AlertSuppressionWindows.cs:36:1:36:25 | /* ... */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:36:1:36:25 | suppression range |
+| AlertSuppressionWindows.cs:36:1:36:25 | /* ... */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:37:0:37:0 | suppression range |
+| AlertSuppressionWindows.cs:37:1:37:32 | // ... | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppressionWindows.cs:38:0:38:0 | suppression range |
+| AlertSuppressionWindows.cs:38:1:38:32 | // ... | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppressionWindows.cs:39:0:39:0 | suppression range |
+| AlertSuppressionWindows.cs:39:1:39:69 | // ... | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | AlertSuppressionWindows.cs:40:0:40:0 | suppression range |
+| AlertSuppressionWindows.cs:40:1:40:35 | /* ... */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppressionWindows.cs:41:0:41:0 | suppression range |

csharp/ql/test/query-tests/AlertSuppression/AlertSuppressionWindows.cs

@@ -34,3 +34,11 @@ class Dead2 { } // lgtm
 */
 /* lgtm[@tag:nullness,cs/unused-reftype] */
 /* lgtm[@tag:nullness] */
+// codeql[js/debugger-statement]
+// CODEQL[js/debugger-statement]
+// codeql[js/debugger-statement] -- because I know better than codeql
+/* codeql[js/debugger-statement] */
+/* codeql[js/debugger-statement] 
+*/
+class End2 { } // codeql[js/debugger-statement]
+

go/ql/src/AlertSuppression.ql

@@ -5,7 +5,7 @@
  * @id go/alert-suppression
  */
 
-private import codeql.suppression.AlertSuppression as AS
+private import codeql.util.suppression.AlertSuppression as AS
 private import semmle.go.Comments as G
 
 class SingleLineComment extends G::Comment {
@@ -15,4 +15,4 @@ class SingleLineComment extends G::Comment {
   }
 }
 
-import AS::Make<SingleLineComment>
+import AS::Make<G::Locatable, SingleLineComment>

go/ql/src/change-notes/2022-12-19-alert-suppressions.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.

go/ql/test/query-tests/AlertSuppression/AlertSuppression.expected

@@ -29,6 +29,10 @@
 | tst.go:37:8:37:42 | comment |  lgtm[go/redundant-assignment]  | lgtm[go/redundant-assignment] | tst.go:37:1:37:42 | suppression range |
 | tst.go:43:8:43:56 | comment |  lgtm[@tag:nullness,go/redundant-assignment]  | lgtm[@tag:nullness,go/redundant-assignment] | tst.go:43:1:43:56 | suppression range |
 | tst.go:44:8:44:32 | comment |  lgtm[@tag:nullness]  | lgtm[@tag:nullness] | tst.go:44:1:44:32 | suppression range |
+| tst.go:45:2:45:33 | comment |  codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tst.go:46:0:46:0 | suppression range |
+| tst.go:47:2:47:33 | comment |  CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tst.go:48:0:48:0 | suppression range |
+| tst.go:49:2:49:70 | comment |  codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tst.go:50:0:50:0 | suppression range |
+| tst.go:51:2:51:36 | comment |  codeql[js/debugger-statement]  | lgtm[js/debugger-statement] | tst.go:52:0:52:0 | suppression range |
 | tstWindows.go:7:8:7:14 | comment |  lgtm | lgtm | tstWindows.go:7:1:7:14 | suppression range |
 | tstWindows.go:8:8:8:39 | comment |  lgtm[go/redundant-assignment] | lgtm[go/redundant-assignment] | tstWindows.go:8:1:8:39 | suppression range |
 | tstWindows.go:9:8:9:39 | comment |  lgtm[go/redundant-assignment] | lgtm[go/redundant-assignment] | tstWindows.go:9:1:9:39 | suppression range |
@@ -59,3 +63,7 @@
 | tstWindows.go:37:8:37:42 | comment |  lgtm[go/redundant-assignment]  | lgtm[go/redundant-assignment] | tstWindows.go:37:1:37:42 | suppression range |
 | tstWindows.go:43:8:43:56 | comment |  lgtm[@tag:nullness,go/redundant-assignment]  | lgtm[@tag:nullness,go/redundant-assignment] | tstWindows.go:43:1:43:56 | suppression range |
 | tstWindows.go:44:8:44:32 | comment |  lgtm[@tag:nullness]  | lgtm[@tag:nullness] | tstWindows.go:44:1:44:32 | suppression range |
+| tstWindows.go:45:2:45:33 | comment |  codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.go:46:0:46:0 | suppression range |
+| tstWindows.go:47:2:47:33 | comment |  CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.go:48:0:48:0 | suppression range |
+| tstWindows.go:49:2:49:70 | comment |  codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tstWindows.go:50:0:50:0 | suppression range |
+| tstWindows.go:51:2:51:36 | comment |  codeql[js/debugger-statement]  | lgtm[js/debugger-statement] | tstWindows.go:52:0:52:0 | suppression range |

go/ql/test/query-tests/AlertSuppression/tst.go

@@ -42,4 +42,16 @@ func main() {
                */
 	x = x /* lgtm[@tag:nullness,go/redundant-assignment] */
 	x = x /* lgtm[@tag:nullness] */
+	// codeql[js/debugger-statement]
+	x = x 
+	// CODEQL[js/debugger-statement]
+	x = x
+	// codeql[js/debugger-statement] -- because I know better than codeql
+	x = x
+	/* codeql[js/debugger-statement] */
+	x = x
+	/* codeql[js/debugger-statement] 
+	*/
+	x = x
+	x = x // codeql[js/debugger-statement]	
 }

go/ql/test/query-tests/AlertSuppression/tstWindows.go

@@ -42,4 +42,17 @@ func winMain() {
                */
 	x = x /* lgtm[@tag:nullness,go/redundant-assignment] */
 	x = x /* lgtm[@tag:nullness] */
-}
+	// codeql[js/debugger-statement]
+	x = x 
+	// CODEQL[js/debugger-statement]
+	x = x
+	// codeql[js/debugger-statement] -- because I know better than codeql
+	x = x
+	/* codeql[js/debugger-statement] */
+	x = x
+	/* codeql[js/debugger-statement] 
+	*/
+	x = x
+	x = x // codeql[js/debugger-statement]	
+}	
+

java/ql/src/AlertSuppression.ql

@@ -5,7 +5,7 @@
  * @id java/alert-suppression
  */
 
-private import codeql.suppression.AlertSuppression as AS
+private import codeql.util.suppression.AlertSuppression as AS
 private import semmle.code.java.Javadoc
 
 class SingleLineComment extends Javadoc {
@@ -18,4 +18,4 @@ class SingleLineComment extends Javadoc {
   string getText() { result = this.getChild(0).getText() }
 }
 
-import AS::Make<SingleLineComment>
+import AS::Make<Top, SingleLineComment>

java/ql/src/AlertSuppressionAnnotations.ql

@@ -12,8 +12,8 @@ import Metrics.Internal.Extents
 /** Gets the LGTM suppression annotation text in the string `s`, if any. */
 bindingset[s]
 string getAnnotationText(string s) {
-  // match `lgtm[...]` anywhere in the comment
-  result = s.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _)
+  // match `lgtm[...]` or `codeql[...]` anywhere in the comment
+  result = s.regexpFind("(?i)\\b(lgtm|codeql)\\s*\\[[^\\]]*\\]", _, _).trim()
 }
 
 /**
@@ -96,5 +96,5 @@ where
   annotationText = getAnnotationText(text)
 select c, // suppression entity
   text, // full text of suppression string
-  annotationText, // LGTM suppression annotation text
+  annotationText.regexpReplaceAll("(?i)^codeql", "lgtm"), // LGTM suppression annotation text
   c.getScope() // scope of suppression

java/ql/src/change-notes/2022-12-19-alert-suppressions.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.

java/ql/test/query-tests/AlertSuppression/AlertSuppression.expected

@@ -1,58 +1,122 @@
 | Test.java:1:15:1:21 | // lgtm |  lgtm | lgtm | Test.java:1:1:1:21 | suppression range |
 | Test.java:2:1:2:35 | // lgtm[java/confusing-method-name] |  lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:2:1:2:35 | suppression range |
+| Test.java:2:1:2:35 | // lgtm[java/confusing-method-name] |  lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:3:0:3:0 | suppression range |
 | Test.java:3:1:3:70 | // lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] |  lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | Test.java:3:1:3:70 | suppression range |
+| Test.java:3:1:3:70 | // lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] |  lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | Test.java:4:0:4:0 | suppression range |
 | Test.java:4:1:4:24 | // lgtm[@tag:exceptions] |  lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | Test.java:4:1:4:24 | suppression range |
+| Test.java:4:1:4:24 | // lgtm[@tag:exceptions] |  lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | Test.java:5:0:5:0 | suppression range |
 | Test.java:5:1:5:51 | // lgtm[@tag:exceptions,java/confusing-method-name] |  lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | Test.java:5:1:5:51 | suppression range |
+| Test.java:5:1:5:51 | // lgtm[@tag:exceptions,java/confusing-method-name] |  lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | Test.java:6:0:6:0 | suppression range |
 | Test.java:6:1:6:28 | // lgtm[@expires:2017-06-11] |  lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | Test.java:6:1:6:28 | suppression range |
+| Test.java:6:1:6:28 | // lgtm[@expires:2017-06-11] |  lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | Test.java:7:0:7:0 | suppression range |
 | Test.java:7:1:7:81 | // lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm |  lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] | Test.java:7:1:7:81 | suppression range |
+| Test.java:7:1:7:81 | // lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm |  lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] | Test.java:8:0:8:0 | suppression range |
 | Test.java:8:1:8:18 | // lgtm: blah blah |  lgtm: blah blah | lgtm | Test.java:8:1:8:18 | suppression range |
+| Test.java:8:1:8:18 | // lgtm: blah blah |  lgtm: blah blah | lgtm | Test.java:9:0:9:0 | suppression range |
 | Test.java:9:1:9:32 | // lgtm blah blah #falsepositive |  lgtm blah blah #falsepositive | lgtm | Test.java:9:1:9:32 | suppression range |
+| Test.java:9:1:9:32 | // lgtm blah blah #falsepositive |  lgtm blah blah #falsepositive | lgtm | Test.java:10:0:10:0 | suppression range |
 | Test.java:10:1:10:36 | //lgtm  [java/confusing-method-name] | lgtm  [java/confusing-method-name] | lgtm  [java/confusing-method-name] | Test.java:10:1:10:36 | suppression range |
+| Test.java:10:1:10:36 | //lgtm  [java/confusing-method-name] | lgtm  [java/confusing-method-name] | lgtm  [java/confusing-method-name] | Test.java:11:0:11:0 | suppression range |
 | Test.java:11:1:11:10 | /* lgtm */ | lgtm | lgtm | Test.java:11:1:11:10 | suppression range |
+| Test.java:11:1:11:10 | /* lgtm */ | lgtm | lgtm | Test.java:12:0:12:0 | suppression range |
 | Test.java:12:1:12:9 | // lgtm[] |  lgtm[] | lgtm[] | Test.java:12:1:12:9 | suppression range |
+| Test.java:12:1:12:9 | // lgtm[] |  lgtm[] | lgtm[] | Test.java:13:0:13:0 | suppression range |
 | Test.java:14:1:14:6 | //lgtm | lgtm | lgtm | Test.java:14:1:14:6 | suppression range |
+| Test.java:14:1:14:6 | //lgtm | lgtm | lgtm | Test.java:15:0:15:0 | suppression range |
 | Test.java:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | Test.java:15:1:15:7 | suppression range |
+| Test.java:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | Test.java:16:0:16:0 | suppression range |
 | Test.java:16:1:16:36 | // lgtm\t[java/confusing-method-name] |  lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | Test.java:16:1:16:36 | suppression range |
+| Test.java:16:1:16:36 | // lgtm\t[java/confusing-method-name] |  lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | Test.java:17:0:17:0 | suppression range |
 | Test.java:19:1:19:12 | // foo; lgtm |  foo; lgtm | lgtm | Test.java:19:1:19:12 | suppression range |
+| Test.java:19:1:19:12 | // foo; lgtm |  foo; lgtm | lgtm | Test.java:20:0:20:0 | suppression range |
 | Test.java:20:1:20:40 | // foo; lgtm[java/confusing-method-name] |  foo; lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:20:1:20:40 | suppression range |
+| Test.java:20:1:20:40 | // foo; lgtm[java/confusing-method-name] |  foo; lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:21:0:21:0 | suppression range |
 | Test.java:22:1:22:39 | // foo lgtm[java/confusing-method-name] |  foo lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:22:1:22:39 | suppression range |
+| Test.java:22:1:22:39 | // foo lgtm[java/confusing-method-name] |  foo lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:23:0:23:0 | suppression range |
 | Test.java:24:1:24:43 | // foo lgtm[java/confusing-method-name] bar |  foo lgtm[java/confusing-method-name] bar | lgtm[java/confusing-method-name] | Test.java:24:1:24:43 | suppression range |
+| Test.java:24:1:24:43 | // foo lgtm[java/confusing-method-name] bar |  foo lgtm[java/confusing-method-name] bar | lgtm[java/confusing-method-name] | Test.java:25:0:25:0 | suppression range |
 | Test.java:25:1:25:8 | // LGTM! |  LGTM! | LGTM | Test.java:25:1:25:8 | suppression range |
+| Test.java:25:1:25:8 | // LGTM! |  LGTM! | LGTM | Test.java:26:0:26:0 | suppression range |
 | Test.java:26:1:26:35 | // LGTM[java/confusing-method-name] |  LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | Test.java:26:1:26:35 | suppression range |
+| Test.java:26:1:26:35 | // LGTM[java/confusing-method-name] |  LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | Test.java:27:0:27:0 | suppression range |
 | Test.java:27:1:27:78 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] | Test.java:27:1:27:78 | suppression range |
+| Test.java:27:1:27:78 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] | Test.java:28:0:28:0 | suppression range |
 | Test.java:27:1:27:78 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/non-short-circuit-evaluation] | Test.java:27:1:27:78 | suppression range |
+| Test.java:27:1:27:78 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/non-short-circuit-evaluation] | Test.java:28:0:28:0 | suppression range |
 | Test.java:28:1:28:40 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm | Test.java:28:1:28:40 | suppression range |
+| Test.java:28:1:28:40 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm | Test.java:29:0:29:0 | suppression range |
 | Test.java:28:1:28:40 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name] | Test.java:28:1:28:40 | suppression range |
+| Test.java:28:1:28:40 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name] | Test.java:29:0:29:0 | suppression range |
 | Test.java:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | Test.java:29:1:29:12 | suppression range |
+| Test.java:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | Test.java:30:0:30:0 | suppression range |
 | Test.java:30:1:30:38 | /* lgtm[java/confusing-method-name] */ | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:30:1:30:38 | suppression range |
+| Test.java:30:1:30:38 | /* lgtm[java/confusing-method-name] */ | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:31:0:31:0 | suppression range |
 | Test.java:36:1:36:52 | /* lgtm[@tag:nullness,java/confusing-method-name] */ | lgtm[@tag:nullness,java/confusing-method-name] | lgtm[@tag:nullness,java/confusing-method-name] | Test.java:36:1:36:52 | suppression range |
+| Test.java:36:1:36:52 | /* lgtm[@tag:nullness,java/confusing-method-name] */ | lgtm[@tag:nullness,java/confusing-method-name] | lgtm[@tag:nullness,java/confusing-method-name] | Test.java:37:0:37:0 | suppression range |
 | Test.java:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | Test.java:37:1:37:25 | suppression range |
+| Test.java:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | Test.java:38:0:38:0 | suppression range |
+| Test.java:39:1:39:32 | // codeql[js/debugger-statement] |  codeql[js/debugger-statement] | lgtm[js/debugger-statement] | Test.java:40:0:40:0 | suppression range |
+| Test.java:40:1:40:32 | // CODEQL[js/debugger-statement] |  CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | Test.java:41:0:41:0 | suppression range |
+| Test.java:41:1:41:69 | // codeql[js/debugger-statement] -- because I know better than codeql |  codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | Test.java:42:0:42:0 | suppression range |
+| Test.java:42:1:42:35 | /* codeql[js/debugger-statement] */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | Test.java:43:0:43:0 | suppression range |
 | TestWindows.java:1:22:1:29 | // lgtm |  lgtm | lgtm | TestWindows.java:1:1:1:29 | suppression range |
 | TestWindows.java:2:1:2:36 | // lgtm[java/confusing-method-name] |  lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:2:1:2:36 | suppression range |
+| TestWindows.java:2:1:2:36 | // lgtm[java/confusing-method-name] |  lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:3:0:3:0 | suppression range |
 | TestWindows.java:3:1:3:71 | // lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] |  lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | TestWindows.java:3:1:3:71 | suppression range |
+| TestWindows.java:3:1:3:71 | // lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] |  lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | TestWindows.java:4:0:4:0 | suppression range |
 | TestWindows.java:4:1:4:25 | // lgtm[@tag:exceptions] |  lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | TestWindows.java:4:1:4:25 | suppression range |
+| TestWindows.java:4:1:4:25 | // lgtm[@tag:exceptions] |  lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | TestWindows.java:5:0:5:0 | suppression range |
 | TestWindows.java:5:1:5:52 | // lgtm[@tag:exceptions,java/confusing-method-name] |  lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | TestWindows.java:5:1:5:52 | suppression range |
+| TestWindows.java:5:1:5:52 | // lgtm[@tag:exceptions,java/confusing-method-name] |  lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | TestWindows.java:6:0:6:0 | suppression range |
 | TestWindows.java:6:1:6:29 | // lgtm[@expires:2017-06-11] |  lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | TestWindows.java:6:1:6:29 | suppression range |
+| TestWindows.java:6:1:6:29 | // lgtm[@expires:2017-06-11] |  lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | TestWindows.java:7:0:7:0 | suppression range |
 | TestWindows.java:7:1:7:82 | // lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm |  lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] | TestWindows.java:7:1:7:82 | suppression range |
+| TestWindows.java:7:1:7:82 | // lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm |  lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] | TestWindows.java:8:0:8:0 | suppression range |
 | TestWindows.java:8:1:8:19 | // lgtm: blah blah |  lgtm: blah blah | lgtm | TestWindows.java:8:1:8:19 | suppression range |
+| TestWindows.java:8:1:8:19 | // lgtm: blah blah |  lgtm: blah blah | lgtm | TestWindows.java:9:0:9:0 | suppression range |
 | TestWindows.java:9:1:9:33 | // lgtm blah blah #falsepositive |  lgtm blah blah #falsepositive | lgtm | TestWindows.java:9:1:9:33 | suppression range |
+| TestWindows.java:9:1:9:33 | // lgtm blah blah #falsepositive |  lgtm blah blah #falsepositive | lgtm | TestWindows.java:10:0:10:0 | suppression range |
 | TestWindows.java:10:1:10:37 | //lgtm  [java/confusing-method-name] | lgtm  [java/confusing-method-name] | lgtm  [java/confusing-method-name] | TestWindows.java:10:1:10:37 | suppression range |
+| TestWindows.java:10:1:10:37 | //lgtm  [java/confusing-method-name] | lgtm  [java/confusing-method-name] | lgtm  [java/confusing-method-name] | TestWindows.java:11:0:11:0 | suppression range |
 | TestWindows.java:11:1:11:10 | /* lgtm */ | lgtm | lgtm | TestWindows.java:11:1:11:10 | suppression range |
+| TestWindows.java:11:1:11:10 | /* lgtm */ | lgtm | lgtm | TestWindows.java:12:0:12:0 | suppression range |
 | TestWindows.java:12:1:12:10 | // lgtm[] |  lgtm[] | lgtm[] | TestWindows.java:12:1:12:10 | suppression range |
+| TestWindows.java:12:1:12:10 | // lgtm[] |  lgtm[] | lgtm[] | TestWindows.java:13:0:13:0 | suppression range |
 | TestWindows.java:14:1:14:7 | //lgtm | lgtm | lgtm | TestWindows.java:14:1:14:7 | suppression range |
+| TestWindows.java:14:1:14:7 | //lgtm | lgtm | lgtm | TestWindows.java:15:0:15:0 | suppression range |
 | TestWindows.java:15:1:15:8 | //\tlgtm | \tlgtm | lgtm | TestWindows.java:15:1:15:8 | suppression range |
+| TestWindows.java:15:1:15:8 | //\tlgtm | \tlgtm | lgtm | TestWindows.java:16:0:16:0 | suppression range |
 | TestWindows.java:16:1:16:37 | // lgtm\t[java/confusing-method-name] |  lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | TestWindows.java:16:1:16:37 | suppression range |
+| TestWindows.java:16:1:16:37 | // lgtm\t[java/confusing-method-name] |  lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | TestWindows.java:17:0:17:0 | suppression range |
 | TestWindows.java:19:1:19:13 | // foo; lgtm |  foo; lgtm | lgtm | TestWindows.java:19:1:19:13 | suppression range |
+| TestWindows.java:19:1:19:13 | // foo; lgtm |  foo; lgtm | lgtm | TestWindows.java:20:0:20:0 | suppression range |
 | TestWindows.java:20:1:20:41 | // foo; lgtm[java/confusing-method-name] |  foo; lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:20:1:20:41 | suppression range |
+| TestWindows.java:20:1:20:41 | // foo; lgtm[java/confusing-method-name] |  foo; lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:21:0:21:0 | suppression range |
 | TestWindows.java:22:1:22:40 | // foo lgtm[java/confusing-method-name] |  foo lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:22:1:22:40 | suppression range |
+| TestWindows.java:22:1:22:40 | // foo lgtm[java/confusing-method-name] |  foo lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:23:0:23:0 | suppression range |
 | TestWindows.java:24:1:24:44 | // foo lgtm[java/confusing-method-name] bar |  foo lgtm[java/confusing-method-name] bar | lgtm[java/confusing-method-name] | TestWindows.java:24:1:24:44 | suppression range |
+| TestWindows.java:24:1:24:44 | // foo lgtm[java/confusing-method-name] bar |  foo lgtm[java/confusing-method-name] bar | lgtm[java/confusing-method-name] | TestWindows.java:25:0:25:0 | suppression range |
 | TestWindows.java:25:1:25:9 | // LGTM! |  LGTM! | LGTM | TestWindows.java:25:1:25:9 | suppression range |
+| TestWindows.java:25:1:25:9 | // LGTM! |  LGTM! | LGTM | TestWindows.java:26:0:26:0 | suppression range |
 | TestWindows.java:26:1:26:36 | // LGTM[java/confusing-method-name] |  LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | TestWindows.java:26:1:26:36 | suppression range |
+| TestWindows.java:26:1:26:36 | // LGTM[java/confusing-method-name] |  LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | TestWindows.java:27:0:27:0 | suppression range |
 | TestWindows.java:27:1:27:79 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] | TestWindows.java:27:1:27:79 | suppression range |
+| TestWindows.java:27:1:27:79 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] | TestWindows.java:28:0:28:0 | suppression range |
 | TestWindows.java:27:1:27:79 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/non-short-circuit-evaluation] | TestWindows.java:27:1:27:79 | suppression range |
+| TestWindows.java:27:1:27:79 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/non-short-circuit-evaluation] | TestWindows.java:28:0:28:0 | suppression range |
 | TestWindows.java:28:1:28:41 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm | TestWindows.java:28:1:28:41 | suppression range |
+| TestWindows.java:28:1:28:41 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm | TestWindows.java:29:0:29:0 | suppression range |
 | TestWindows.java:28:1:28:41 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name] | TestWindows.java:28:1:28:41 | suppression range |
+| TestWindows.java:28:1:28:41 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name] | TestWindows.java:29:0:29:0 | suppression range |
 | TestWindows.java:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | TestWindows.java:29:1:29:12 | suppression range |
+| TestWindows.java:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | TestWindows.java:30:0:30:0 | suppression range |
 | TestWindows.java:30:1:30:38 | /* lgtm[java/confusing-method-name] */ | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:30:1:30:38 | suppression range |
+| TestWindows.java:30:1:30:38 | /* lgtm[java/confusing-method-name] */ | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:31:0:31:0 | suppression range |
 | TestWindows.java:36:1:36:52 | /* lgtm[@tag:nullness,java/confusing-method-name] */ | lgtm[@tag:nullness,java/confusing-method-name] | lgtm[@tag:nullness,java/confusing-method-name] | TestWindows.java:36:1:36:52 | suppression range |
+| TestWindows.java:36:1:36:52 | /* lgtm[@tag:nullness,java/confusing-method-name] */ | lgtm[@tag:nullness,java/confusing-method-name] | lgtm[@tag:nullness,java/confusing-method-name] | TestWindows.java:37:0:37:0 | suppression range |
 | TestWindows.java:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | TestWindows.java:37:1:37:25 | suppression range |
+| TestWindows.java:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | TestWindows.java:38:0:38:0 | suppression range |
+| TestWindows.java:39:1:39:33 | // codeql[js/debugger-statement] |  codeql[js/debugger-statement] | lgtm[js/debugger-statement] | TestWindows.java:40:0:40:0 | suppression range |
+| TestWindows.java:40:1:40:33 | // CODEQL[js/debugger-statement] |  CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | TestWindows.java:41:0:41:0 | suppression range |
+| TestWindows.java:41:1:41:70 | // codeql[js/debugger-statement] -- because I know better than codeql |  codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | TestWindows.java:42:0:42:0 | suppression range |
+| TestWindows.java:42:1:42:35 | /* codeql[js/debugger-statement] */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | TestWindows.java:43:0:43:0 | suppression range |

java/ql/test/query-tests/AlertSuppression/AlertSuppressionAnnotations.expected

@@ -1,6 +1,11 @@
-| TestSuppressWarnings.java:2:1:2:49 | SuppressWarnings | lgtm[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:2:1:21:5 | suppression range |
+| TestSuppressWarnings.java:2:1:2:49 | SuppressWarnings | lgtm[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:2:1:38:5 | suppression range |
 | TestSuppressWarnings.java:5:5:5:31 | SuppressWarnings | lgtm[] | lgtm[] | TestSuppressWarnings.java:5:5:8:5 | suppression range |
 | TestSuppressWarnings.java:10:5:10:104 | SuppressWarnings | lgtm[java/confusing-method-name] not confusing | lgtm[java/confusing-method-name] | TestSuppressWarnings.java:9:5:13:5 | suppression range |
 | TestSuppressWarnings.java:10:5:10:104 | SuppressWarnings | lgtm[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:9:5:13:5 | suppression range |
 | TestSuppressWarnings.java:18:5:18:98 | SuppressWarnings | lgtm[java/confusing-method-name] blah blah lgtm[java/non-sync-override] | lgtm[java/confusing-method-name] | TestSuppressWarnings.java:18:5:21:5 | suppression range |
 | TestSuppressWarnings.java:18:5:18:98 | SuppressWarnings | lgtm[java/confusing-method-name] blah blah lgtm[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:18:5:21:5 | suppression range |
+| TestSuppressWarnings.java:22:5:22:33 | SuppressWarnings | codeql[] | lgtm[] | TestSuppressWarnings.java:22:5:25:5 | suppression range |
+| TestSuppressWarnings.java:27:5:27:108 | SuppressWarnings | codeql[java/confusing-method-name] not confusing | lgtm[java/confusing-method-name] | TestSuppressWarnings.java:26:5:30:5 | suppression range |
+| TestSuppressWarnings.java:27:5:27:108 | SuppressWarnings | codeql[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:26:5:30:5 | suppression range |
+| TestSuppressWarnings.java:35:5:35:102 | SuppressWarnings | codeql[java/confusing-method-name] blah blah codeql[java/non-sync-override] | lgtm[java/confusing-method-name] | TestSuppressWarnings.java:35:5:38:5 | suppression range |
+| TestSuppressWarnings.java:35:5:35:102 | SuppressWarnings | codeql[java/confusing-method-name] blah blah codeql[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:35:5:38:5 | suppression range |

java/ql/test/query-tests/AlertSuppression/Test.java

@@ -36,3 +36,11 @@ class Test {} // lgtm
 /* lgtm[@tag:nullness,java/confusing-method-name] */
 /* lgtm[@tag:nullness] */
 /** lgtm[] */
+// codeql[js/debugger-statement]
+// CODEQL[js/debugger-statement]
+// codeql[js/debugger-statement] -- because I know better than codeql
+/* codeql[js/debugger-statement] */
+/* codeql[js/debugger-statement] 
+*/
+class Foo {} // codeql[js/debugger-statement]
+

java/ql/test/query-tests/AlertSuppression/TestSuppressWarnings.java

@@ -4,19 +4,36 @@
 class TestSuppressWarnings {
     @SuppressWarnings("lgtm[]")
     public void test() {
-        
+
     }
     @Deprecated
     @SuppressWarnings({"lgtm[java/confusing-method-name] not confusing","lgtm[java/non-sync-override]"})
     public void test2() {
-        
+
     }
     @SuppressWarnings("lgtm")
     public void test3() {
-        
+
     }
     @SuppressWarnings({"lgtm[java/confusing-method-name] blah blah lgtm[java/non-sync-override]"})
     public void test4() {
-        
+
+    }
+    @SuppressWarnings("codeql[]")
+    public void test5() {
+
+    }
+    @Deprecated
+    @SuppressWarnings({"codeql[java/confusing-method-name] not confusing","codeql[java/non-sync-override]"})
+    public void test6() {
+
+    }
+    @SuppressWarnings("lgtm")
+    public void test7() {
+
+    }
+    @SuppressWarnings({"codeql[java/confusing-method-name] blah blah codeql[java/non-sync-override]"})
+    public void test8() {
+
     }
 }

java/ql/test/query-tests/AlertSuppression/TestWindows.java

@@ -36,3 +36,11 @@ class TestWindows {} // lgtm
 /* lgtm[@tag:nullness,java/confusing-method-name] */
 /* lgtm[@tag:nullness] */
 /** lgtm[] */
+// codeql[js/debugger-statement]
+// CODEQL[js/debugger-statement]
+// codeql[js/debugger-statement] -- because I know better than codeql
+/* codeql[js/debugger-statement] */
+/* codeql[js/debugger-statement] 
+*/
+class Foo2 {} // codeql[js/debugger-statement]
+

javascript/ql/src/AlertSuppression.ql

@@ -5,10 +5,20 @@
  * @id js/alert-suppression
  */
 
-private import codeql.suppression.AlertSuppression as AS
+private import codeql.util.suppression.AlertSuppression as AS
 private import javascript as JS
 
-class SingleLineComment extends JS::Locatable {
+class AstNode extends JS::Locatable {
+  AstNode() { not this.(JS::HTML::TextNode).getText().regexpMatch("\\s*") }
+
+  predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
+}
+
+class SingleLineComment extends AstNode {
   private string text;
 
   SingleLineComment() {
@@ -20,13 +30,7 @@ class SingleLineComment extends JS::Locatable {
     not text.matches("%\n%")
   }
 
-  predicate hasLocationInfo(
-    string filepath, int startline, int startcolumn, int endline, int endcolumn
-  ) {
-    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
-  }
-
   string getText() { result = text }
 }
 
-import AS::Make<SingleLineComment>
+import AS::Make<AstNode, SingleLineComment>

javascript/ql/src/change-notes/2022-12-19-alert-suppressions.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.

javascript/ql/test/query-tests/AlertSuppression/AlertSuppression.expected

@@ -1,60 +1,126 @@
-| tst.html:5:30:5:42 | <!-- lgtm --> |  lgtm  | lgtm | tst.html:5:1:5:42 | suppression range |
+| tst.html:4:5:4:36 | <!-- codeql[js/duplicate-id] --> |  codeql[js/duplicate-id]  | lgtm[js/duplicate-id] | tst.html:5:0:5:0 | suppression range |
+| tst.html:6:30:6:42 | <!-- lgtm --> |  lgtm  | lgtm | tst.html:6:1:6:42 | suppression range |
 | tst.js:1:11:1:17 | // lgtm |  lgtm | lgtm | tst.js:1:1:1:17 | suppression range |
 | tst.js:2:1:2:30 | // lgtm ... tement] |  lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.js:2:1:2:30 | suppression range |
+| tst.js:2:1:2:30 | // lgtm ... tement] |  lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.js:3:0:3:0 | suppression range |
 | tst.js:3:1:3:61 | // lgtm ... nction] |  lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tst.js:3:1:3:61 | suppression range |
+| tst.js:3:1:3:61 | // lgtm ... nction] |  lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tst.js:4:0:4:0 | suppression range |
 | tst.js:4:1:4:22 | // lgtm ... llness] |  lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.js:4:1:4:22 | suppression range |
+| tst.js:4:1:4:22 | // lgtm ... llness] |  lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.js:5:0:5:0 | suppression range |
 | tst.js:5:1:5:44 | // lgtm ... tement] |  lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tst.js:5:1:5:44 | suppression range |
+| tst.js:5:1:5:44 | // lgtm ... tement] |  lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tst.js:6:0:6:0 | suppression range |
 | tst.js:6:1:6:28 | // lgtm ... -06-11] |  lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tst.js:6:1:6:28 | suppression range |
+| tst.js:6:1:6:28 | // lgtm ... -06-11] |  lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tst.js:7:0:7:0 | suppression range |
 | tst.js:7:1:7:70 | // lgtm ... an lgtm |  lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tst.js:7:1:7:70 | suppression range |
+| tst.js:7:1:7:70 | // lgtm ... an lgtm |  lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tst.js:8:0:8:0 | suppression range |
 | tst.js:8:1:8:18 | // lgtm: blah blah |  lgtm: blah blah | lgtm | tst.js:8:1:8:18 | suppression range |
+| tst.js:8:1:8:18 | // lgtm: blah blah |  lgtm: blah blah | lgtm | tst.js:9:0:9:0 | suppression range |
 | tst.js:9:1:9:32 | // lgtm ... ositive |  lgtm blah blah #falsepositive | lgtm | tst.js:9:1:9:32 | suppression range |
+| tst.js:9:1:9:32 | // lgtm ... ositive |  lgtm blah blah #falsepositive | lgtm | tst.js:10:0:10:0 | suppression range |
 | tst.js:10:1:10:39 | //lgtm  ... nction] | lgtm  [js/invocation-of-non-function] | lgtm  [js/invocation-of-non-function] | tst.js:10:1:10:39 | suppression range |
+| tst.js:10:1:10:39 | //lgtm  ... nction] | lgtm  [js/invocation-of-non-function] | lgtm  [js/invocation-of-non-function] | tst.js:11:0:11:0 | suppression range |
 | tst.js:11:1:11:10 | /* lgtm */ |  lgtm  | lgtm | tst.js:11:1:11:10 | suppression range |
+| tst.js:11:1:11:10 | /* lgtm */ |  lgtm  | lgtm | tst.js:12:0:12:0 | suppression range |
 | tst.js:12:1:12:9 | // lgtm[] |  lgtm[] | lgtm[] | tst.js:12:1:12:9 | suppression range |
+| tst.js:12:1:12:9 | // lgtm[] |  lgtm[] | lgtm[] | tst.js:13:0:13:0 | suppression range |
 | tst.js:14:1:14:6 | //lgtm | lgtm | lgtm | tst.js:14:1:14:6 | suppression range |
+| tst.js:14:1:14:6 | //lgtm | lgtm | lgtm | tst.js:15:0:15:0 | suppression range |
 | tst.js:15:1:15:7 | //\\tlgtm | \tlgtm | lgtm | tst.js:15:1:15:7 | suppression range |
+| tst.js:15:1:15:7 | //\\tlgtm | \tlgtm | lgtm | tst.js:16:0:16:0 | suppression range |
 | tst.js:16:1:16:31 | // lgtm ... tement] |  lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tst.js:16:1:16:31 | suppression range |
+| tst.js:16:1:16:31 | // lgtm ... tement] |  lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tst.js:17:0:17:0 | suppression range |
 | tst.js:19:1:19:12 | // foo; lgtm |  foo; lgtm | lgtm | tst.js:19:1:19:12 | suppression range |
+| tst.js:19:1:19:12 | // foo; lgtm |  foo; lgtm | lgtm | tst.js:20:0:20:0 | suppression range |
 | tst.js:20:1:20:35 | // foo; ... tement] |  foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.js:20:1:20:35 | suppression range |
+| tst.js:20:1:20:35 | // foo; ... tement] |  foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.js:21:0:21:0 | suppression range |
 | tst.js:22:1:22:34 | // foo  ... tement] |  foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.js:22:1:22:34 | suppression range |
+| tst.js:22:1:22:34 | // foo  ... tement] |  foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.js:23:0:23:0 | suppression range |
 | tst.js:24:1:24:38 | // foo  ... nt] bar |  foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tst.js:24:1:24:38 | suppression range |
+| tst.js:24:1:24:38 | // foo  ... nt] bar |  foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tst.js:25:0:25:0 | suppression range |
 | tst.js:25:1:25:8 | // LGTM! |  LGTM! | LGTM | tst.js:25:1:25:8 | suppression range |
+| tst.js:25:1:25:8 | // LGTM! |  LGTM! | LGTM | tst.js:26:0:26:0 | suppression range |
 | tst.js:26:1:26:30 | // LGTM ... tement] |  LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tst.js:26:1:26:30 | suppression range |
+| tst.js:26:1:26:30 | // LGTM ... tement] |  LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tst.js:27:0:27:0 | suppression range |
 | tst.js:27:1:27:70 | // lgtm ... nction] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tst.js:27:1:27:70 | suppression range |
+| tst.js:27:1:27:70 | // lgtm ... nction] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tst.js:28:0:28:0 | suppression range |
 | tst.js:27:1:27:70 | // lgtm ... nction] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.js:27:1:27:70 | suppression range |
+| tst.js:27:1:27:70 | // lgtm ... nction] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.js:28:0:28:0 | suppression range |
 | tst.js:28:1:28:36 | // lgtm ... ]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm | tst.js:28:1:28:36 | suppression range |
+| tst.js:28:1:28:36 | // lgtm ... ]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm | tst.js:29:0:29:0 | suppression range |
 | tst.js:28:1:28:36 | // lgtm ... ]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tst.js:28:1:28:36 | suppression range |
+| tst.js:28:1:28:36 | // lgtm ... ]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tst.js:29:0:29:0 | suppression range |
 | tst.js:29:1:29:12 | /* lgtm[] */ |  lgtm[]  | lgtm[] | tst.js:29:1:29:12 | suppression range |
+| tst.js:29:1:29:12 | /* lgtm[] */ |  lgtm[]  | lgtm[] | tst.js:30:0:30:0 | suppression range |
 | tst.js:30:1:30:41 | /* lgtm ... ion] */ |  lgtm[js/invocation-of-non-function]  | lgtm[js/invocation-of-non-function] | tst.js:30:1:30:41 | suppression range |
+| tst.js:30:1:30:41 | /* lgtm ... ion] */ |  lgtm[js/invocation-of-non-function]  | lgtm[js/invocation-of-non-function] | tst.js:31:0:31:0 | suppression range |
 | tst.js:36:1:36:55 | /* lgtm ... ion] */ |  lgtm[@tag:nullness,js/invocation-of-non-function]  | lgtm[@tag:nullness,js/invocation-of-non-function] | tst.js:36:1:36:55 | suppression range |
+| tst.js:36:1:36:55 | /* lgtm ... ion] */ |  lgtm[@tag:nullness,js/invocation-of-non-function]  | lgtm[@tag:nullness,js/invocation-of-non-function] | tst.js:37:0:37:0 | suppression range |
 | tst.js:37:1:37:25 | /* lgtm ... ess] */ |  lgtm[@tag:nullness]  | lgtm[@tag:nullness] | tst.js:37:1:37:25 | suppression range |
-| tstWindows.html:5:30:5:42 | <!-- lgtm --> |  lgtm  | lgtm | tstWindows.html:5:1:5:42 | suppression range |
+| tst.js:37:1:37:25 | /* lgtm ... ess] */ |  lgtm[@tag:nullness]  | lgtm[@tag:nullness] | tst.js:38:0:38:0 | suppression range |
+| tst.js:38:1:38:32 | // code ... tement] |  codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tst.js:39:0:39:0 | suppression range |
+| tst.js:39:1:39:32 | // CODE ... tement] |  CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tst.js:40:0:40:0 | suppression range |
+| tst.js:40:1:40:69 | // code ...  codeql |  codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tst.js:41:0:41:0 | suppression range |
+| tst.js:41:1:41:35 | /* code ... ent] */ |  codeql[js/debugger-statement]  | lgtm[js/debugger-statement] | tst.js:42:0:42:0 | suppression range |
+| tstWindows.html:4:5:4:36 | <!-- codeql[js/duplicate-id] --> |  codeql[js/duplicate-id]  | lgtm[js/duplicate-id] | tstWindows.html:5:0:5:0 | suppression range |
+| tstWindows.html:6:30:6:42 | <!-- lgtm --> |  lgtm  | lgtm | tstWindows.html:6:1:6:42 | suppression range |
 | tstWindows.js:1:11:1:17 | // lgtm |  lgtm | lgtm | tstWindows.js:1:1:1:17 | suppression range |
 | tstWindows.js:2:1:2:30 | // lgtm ... tement] |  lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.js:2:1:2:30 | suppression range |
+| tstWindows.js:2:1:2:30 | // lgtm ... tement] |  lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.js:3:0:3:0 | suppression range |
 | tstWindows.js:3:1:3:61 | // lgtm ... nction] |  lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tstWindows.js:3:1:3:61 | suppression range |
+| tstWindows.js:3:1:3:61 | // lgtm ... nction] |  lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tstWindows.js:4:0:4:0 | suppression range |
 | tstWindows.js:4:1:4:22 | // lgtm ... llness] |  lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.js:4:1:4:22 | suppression range |
+| tstWindows.js:4:1:4:22 | // lgtm ... llness] |  lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.js:5:0:5:0 | suppression range |
 | tstWindows.js:5:1:5:44 | // lgtm ... tement] |  lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tstWindows.js:5:1:5:44 | suppression range |
+| tstWindows.js:5:1:5:44 | // lgtm ... tement] |  lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tstWindows.js:6:0:6:0 | suppression range |
 | tstWindows.js:6:1:6:28 | // lgtm ... -06-11] |  lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tstWindows.js:6:1:6:28 | suppression range |
+| tstWindows.js:6:1:6:28 | // lgtm ... -06-11] |  lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tstWindows.js:7:0:7:0 | suppression range |
 | tstWindows.js:7:1:7:70 | // lgtm ... an lgtm |  lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tstWindows.js:7:1:7:70 | suppression range |
+| tstWindows.js:7:1:7:70 | // lgtm ... an lgtm |  lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tstWindows.js:8:0:8:0 | suppression range |
 | tstWindows.js:8:1:8:18 | // lgtm: blah blah |  lgtm: blah blah | lgtm | tstWindows.js:8:1:8:18 | suppression range |
+| tstWindows.js:8:1:8:18 | // lgtm: blah blah |  lgtm: blah blah | lgtm | tstWindows.js:9:0:9:0 | suppression range |
 | tstWindows.js:9:1:9:32 | // lgtm ... ositive |  lgtm blah blah #falsepositive | lgtm | tstWindows.js:9:1:9:32 | suppression range |
+| tstWindows.js:9:1:9:32 | // lgtm ... ositive |  lgtm blah blah #falsepositive | lgtm | tstWindows.js:10:0:10:0 | suppression range |
 | tstWindows.js:10:1:10:39 | //lgtm  ... nction] | lgtm  [js/invocation-of-non-function] | lgtm  [js/invocation-of-non-function] | tstWindows.js:10:1:10:39 | suppression range |
+| tstWindows.js:10:1:10:39 | //lgtm  ... nction] | lgtm  [js/invocation-of-non-function] | lgtm  [js/invocation-of-non-function] | tstWindows.js:11:0:11:0 | suppression range |
 | tstWindows.js:11:1:11:10 | /* lgtm */ |  lgtm  | lgtm | tstWindows.js:11:1:11:10 | suppression range |
+| tstWindows.js:11:1:11:10 | /* lgtm */ |  lgtm  | lgtm | tstWindows.js:12:0:12:0 | suppression range |
 | tstWindows.js:12:1:12:9 | // lgtm[] |  lgtm[] | lgtm[] | tstWindows.js:12:1:12:9 | suppression range |
+| tstWindows.js:12:1:12:9 | // lgtm[] |  lgtm[] | lgtm[] | tstWindows.js:13:0:13:0 | suppression range |
 | tstWindows.js:14:1:14:6 | //lgtm | lgtm | lgtm | tstWindows.js:14:1:14:6 | suppression range |
+| tstWindows.js:14:1:14:6 | //lgtm | lgtm | lgtm | tstWindows.js:15:0:15:0 | suppression range |
 | tstWindows.js:15:1:15:7 | //\\tlgtm | \tlgtm | lgtm | tstWindows.js:15:1:15:7 | suppression range |
+| tstWindows.js:15:1:15:7 | //\\tlgtm | \tlgtm | lgtm | tstWindows.js:16:0:16:0 | suppression range |
 | tstWindows.js:16:1:16:31 | // lgtm ... tement] |  lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tstWindows.js:16:1:16:31 | suppression range |
+| tstWindows.js:16:1:16:31 | // lgtm ... tement] |  lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tstWindows.js:17:0:17:0 | suppression range |
 | tstWindows.js:19:1:19:12 | // foo; lgtm |  foo; lgtm | lgtm | tstWindows.js:19:1:19:12 | suppression range |
+| tstWindows.js:19:1:19:12 | // foo; lgtm |  foo; lgtm | lgtm | tstWindows.js:20:0:20:0 | suppression range |
 | tstWindows.js:20:1:20:35 | // foo; ... tement] |  foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.js:20:1:20:35 | suppression range |
+| tstWindows.js:20:1:20:35 | // foo; ... tement] |  foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.js:21:0:21:0 | suppression range |
 | tstWindows.js:22:1:22:34 | // foo  ... tement] |  foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.js:22:1:22:34 | suppression range |
+| tstWindows.js:22:1:22:34 | // foo  ... tement] |  foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.js:23:0:23:0 | suppression range |
 | tstWindows.js:24:1:24:38 | // foo  ... nt] bar |  foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tstWindows.js:24:1:24:38 | suppression range |
+| tstWindows.js:24:1:24:38 | // foo  ... nt] bar |  foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tstWindows.js:25:0:25:0 | suppression range |
 | tstWindows.js:25:1:25:8 | // LGTM! |  LGTM! | LGTM | tstWindows.js:25:1:25:8 | suppression range |
+| tstWindows.js:25:1:25:8 | // LGTM! |  LGTM! | LGTM | tstWindows.js:26:0:26:0 | suppression range |
 | tstWindows.js:26:1:26:30 | // LGTM ... tement] |  LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tstWindows.js:26:1:26:30 | suppression range |
+| tstWindows.js:26:1:26:30 | // LGTM ... tement] |  LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tstWindows.js:27:0:27:0 | suppression range |
 | tstWindows.js:27:1:27:70 | // lgtm ... nction] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tstWindows.js:27:1:27:70 | suppression range |
+| tstWindows.js:27:1:27:70 | // lgtm ... nction] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tstWindows.js:28:0:28:0 | suppression range |
 | tstWindows.js:27:1:27:70 | // lgtm ... nction] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.js:27:1:27:70 | suppression range |
+| tstWindows.js:27:1:27:70 | // lgtm ... nction] |  lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.js:28:0:28:0 | suppression range |
 | tstWindows.js:28:1:28:36 | // lgtm ... ]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm | tstWindows.js:28:1:28:36 | suppression range |
+| tstWindows.js:28:1:28:36 | // lgtm ... ]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm | tstWindows.js:29:0:29:0 | suppression range |
 | tstWindows.js:28:1:28:36 | // lgtm ... ]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tstWindows.js:28:1:28:36 | suppression range |
+| tstWindows.js:28:1:28:36 | // lgtm ... ]; lgtm |  lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tstWindows.js:29:0:29:0 | suppression range |
 | tstWindows.js:29:1:29:12 | /* lgtm[] */ |  lgtm[]  | lgtm[] | tstWindows.js:29:1:29:12 | suppression range |
+| tstWindows.js:29:1:29:12 | /* lgtm[] */ |  lgtm[]  | lgtm[] | tstWindows.js:30:0:30:0 | suppression range |
 | tstWindows.js:30:1:30:41 | /* lgtm ... ion] */ |  lgtm[js/invocation-of-non-function]  | lgtm[js/invocation-of-non-function] | tstWindows.js:30:1:30:41 | suppression range |
+| tstWindows.js:30:1:30:41 | /* lgtm ... ion] */ |  lgtm[js/invocation-of-non-function]  | lgtm[js/invocation-of-non-function] | tstWindows.js:31:0:31:0 | suppression range |
 | tstWindows.js:36:1:36:55 | /* lgtm ... ion] */ |  lgtm[@tag:nullness,js/invocation-of-non-function]  | lgtm[@tag:nullness,js/invocation-of-non-function] | tstWindows.js:36:1:36:55 | suppression range |
+| tstWindows.js:36:1:36:55 | /* lgtm ... ion] */ |  lgtm[@tag:nullness,js/invocation-of-non-function]  | lgtm[@tag:nullness,js/invocation-of-non-function] | tstWindows.js:37:0:37:0 | suppression range |
 | tstWindows.js:37:1:37:25 | /* lgtm ... ess] */ |  lgtm[@tag:nullness]  | lgtm[@tag:nullness] | tstWindows.js:37:1:37:25 | suppression range |
+| tstWindows.js:37:1:37:25 | /* lgtm ... ess] */ |  lgtm[@tag:nullness]  | lgtm[@tag:nullness] | tstWindows.js:38:0:38:0 | suppression range |
+| tstWindows.js:38:1:38:32 | // code ... tement] |  codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.js:39:0:39:0 | suppression range |
+| tstWindows.js:39:1:39:32 | // CODE ... tement] |  CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.js:40:0:40:0 | suppression range |
+| tstWindows.js:40:1:40:69 | // code ...  codeql |  codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tstWindows.js:41:0:41:0 | suppression range |
+| tstWindows.js:41:1:41:35 | /* code ... ent] */ |  codeql[js/debugger-statement]  | lgtm[js/debugger-statement] | tstWindows.js:42:0:42:0 | suppression range |

javascript/ql/test/query-tests/AlertSuppression/tst.html

@@ -1,6 +1,7 @@
 <html>
   <head><title>Title</title></title>
   <body>
+    <!-- codeql[js/duplicate-id] -->
     <div id="duplicate-id"/>
     <div id="duplicate-id"/> <!-- lgtm -->
   </body>

javascript/ql/test/query-tests/AlertSuppression/tst.js

@@ -35,3 +35,10 @@ debugger; // lgtm
 */
 /* lgtm[@tag:nullness,js/invocation-of-non-function] */
 /* lgtm[@tag:nullness] */
+// codeql[js/debugger-statement]
+// CODEQL[js/debugger-statement]
+// codeql[js/debugger-statement] -- because I know better than codeql
+/* codeql[js/debugger-statement] */
+/* codeql[js/debugger-statement] 
+*/
+debugger; // codeql[js/debugger-statement]

javascript/ql/test/query-tests/AlertSuppression/tstWindows.html

@@ -1,6 +1,7 @@
 <html>
   <head><title>Title</title></title>
   <body>
+    <!-- codeql[js/duplicate-id] -->  
     <div id="duplicate-id"/>
     <div id="duplicate-id"/> <!-- lgtm -->
   </body>

javascript/ql/test/query-tests/AlertSuppression/tstWindows.js

@@ -35,3 +35,10 @@ debugger; // lgtm
 */
 /* lgtm[@tag:nullness,js/invocation-of-non-function] */
 /* lgtm[@tag:nullness] */
+// codeql[js/debugger-statement]
+// CODEQL[js/debugger-statement]
+// codeql[js/debugger-statement] -- because I know better than codeql
+/* codeql[js/debugger-statement] */
+/* codeql[js/debugger-statement] 
+*/
+debugger; // codeql[js/debugger-statement]

python/ql/src/AlertSuppression.ql

@@ -5,9 +5,19 @@
  * @id py/alert-suppression
  */
 
-private import codeql.suppression.AlertSuppression as AS
+private import codeql.util.suppression.AlertSuppression as AS
 private import semmle.python.Comment as P
 
+class AstNode instanceof P::AstNode {
+  predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    super.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
+
+  string toString() { result = super.toString() }
+}
+
 class SingleLineComment instanceof P::Comment {
   predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
@@ -20,7 +30,7 @@ class SingleLineComment instanceof P::Comment {
   string toString() { result = super.toString() }
 }
 
-import AS::Make<SingleLineComment>
+import AS::Make<AstNode, SingleLineComment>
 
 /**
  * A noqa suppression comment. Both pylint and pyflakes respect this, so lgtm ought to too.

python/ql/src/change-notes/2022-12-19-alert-suppressions.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `analysis/AlertSuppression.ql` query has moved to the root folder. Users that refer to this query by path should update their configurations. The query has been updated to support the new `# codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `# lgtm` and `# lgtm[query-id]` comments can now also be place on the line before an alert.

python/ql/test/query-tests/analysis/suppression/AlertSuppression.expected

@@ -15,8 +15,10 @@
 | test.py:19:4:19:31 | Comment # lgtm    [py/line-too-long] |  lgtm    [py/line-too-long] | lgtm    [py/line-too-long] | test.py:19:1:19:31 | suppression range |
 | test.py:20:4:20:14 | Comment # lgtm lgtm |  lgtm lgtm | lgtm | test.py:20:1:20:14 | suppression range |
 | test.py:23:1:23:41 | Comment #lgtm -- Ignore this -- No line or scope. | lgtm -- Ignore this -- No line or scope. | lgtm | test.py:23:1:23:41 | suppression range |
+| test.py:23:1:23:41 | Comment #lgtm -- Ignore this -- No line or scope. | lgtm -- Ignore this -- No line or scope. | lgtm | test.py:24:0:24:0 | suppression range |
 | test.py:27:12:27:23 | Comment #lgtm [func] | lgtm [func] | lgtm [func] | test.py:27:1:27:23 | suppression range |
 | test.py:28:5:28:70 | Comment # lgtm -- Blank line (ignore for now, maybe scope wide in future). |  lgtm -- Blank line (ignore for now, maybe scope wide in future). | lgtm | test.py:28:1:28:70 | suppression range |
+| test.py:28:5:28:70 | Comment # lgtm -- Blank line (ignore for now, maybe scope wide in future). |  lgtm -- Blank line (ignore for now, maybe scope wide in future). | lgtm | test.py:29:0:29:0 | suppression range |
 | test.py:29:17:29:35 | Comment # lgtm on docstring |  lgtm on docstring | lgtm | test.py:29:1:29:35 | suppression range |
 | test.py:30:16:30:47 | Comment #lgtm [py/duplicate-key-in-dict] | lgtm [py/duplicate-key-in-dict] | lgtm [py/duplicate-key-in-dict] | test.py:30:1:30:47 | suppression range |
 | test.py:35:10:35:21 | Comment # lgtm class |  lgtm class | lgtm | test.py:35:1:35:21 | suppression range |
@@ -25,6 +27,7 @@
 | test.py:40:4:40:9 | Comment # noqa |  noqa | lgtm | test.py:40:1:40:9 | suppression range |
 | test.py:45:4:45:31 | Comment # noqa -- Some extra detail. |  noqa -- Some extra detail. | lgtm | test.py:45:1:45:31 | suppression range |
 | test.py:49:1:49:10 | Comment #LGTM-1929 | LGTM-1929 | LGTM | test.py:49:1:49:10 | suppression range |
+| test.py:49:1:49:10 | Comment #LGTM-1929 | LGTM-1929 | LGTM | test.py:50:0:50:0 | suppression range |
 | test.py:50:34:50:117 | Comment # noqa: E501; (line too long) pylint: disable=invalid-name; lgtm [py/missing-equals] |  noqa: E501; (line too long) pylint: disable=invalid-name; lgtm [py/missing-equals] | lgtm [py/missing-equals] | test.py:50:1:50:117 | suppression range |
 | test.py:52:4:52:67 | Comment # noqa: E501; (line too long) pylint: disable=invalid-name; lgtm |  noqa: E501; (line too long) pylint: disable=invalid-name; lgtm | lgtm | test.py:52:1:52:67 | suppression range |
 | test.py:53:4:53:78 | Comment # random nonsense lgtm [py/missing-equals] and then some more commentary... |  random nonsense lgtm [py/missing-equals] and then some more commentary... | lgtm [py/missing-equals] | test.py:53:1:53:78 | suppression range |
@@ -34,6 +37,9 @@
 | test.py:65:4:65:60 | Comment # lgtm[py/line-too-long] and lgtm[py/non-callable-called] |  lgtm[py/line-too-long] and lgtm[py/non-callable-called] | lgtm[py/non-callable-called] | test.py:65:1:65:60 | suppression range |
 | test.py:66:4:66:33 | Comment # lgtm[py/line-too-long]; lgtm |  lgtm[py/line-too-long]; lgtm | lgtm | test.py:66:1:66:33 | suppression range |
 | test.py:66:4:66:33 | Comment # lgtm[py/line-too-long]; lgtm |  lgtm[py/line-too-long]; lgtm | lgtm[py/line-too-long] | test.py:66:1:66:33 | suppression range |
+| test.py:69:1:69:31 | Comment # codeql[js/debugger-statement] |  codeql[js/debugger-statement] | lgtm[js/debugger-statement] | test.py:70:0:70:0 | suppression range |
+| test.py:71:1:71:30 | Comment #CODEQL[js/debugger-statement] | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | test.py:72:0:72:0 | suppression range |
+| test.py:73:1:73:68 | Comment # codeql[js/debugger-statement] -- because I know better than codeql |  codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | test.py:74:0:74:0 | suppression range |
 | testWindows.py:4:4:4:9 | Comment # lgtm |  lgtm | lgtm | testWindows.py:4:1:4:9 | suppression range |
 | testWindows.py:5:4:5:27 | Comment # lgtm[py/line-too-long] |  lgtm[py/line-too-long] | lgtm[py/line-too-long] | testWindows.py:5:1:5:27 | suppression range |
 | testWindows.py:6:4:6:51 | Comment # lgtm[py/line-too-long, py/non-callable-called] |  lgtm[py/line-too-long, py/non-callable-called] | lgtm[py/line-too-long, py/non-callable-called] | testWindows.py:6:1:6:51 | suppression range |
@@ -51,8 +57,10 @@
 | testWindows.py:19:4:19:31 | Comment # lgtm    [py/line-too-long] |  lgtm    [py/line-too-long] | lgtm    [py/line-too-long] | testWindows.py:19:1:19:31 | suppression range |
 | testWindows.py:20:4:20:14 | Comment # lgtm lgtm |  lgtm lgtm | lgtm | testWindows.py:20:1:20:14 | suppression range |
 | testWindows.py:23:1:23:41 | Comment #lgtm -- Ignore this -- No line or scope. | lgtm -- Ignore this -- No line or scope. | lgtm | testWindows.py:23:1:23:41 | suppression range |
+| testWindows.py:23:1:23:41 | Comment #lgtm -- Ignore this -- No line or scope. | lgtm -- Ignore this -- No line or scope. | lgtm | testWindows.py:24:0:24:0 | suppression range |
 | testWindows.py:27:12:27:23 | Comment #lgtm [func] | lgtm [func] | lgtm [func] | testWindows.py:27:1:27:23 | suppression range |
 | testWindows.py:28:5:28:70 | Comment # lgtm -- Blank line (ignore for now, maybe scope wide in future). |  lgtm -- Blank line (ignore for now, maybe scope wide in future). | lgtm | testWindows.py:28:1:28:70 | suppression range |
+| testWindows.py:28:5:28:70 | Comment # lgtm -- Blank line (ignore for now, maybe scope wide in future). |  lgtm -- Blank line (ignore for now, maybe scope wide in future). | lgtm | testWindows.py:29:0:29:0 | suppression range |
 | testWindows.py:29:17:29:35 | Comment # lgtm on docstring |  lgtm on docstring | lgtm | testWindows.py:29:1:29:35 | suppression range |
 | testWindows.py:30:16:30:47 | Comment #lgtm [py/duplicate-key-in-dict] | lgtm [py/duplicate-key-in-dict] | lgtm [py/duplicate-key-in-dict] | testWindows.py:30:1:30:47 | suppression range |
 | testWindows.py:35:10:35:21 | Comment # lgtm class |  lgtm class | lgtm | testWindows.py:35:1:35:21 | suppression range |
@@ -64,3 +72,6 @@
 | testWindows.py:48:4:48:60 | Comment # lgtm[py/line-too-long] and lgtm[py/non-callable-called] |  lgtm[py/line-too-long] and lgtm[py/non-callable-called] | lgtm[py/non-callable-called] | testWindows.py:48:1:48:60 | suppression range |
 | testWindows.py:49:4:49:33 | Comment # lgtm[py/line-too-long]; lgtm |  lgtm[py/line-too-long]; lgtm | lgtm | testWindows.py:49:1:49:33 | suppression range |
 | testWindows.py:49:4:49:33 | Comment # lgtm[py/line-too-long]; lgtm |  lgtm[py/line-too-long]; lgtm | lgtm[py/line-too-long] | testWindows.py:49:1:49:33 | suppression range |
+| testWindows.py:52:1:52:31 | Comment # codeql[js/debugger-statement] |  codeql[js/debugger-statement] | lgtm[js/debugger-statement] | testWindows.py:53:0:53:0 | suppression range |
+| testWindows.py:54:1:54:30 | Comment #CODEQL[js/debugger-statement] | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | testWindows.py:55:0:55:0 | suppression range |
+| testWindows.py:56:1:56:68 | Comment # codeql[js/debugger-statement] -- because I know better than codeql |  codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | testWindows.py:57:0:57:0 | suppression range |

python/ql/test/query-tests/analysis/suppression/test.py

@@ -64,3 +64,12 @@ class frozenbidict(BidictBase):  # noqa: E501; (line too long) pylint: disable=i
 
 "" # lgtm[py/line-too-long] and lgtm[py/non-callable-called]
 "" # lgtm[py/line-too-long]; lgtm
+
+#CodeQL comments
+# codeql[js/debugger-statement]
+""
+#CODEQL[js/debugger-statement]
+""
+# codeql[js/debugger-statement] -- because I know better than codeql
+""
+"" // codeql[js/debugger-statement]

python/ql/test/query-tests/analysis/suppression/testWindows.py

@@ -47,3 +47,12 @@ class C: # lgtm class
 
 "" # lgtm[py/line-too-long] and lgtm[py/non-callable-called]
 "" # lgtm[py/line-too-long]; lgtm
+
+#CodeQL comments
+# codeql[js/debugger-statement]
+""
+#CODEQL[js/debugger-statement]
+""
+# codeql[js/debugger-statement] -- because I know better than codeql
+""
+"" // codeql[js/debugger-statement]

ruby/ql/src/AlertSuppression.ql

@@ -5,23 +5,25 @@
  * @id rb/alert-suppression
  */
 
-private import codeql.suppression.AlertSuppression as AS
+private import codeql.util.suppression.AlertSuppression as AS
 private import codeql.ruby.ast.internal.TreeSitter
 
-class SingleLineComment extends Ruby::Comment {
-  SingleLineComment() {
-    // suppression comments must be single-line
-    this.getLocation().getStartLine() = this.getLocation().getEndLine()
-  }
-
+class AstNode extends Ruby::Token {
   predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
     this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
   }
+}
+
+class SingleLineComment extends Ruby::Comment, AstNode {
+  SingleLineComment() {
+    // suppression comments must be single-line
+    this.getLocation().getStartLine() = this.getLocation().getEndLine()
+  }
 
   /** Gets the suppression annotation in this comment. */
   string getText() { result = this.getValue().suffix(1) }
 }
 
-import AS::Make<SingleLineComment>
+import AS::Make<AstNode, SingleLineComment>

ruby/ql/src/change-notes/2022-12-19-alert-suppressions.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `AlertSuppression.ql` query has been updated to support the new `# codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `# lgtm` and `# lgtm[query-id]` comments can now also be place on the line before an alert.

ruby/ql/test/query-tests/AlertSuppression/AlertSuppression.expected

@@ -1,48 +1,100 @@
 | Test.rb:1:16:1:21 | # lgtm |  lgtm | lgtm | Test.rb:1:1:1:21 | suppression range |
 | Test.rb:2:1:2:32 | # lgtm[rb/confusing-method-name] |  lgtm[rb/confusing-method-name] | lgtm[rb/confusing-method-name] | Test.rb:2:1:2:32 | suppression range |
+| Test.rb:2:1:2:32 | # lgtm[rb/confusing-method-name] |  lgtm[rb/confusing-method-name] | lgtm[rb/confusing-method-name] | Test.rb:3:0:3:0 | suppression range |
 | Test.rb:3:1:3:65 | # lgtm[rb/confusing-method-name, rb/non-short-circuit-evaluation] |  lgtm[rb/confusing-method-name, rb/non-short-circuit-evaluation] | lgtm[rb/confusing-method-name, rb/non-short-circuit-evaluation] | Test.rb:3:1:3:65 | suppression range |
+| Test.rb:3:1:3:65 | # lgtm[rb/confusing-method-name, rb/non-short-circuit-evaluation] |  lgtm[rb/confusing-method-name, rb/non-short-circuit-evaluation] | lgtm[rb/confusing-method-name, rb/non-short-circuit-evaluation] | Test.rb:4:0:4:0 | suppression range |
 | Test.rb:4:1:4:23 | # lgtm[@tag:exceptions] |  lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | Test.rb:4:1:4:23 | suppression range |
+| Test.rb:4:1:4:23 | # lgtm[@tag:exceptions] |  lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | Test.rb:5:0:5:0 | suppression range |
 | Test.rb:5:1:5:48 | # lgtm[@tag:exceptions,rb/confusing-method-name] |  lgtm[@tag:exceptions,rb/confusing-method-name] | lgtm[@tag:exceptions,rb/confusing-method-name] | Test.rb:5:1:5:48 | suppression range |
+| Test.rb:5:1:5:48 | # lgtm[@tag:exceptions,rb/confusing-method-name] |  lgtm[@tag:exceptions,rb/confusing-method-name] | lgtm[@tag:exceptions,rb/confusing-method-name] | Test.rb:6:0:6:0 | suppression range |
 | Test.rb:6:1:6:27 | # lgtm[@expires:2017-06-11] |  lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | Test.rb:6:1:6:27 | suppression range |
+| Test.rb:6:1:6:27 | # lgtm[@expires:2017-06-11] |  lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | Test.rb:7:0:7:0 | suppression range |
 | Test.rb:7:1:7:78 | # lgtm[rb/confusing-method-name] does not seem confusing despite alert by lgtm |  lgtm[rb/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[rb/confusing-method-name] | Test.rb:7:1:7:78 | suppression range |
+| Test.rb:7:1:7:78 | # lgtm[rb/confusing-method-name] does not seem confusing despite alert by lgtm |  lgtm[rb/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[rb/confusing-method-name] | Test.rb:8:0:8:0 | suppression range |
 | Test.rb:8:1:8:17 | # lgtm: blah blah |  lgtm: blah blah | lgtm | Test.rb:8:1:8:17 | suppression range |
+| Test.rb:8:1:8:17 | # lgtm: blah blah |  lgtm: blah blah | lgtm | Test.rb:9:0:9:0 | suppression range |
 | Test.rb:9:1:9:31 | # lgtm blah blah #falsepositive |  lgtm blah blah #falsepositive | lgtm | Test.rb:9:1:9:31 | suppression range |
+| Test.rb:9:1:9:31 | # lgtm blah blah #falsepositive |  lgtm blah blah #falsepositive | lgtm | Test.rb:10:0:10:0 | suppression range |
 | Test.rb:10:1:10:33 | #lgtm  [rb/confusing-method-name] | lgtm  [rb/confusing-method-name] | lgtm  [rb/confusing-method-name] | Test.rb:10:1:10:33 | suppression range |
+| Test.rb:10:1:10:33 | #lgtm  [rb/confusing-method-name] | lgtm  [rb/confusing-method-name] | lgtm  [rb/confusing-method-name] | Test.rb:11:0:11:0 | suppression range |
 | Test.rb:11:1:11:8 | # lgtm[] |  lgtm[] | lgtm[] | Test.rb:11:1:11:8 | suppression range |
+| Test.rb:11:1:11:8 | # lgtm[] |  lgtm[] | lgtm[] | Test.rb:12:0:12:0 | suppression range |
 | Test.rb:13:1:13:5 | #lgtm | lgtm | lgtm | Test.rb:13:1:13:5 | suppression range |
+| Test.rb:13:1:13:5 | #lgtm | lgtm | lgtm | Test.rb:14:0:14:0 | suppression range |
 | Test.rb:14:1:14:6 | #\tlgtm | \tlgtm | lgtm | Test.rb:14:1:14:6 | suppression range |
+| Test.rb:14:1:14:6 | #\tlgtm | \tlgtm | lgtm | Test.rb:15:0:15:0 | suppression range |
 | Test.rb:15:1:15:33 | # lgtm\t[rb/confusing-method-name] |  lgtm\t[rb/confusing-method-name] | lgtm\t[rb/confusing-method-name] | Test.rb:15:1:15:33 | suppression range |
+| Test.rb:15:1:15:33 | # lgtm\t[rb/confusing-method-name] |  lgtm\t[rb/confusing-method-name] | lgtm\t[rb/confusing-method-name] | Test.rb:16:0:16:0 | suppression range |
 | Test.rb:18:1:18:11 | # foo; lgtm |  foo; lgtm | lgtm | Test.rb:18:1:18:11 | suppression range |
+| Test.rb:18:1:18:11 | # foo; lgtm |  foo; lgtm | lgtm | Test.rb:19:0:19:0 | suppression range |
 | Test.rb:19:1:19:37 | # foo; lgtm[rb/confusing-method-name] |  foo; lgtm[rb/confusing-method-name] | lgtm[rb/confusing-method-name] | Test.rb:19:1:19:37 | suppression range |
+| Test.rb:19:1:19:37 | # foo; lgtm[rb/confusing-method-name] |  foo; lgtm[rb/confusing-method-name] | lgtm[rb/confusing-method-name] | Test.rb:20:0:20:0 | suppression range |
 | Test.rb:21:1:21:36 | # foo lgtm[rb/confusing-method-name] |  foo lgtm[rb/confusing-method-name] | lgtm[rb/confusing-method-name] | Test.rb:21:1:21:36 | suppression range |
+| Test.rb:21:1:21:36 | # foo lgtm[rb/confusing-method-name] |  foo lgtm[rb/confusing-method-name] | lgtm[rb/confusing-method-name] | Test.rb:22:0:22:0 | suppression range |
 | Test.rb:23:1:23:40 | # foo lgtm[rb/confusing-method-name] bar |  foo lgtm[rb/confusing-method-name] bar | lgtm[rb/confusing-method-name] | Test.rb:23:1:23:40 | suppression range |
+| Test.rb:23:1:23:40 | # foo lgtm[rb/confusing-method-name] bar |  foo lgtm[rb/confusing-method-name] bar | lgtm[rb/confusing-method-name] | Test.rb:24:0:24:0 | suppression range |
 | Test.rb:24:1:24:7 | # LGTM! |  LGTM! | LGTM | Test.rb:24:1:24:7 | suppression range |
+| Test.rb:24:1:24:7 | # LGTM! |  LGTM! | LGTM | Test.rb:25:0:25:0 | suppression range |
 | Test.rb:25:1:25:32 | # LGTM[rb/confusing-method-name] |  LGTM[rb/confusing-method-name] | LGTM[rb/confusing-method-name] | Test.rb:25:1:25:32 | suppression range |
+| Test.rb:25:1:25:32 | # LGTM[rb/confusing-method-name] |  LGTM[rb/confusing-method-name] | LGTM[rb/confusing-method-name] | Test.rb:26:0:26:0 | suppression range |
 | Test.rb:26:1:26:73 | #lgtm[rb/confusing-method-name] and lgtm[rb/non-short-circuit-evaluation] | lgtm[rb/confusing-method-name] and lgtm[rb/non-short-circuit-evaluation] | lgtm[rb/confusing-method-name] | Test.rb:26:1:26:73 | suppression range |
+| Test.rb:26:1:26:73 | #lgtm[rb/confusing-method-name] and lgtm[rb/non-short-circuit-evaluation] | lgtm[rb/confusing-method-name] and lgtm[rb/non-short-circuit-evaluation] | lgtm[rb/confusing-method-name] | Test.rb:27:0:27:0 | suppression range |
 | Test.rb:26:1:26:73 | #lgtm[rb/confusing-method-name] and lgtm[rb/non-short-circuit-evaluation] | lgtm[rb/confusing-method-name] and lgtm[rb/non-short-circuit-evaluation] | lgtm[rb/non-short-circuit-evaluation] | Test.rb:26:1:26:73 | suppression range |
+| Test.rb:26:1:26:73 | #lgtm[rb/confusing-method-name] and lgtm[rb/non-short-circuit-evaluation] | lgtm[rb/confusing-method-name] and lgtm[rb/non-short-circuit-evaluation] | lgtm[rb/non-short-circuit-evaluation] | Test.rb:27:0:27:0 | suppression range |
 | Test.rb:27:1:27:37 | #lgtm[rb/confusing-method-name]; lgtm | lgtm[rb/confusing-method-name]; lgtm | lgtm | Test.rb:27:1:27:37 | suppression range |
+| Test.rb:27:1:27:37 | #lgtm[rb/confusing-method-name]; lgtm | lgtm[rb/confusing-method-name]; lgtm | lgtm | Test.rb:28:0:28:0 | suppression range |
 | Test.rb:27:1:27:37 | #lgtm[rb/confusing-method-name]; lgtm | lgtm[rb/confusing-method-name]; lgtm | lgtm[rb/confusing-method-name] | Test.rb:27:1:27:37 | suppression range |
+| Test.rb:27:1:27:37 | #lgtm[rb/confusing-method-name]; lgtm | lgtm[rb/confusing-method-name]; lgtm | lgtm[rb/confusing-method-name] | Test.rb:28:0:28:0 | suppression range |
+| Test.rb:28:1:28:31 | # codeql[js/debugger-statement] |  codeql[js/debugger-statement] | lgtm[js/debugger-statement] | Test.rb:29:0:29:0 | suppression range |
+| Test.rb:29:1:29:31 | # CODEQL[js/debugger-statement] |  CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | Test.rb:30:0:30:0 | suppression range |
+| Test.rb:30:1:30:68 | # codeql[js/debugger-statement] -- because I know better than codeql |  codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | Test.rb:31:0:31:0 | suppression range |
 | TestWindows.rb:1:23:1:29 | # lgtm\r |  lgtm\r | lgtm | TestWindows.rb:1:1:1:29 | suppression range |
 | TestWindows.rb:2:1:2:33 | # lgtm[rb/confusing-method-name]\r |  lgtm[rb/confusing-method-name]\r | lgtm[rb/confusing-method-name] | TestWindows.rb:2:1:2:33 | suppression range |
+| TestWindows.rb:2:1:2:33 | # lgtm[rb/confusing-method-name]\r |  lgtm[rb/confusing-method-name]\r | lgtm[rb/confusing-method-name] | TestWindows.rb:3:0:3:0 | suppression range |
 | TestWindows.rb:3:1:3:66 | # lgtm[rb/confusing-method-name, rb/non-short-circuit-evaluation]\r |  lgtm[rb/confusing-method-name, rb/non-short-circuit-evaluation]\r | lgtm[rb/confusing-method-name, rb/non-short-circuit-evaluation] | TestWindows.rb:3:1:3:66 | suppression range |
+| TestWindows.rb:3:1:3:66 | # lgtm[rb/confusing-method-name, rb/non-short-circuit-evaluation]\r |  lgtm[rb/confusing-method-name, rb/non-short-circuit-evaluation]\r | lgtm[rb/confusing-method-name, rb/non-short-circuit-evaluation] | TestWindows.rb:4:0:4:0 | suppression range |
 | TestWindows.rb:4:1:4:24 | # lgtm[@tag:exceptions]\r |  lgtm[@tag:exceptions]\r | lgtm[@tag:exceptions] | TestWindows.rb:4:1:4:24 | suppression range |
+| TestWindows.rb:4:1:4:24 | # lgtm[@tag:exceptions]\r |  lgtm[@tag:exceptions]\r | lgtm[@tag:exceptions] | TestWindows.rb:5:0:5:0 | suppression range |
 | TestWindows.rb:5:1:5:49 | # lgtm[@tag:exceptions,rb/confusing-method-name]\r |  lgtm[@tag:exceptions,rb/confusing-method-name]\r | lgtm[@tag:exceptions,rb/confusing-method-name] | TestWindows.rb:5:1:5:49 | suppression range |
+| TestWindows.rb:5:1:5:49 | # lgtm[@tag:exceptions,rb/confusing-method-name]\r |  lgtm[@tag:exceptions,rb/confusing-method-name]\r | lgtm[@tag:exceptions,rb/confusing-method-name] | TestWindows.rb:6:0:6:0 | suppression range |
 | TestWindows.rb:6:1:6:28 | # lgtm[@expires:2017-06-11]\r |  lgtm[@expires:2017-06-11]\r | lgtm[@expires:2017-06-11] | TestWindows.rb:6:1:6:28 | suppression range |
+| TestWindows.rb:6:1:6:28 | # lgtm[@expires:2017-06-11]\r |  lgtm[@expires:2017-06-11]\r | lgtm[@expires:2017-06-11] | TestWindows.rb:7:0:7:0 | suppression range |
 | TestWindows.rb:7:1:7:79 | # lgtm[rb/confusing-method-name] does not seem confusing despite alert by lgtm\r |  lgtm[rb/confusing-method-name] does not seem confusing despite alert by lgtm\r | lgtm[rb/confusing-method-name] | TestWindows.rb:7:1:7:79 | suppression range |
+| TestWindows.rb:7:1:7:79 | # lgtm[rb/confusing-method-name] does not seem confusing despite alert by lgtm\r |  lgtm[rb/confusing-method-name] does not seem confusing despite alert by lgtm\r | lgtm[rb/confusing-method-name] | TestWindows.rb:8:0:8:0 | suppression range |
 | TestWindows.rb:8:1:8:18 | # lgtm: blah blah\r |  lgtm: blah blah\r | lgtm | TestWindows.rb:8:1:8:18 | suppression range |
+| TestWindows.rb:8:1:8:18 | # lgtm: blah blah\r |  lgtm: blah blah\r | lgtm | TestWindows.rb:9:0:9:0 | suppression range |
 | TestWindows.rb:9:1:9:32 | # lgtm blah blah #falsepositive\r |  lgtm blah blah #falsepositive\r | lgtm | TestWindows.rb:9:1:9:32 | suppression range |
+| TestWindows.rb:9:1:9:32 | # lgtm blah blah #falsepositive\r |  lgtm blah blah #falsepositive\r | lgtm | TestWindows.rb:10:0:10:0 | suppression range |
 | TestWindows.rb:10:1:10:34 | #lgtm  [rb/confusing-method-name]\r | lgtm  [rb/confusing-method-name]\r | lgtm  [rb/confusing-method-name] | TestWindows.rb:10:1:10:34 | suppression range |
+| TestWindows.rb:10:1:10:34 | #lgtm  [rb/confusing-method-name]\r | lgtm  [rb/confusing-method-name]\r | lgtm  [rb/confusing-method-name] | TestWindows.rb:11:0:11:0 | suppression range |
 | TestWindows.rb:11:1:11:9 | # lgtm[]\r |  lgtm[]\r | lgtm[] | TestWindows.rb:11:1:11:9 | suppression range |
+| TestWindows.rb:11:1:11:9 | # lgtm[]\r |  lgtm[]\r | lgtm[] | TestWindows.rb:12:0:12:0 | suppression range |
 | TestWindows.rb:13:1:13:6 | #lgtm\r | lgtm\r | lgtm | TestWindows.rb:13:1:13:6 | suppression range |
+| TestWindows.rb:13:1:13:6 | #lgtm\r | lgtm\r | lgtm | TestWindows.rb:14:0:14:0 | suppression range |
 | TestWindows.rb:14:1:14:7 | #\tlgtm\r | \tlgtm\r | lgtm | TestWindows.rb:14:1:14:7 | suppression range |
+| TestWindows.rb:14:1:14:7 | #\tlgtm\r | \tlgtm\r | lgtm | TestWindows.rb:15:0:15:0 | suppression range |
 | TestWindows.rb:15:1:15:34 | # lgtm\t[rb/confusing-method-name]\r |  lgtm\t[rb/confusing-method-name]\r | lgtm\t[rb/confusing-method-name] | TestWindows.rb:15:1:15:34 | suppression range |
+| TestWindows.rb:15:1:15:34 | # lgtm\t[rb/confusing-method-name]\r |  lgtm\t[rb/confusing-method-name]\r | lgtm\t[rb/confusing-method-name] | TestWindows.rb:16:0:16:0 | suppression range |
 | TestWindows.rb:18:1:18:12 | # foo; lgtm\r |  foo; lgtm\r | lgtm | TestWindows.rb:18:1:18:12 | suppression range |
+| TestWindows.rb:18:1:18:12 | # foo; lgtm\r |  foo; lgtm\r | lgtm | TestWindows.rb:19:0:19:0 | suppression range |
 | TestWindows.rb:19:1:19:38 | # foo; lgtm[rb/confusing-method-name]\r |  foo; lgtm[rb/confusing-method-name]\r | lgtm[rb/confusing-method-name] | TestWindows.rb:19:1:19:38 | suppression range |
+| TestWindows.rb:19:1:19:38 | # foo; lgtm[rb/confusing-method-name]\r |  foo; lgtm[rb/confusing-method-name]\r | lgtm[rb/confusing-method-name] | TestWindows.rb:20:0:20:0 | suppression range |
 | TestWindows.rb:21:1:21:37 | # foo lgtm[rb/confusing-method-name]\r |  foo lgtm[rb/confusing-method-name]\r | lgtm[rb/confusing-method-name] | TestWindows.rb:21:1:21:37 | suppression range |
+| TestWindows.rb:21:1:21:37 | # foo lgtm[rb/confusing-method-name]\r |  foo lgtm[rb/confusing-method-name]\r | lgtm[rb/confusing-method-name] | TestWindows.rb:22:0:22:0 | suppression range |
 | TestWindows.rb:23:1:23:41 | # foo lgtm[rb/confusing-method-name] bar\r |  foo lgtm[rb/confusing-method-name] bar\r | lgtm[rb/confusing-method-name] | TestWindows.rb:23:1:23:41 | suppression range |
+| TestWindows.rb:23:1:23:41 | # foo lgtm[rb/confusing-method-name] bar\r |  foo lgtm[rb/confusing-method-name] bar\r | lgtm[rb/confusing-method-name] | TestWindows.rb:24:0:24:0 | suppression range |
 | TestWindows.rb:24:1:24:8 | # LGTM!\r |  LGTM!\r | LGTM | TestWindows.rb:24:1:24:8 | suppression range |
+| TestWindows.rb:24:1:24:8 | # LGTM!\r |  LGTM!\r | LGTM | TestWindows.rb:25:0:25:0 | suppression range |
 | TestWindows.rb:25:1:25:33 | # LGTM[rb/confusing-method-name]\r |  LGTM[rb/confusing-method-name]\r | LGTM[rb/confusing-method-name] | TestWindows.rb:25:1:25:33 | suppression range |
+| TestWindows.rb:25:1:25:33 | # LGTM[rb/confusing-method-name]\r |  LGTM[rb/confusing-method-name]\r | LGTM[rb/confusing-method-name] | TestWindows.rb:26:0:26:0 | suppression range |
 | TestWindows.rb:26:1:26:74 | #lgtm[rb/confusing-method-name] and lgtm[rb/non-short-circuit-evaluation]\r | lgtm[rb/confusing-method-name] and lgtm[rb/non-short-circuit-evaluation]\r | lgtm[rb/confusing-method-name] | TestWindows.rb:26:1:26:74 | suppression range |
+| TestWindows.rb:26:1:26:74 | #lgtm[rb/confusing-method-name] and lgtm[rb/non-short-circuit-evaluation]\r | lgtm[rb/confusing-method-name] and lgtm[rb/non-short-circuit-evaluation]\r | lgtm[rb/confusing-method-name] | TestWindows.rb:27:0:27:0 | suppression range |
 | TestWindows.rb:26:1:26:74 | #lgtm[rb/confusing-method-name] and lgtm[rb/non-short-circuit-evaluation]\r | lgtm[rb/confusing-method-name] and lgtm[rb/non-short-circuit-evaluation]\r | lgtm[rb/non-short-circuit-evaluation] | TestWindows.rb:26:1:26:74 | suppression range |
+| TestWindows.rb:26:1:26:74 | #lgtm[rb/confusing-method-name] and lgtm[rb/non-short-circuit-evaluation]\r | lgtm[rb/confusing-method-name] and lgtm[rb/non-short-circuit-evaluation]\r | lgtm[rb/non-short-circuit-evaluation] | TestWindows.rb:27:0:27:0 | suppression range |
 | TestWindows.rb:27:1:27:38 | #lgtm[rb/confusing-method-name]; lgtm\r | lgtm[rb/confusing-method-name]; lgtm\r | lgtm | TestWindows.rb:27:1:27:38 | suppression range |
+| TestWindows.rb:27:1:27:38 | #lgtm[rb/confusing-method-name]; lgtm\r | lgtm[rb/confusing-method-name]; lgtm\r | lgtm | TestWindows.rb:28:0:28:0 | suppression range |
 | TestWindows.rb:27:1:27:38 | #lgtm[rb/confusing-method-name]; lgtm\r | lgtm[rb/confusing-method-name]; lgtm\r | lgtm[rb/confusing-method-name] | TestWindows.rb:27:1:27:38 | suppression range |
+| TestWindows.rb:27:1:27:38 | #lgtm[rb/confusing-method-name]; lgtm\r | lgtm[rb/confusing-method-name]; lgtm\r | lgtm[rb/confusing-method-name] | TestWindows.rb:28:0:28:0 | suppression range |
+| TestWindows.rb:28:1:28:32 | # codeql[js/debugger-statement]\r |  codeql[js/debugger-statement]\r | lgtm[js/debugger-statement] | TestWindows.rb:29:0:29:0 | suppression range |
+| TestWindows.rb:29:1:29:32 | # CODEQL[js/debugger-statement]\r |  CODEQL[js/debugger-statement]\r | lgtm[js/debugger-statement] | TestWindows.rb:30:0:30:0 | suppression range |
+| TestWindows.rb:30:1:30:69 | # codeql[js/debugger-statement] -- because I know better than codeql\r |  codeql[js/debugger-statement] -- because I know better than codeql\r | lgtm[js/debugger-statement] | TestWindows.rb:31:0:31:0 | suppression range |

ruby/ql/test/query-tests/AlertSuppression/Test.rb

@@ -25,4 +25,8 @@ class Test end # lgtm
 # LGTM[rb/confusing-method-name]
 #lgtm[rb/confusing-method-name] and lgtm[rb/non-short-circuit-evaluation]
 #lgtm[rb/confusing-method-name]; lgtm
+# codeql[js/debugger-statement]
+# CODEQL[js/debugger-statement]
+# codeql[js/debugger-statement] -- because I know better than codeql
+foo # codeql[js/debugger-statement]
 

ruby/ql/test/query-tests/AlertSuppression/TestWindows.rb

@@ -25,4 +25,8 @@ class TestWindows end # lgtm
 # LGTM[rb/confusing-method-name]
 #lgtm[rb/confusing-method-name] and lgtm[rb/non-short-circuit-evaluation]
 #lgtm[rb/confusing-method-name]; lgtm
+# codeql[js/debugger-statement]
+# CODEQL[js/debugger-statement]
+# codeql[js/debugger-statement] -- because I know better than codeql
+foo # codeql[js/debugger-statement]
 

shared/util/codeql/util/suppression/AlertSuppression.qll

@@ -1,3 +1,9 @@
+signature class AstNode {
+  predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  );
+}
+
 signature class SingleLineComment {
   string toString();
 
@@ -11,7 +17,7 @@ signature class SingleLineComment {
 /**
  * Constructs an alert suppression query.
  */
-module Make<SingleLineComment Comment> {
+module Make<AstNode Node, SingleLineComment Comment> {
   /**
    * An alert suppression comment.
    */
@@ -72,6 +78,47 @@ module Make<SingleLineComment Comment> {
     ) {
       this.hasLocationInfo(filepath, startline, _, endline, endcolumn) and
       startcolumn = 1
+      or
+      exists(int cStartLine, int cStartColumn, int cEndLine, int cEndColumn |
+        this.hasLocationInfo(filepath, cStartLine, cStartColumn, cEndLine, cEndColumn) and
+        not exists(int c, Node n | c < cStartColumn |
+          n.hasLocationInfo(filepath, _, _, cStartLine, c) or
+          n.hasLocationInfo(filepath, cStartLine, c, _, _)
+        ) and
+        // when there is no column information, a location spans the whole line
+        startcolumn = 0 and
+        endcolumn = 0 and
+        startline = cEndLine + 1 and
+        endline = startline
+      )
+    }
+  }
+
+  private class CodeQlSuppressionComment extends SuppressionComment {
+    private string annotation;
+
+    CodeQlSuppressionComment() {
+      // match `codeql[...]` anywhere in the comment
+      annotation = this.(Comment).getText().regexpFind("(?i)\\bcodeql\\s*\\[[^\\]]*\\]", _, _) and
+      exists(string filepath, int cStartLine, int cStartColumn |
+        this.(Comment).hasLocationInfo(filepath, cStartLine, cStartColumn, _, _) and
+        not exists(int c, Node n | c < cStartColumn |
+          n.hasLocationInfo(filepath, _, _, cStartLine, c) or
+          n.hasLocationInfo(filepath, cStartLine, c, _, _)
+        )
+      )
+    }
+
+    override string getAnnotation() { result = "lgtm" + annotation.suffix(6) }
+
+    override predicate covers(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      this.hasLocationInfo(filepath, _, _, startline - 1, _) and
+      // when there is no column information, a location spans the whole line
+      startcolumn = 0 and
+      endcolumn = 0 and
+      endline = startline
     }
   }