Merge pull request #11723 from aibaars/alert-suppression

CodeQL alert suppression

javascript/ql/src/AlertSuppression.ql

@@ -5,10 +5,20 @@
  * @id js/alert-suppression
  */
 
-private import codeql.suppression.AlertSuppression as AS
+private import codeql.util.suppression.AlertSuppression as AS
 private import javascript as JS
 
-class SingleLineComment extends JS::Locatable {
+class AstNode extends JS::Locatable {
+  AstNode() { not this.(JS::HTML::TextNode).getText().regexpMatch("\\s*") }
+
+  predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
+}
+
+class SingleLineComment extends AstNode {
   private string text;
 
   SingleLineComment() {
@@ -20,13 +30,7 @@ class SingleLineComment extends JS::Locatable {
     not text.matches("%\n%")
   }
 
-  predicate hasLocationInfo(
-    string filepath, int startline, int startcolumn, int endline, int endcolumn
-  ) {
-    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
-  }
-
   string getText() { result = text }
 }
 
-import AS::Make<SingleLineComment>
+import AS::Make<AstNode, SingleLineComment>

javascript/ql/src/change-notes/2022-12-19-alert-suppressions.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.