Merge branch 'main' into tutorial/library-pack

2026-05-03 04:39:29 +02:00 · 2023-01-03 14:08:37 -08:00
parent d2ee8c08c0 c5138674a4
commit 9988c19a42
406 changed files with 26663 additions and 5387 deletions
--- a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll
@@ -260,6 +260,12 @@ module Public {
     *  Holds if the neutral is auto generated.
     */
    predicate isAutoGenerated() { neutralElement(this, true) }
+
+    /**
+     * Holds if the neutral has the given provenance where `true` is
+     * `generated` and `false` is `manual`.
+     */
+    predicate hasProvenance(boolean generated) { neutralElement(this, generated) }
  }
 }

--- a/go/ql/src/AlertSuppression.ql
+++ b/go/ql/src/AlertSuppression.ql
@@ -5,7 +5,7 @@
 * @id go/alert-suppression
 */

-private import codeql.suppression.AlertSuppression as AS
+private import codeql.util.suppression.AlertSuppression as AS
 private import semmle.go.Comments as G

 class SingleLineComment extends G::Comment {
@@ -15,4 +15,4 @@ class SingleLineComment extends G::Comment {
  }
 }

-import AS::Make<SingleLineComment>
+import AS::Make<G::Locatable, SingleLineComment>
--- a/go/ql/src/change-notes/2022-12-19-alert-suppressions.md
+++ b/go/ql/src/change-notes/2022-12-19-alert-suppressions.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.
--- a/go/ql/test/query-tests/AlertSuppression/AlertSuppression.expected
+++ b/go/ql/test/query-tests/AlertSuppression/AlertSuppression.expected
@@ -29,6 +29,10 @@
 | tst.go:37:8:37:42 | comment |  lgtm[go/redundant-assignment]  | lgtm[go/redundant-assignment] | tst.go:37:1:37:42 | suppression range |
 | tst.go:43:8:43:56 | comment |  lgtm[@tag:nullness,go/redundant-assignment]  | lgtm[@tag:nullness,go/redundant-assignment] | tst.go:43:1:43:56 | suppression range |
 | tst.go:44:8:44:32 | comment |  lgtm[@tag:nullness]  | lgtm[@tag:nullness] | tst.go:44:1:44:32 | suppression range |
+| tst.go:45:2:45:33 | comment |  codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tst.go:46:0:46:0 | suppression range |
+| tst.go:47:2:47:33 | comment |  CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tst.go:48:0:48:0 | suppression range |
+| tst.go:49:2:49:70 | comment |  codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tst.go:50:0:50:0 | suppression range |
+| tst.go:51:2:51:36 | comment |  codeql[js/debugger-statement]  | lgtm[js/debugger-statement] | tst.go:52:0:52:0 | suppression range |
 | tstWindows.go:7:8:7:14 | comment |  lgtm | lgtm | tstWindows.go:7:1:7:14 | suppression range |
 | tstWindows.go:8:8:8:39 | comment |  lgtm[go/redundant-assignment] | lgtm[go/redundant-assignment] | tstWindows.go:8:1:8:39 | suppression range |
 | tstWindows.go:9:8:9:39 | comment |  lgtm[go/redundant-assignment] | lgtm[go/redundant-assignment] | tstWindows.go:9:1:9:39 | suppression range |
@@ -59,3 +63,7 @@
 | tstWindows.go:37:8:37:42 | comment |  lgtm[go/redundant-assignment]  | lgtm[go/redundant-assignment] | tstWindows.go:37:1:37:42 | suppression range |
 | tstWindows.go:43:8:43:56 | comment |  lgtm[@tag:nullness,go/redundant-assignment]  | lgtm[@tag:nullness,go/redundant-assignment] | tstWindows.go:43:1:43:56 | suppression range |
 | tstWindows.go:44:8:44:32 | comment |  lgtm[@tag:nullness]  | lgtm[@tag:nullness] | tstWindows.go:44:1:44:32 | suppression range |
+| tstWindows.go:45:2:45:33 | comment |  codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.go:46:0:46:0 | suppression range |
+| tstWindows.go:47:2:47:33 | comment |  CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.go:48:0:48:0 | suppression range |
+| tstWindows.go:49:2:49:70 | comment |  codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tstWindows.go:50:0:50:0 | suppression range |
+| tstWindows.go:51:2:51:36 | comment |  codeql[js/debugger-statement]  | lgtm[js/debugger-statement] | tstWindows.go:52:0:52:0 | suppression range |
--- a/go/ql/test/query-tests/AlertSuppression/tst.go
+++ b/go/ql/test/query-tests/AlertSuppression/tst.go
@@ -42,4 +42,16 @@ func main() {
               */
 	x = x /* lgtm[@tag:nullness,go/redundant-assignment] */
 	x = x /* lgtm[@tag:nullness] */
+	// codeql[js/debugger-statement]
+	x = x 
+	// CODEQL[js/debugger-statement]
+	x = x
+	// codeql[js/debugger-statement] -- because I know better than codeql
+	x = x
+	/* codeql[js/debugger-statement] */
+	x = x
+	/* codeql[js/debugger-statement] 
+	*/
+	x = x
+	x = x // codeql[js/debugger-statement]	
 }
--- a/go/ql/test/query-tests/AlertSuppression/tstWindows.go
+++ b/go/ql/test/query-tests/AlertSuppression/tstWindows.go
@@ -42,4 +42,17 @@ func winMain() {
               */
 	x = x /* lgtm[@tag:nullness,go/redundant-assignment] */
 	x = x /* lgtm[@tag:nullness] */
-}
+	// codeql[js/debugger-statement]
+	x = x 
+	// CODEQL[js/debugger-statement]
+	x = x
+	// codeql[js/debugger-statement] -- because I know better than codeql
+	x = x
+	/* codeql[js/debugger-statement] */
+	x = x
+	/* codeql[js/debugger-statement] 
+	*/
+	x = x
+	x = x // codeql[js/debugger-statement]	
+}	
+