Merge pull request #11723 from aibaars/alert-suppression

CodeQL alert suppression

java/ql/src/AlertSuppression.ql

@@ -5,7 +5,7 @@
  * @id java/alert-suppression
  */
 
-private import codeql.suppression.AlertSuppression as AS
+private import codeql.util.suppression.AlertSuppression as AS
 private import semmle.code.java.Javadoc
 
 class SingleLineComment extends Javadoc {
@@ -18,4 +18,4 @@ class SingleLineComment extends Javadoc {
   string getText() { result = this.getChild(0).getText() }
 }
 
-import AS::Make<SingleLineComment>
+import AS::Make<Top, SingleLineComment>

java/ql/src/AlertSuppressionAnnotations.ql

@@ -12,8 +12,8 @@ import Metrics.Internal.Extents
 /** Gets the LGTM suppression annotation text in the string `s`, if any. */
 bindingset[s]
 string getAnnotationText(string s) {
-  // match `lgtm[...]` anywhere in the comment
-  result = s.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _)
+  // match `lgtm[...]` or `codeql[...]` anywhere in the comment
+  result = s.regexpFind("(?i)\\b(lgtm|codeql)\\s*\\[[^\\]]*\\]", _, _).trim()
 }
 
 /**
@@ -96,5 +96,5 @@ where
   annotationText = getAnnotationText(text)
 select c, // suppression entity
   text, // full text of suppression string
-  annotationText, // LGTM suppression annotation text
+  annotationText.regexpReplaceAll("(?i)^codeql", "lgtm"), // LGTM suppression annotation text
   c.getScope() // scope of suppression

java/ql/src/change-notes/2022-12-19-alert-suppressions.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.