Add support for deviations on next line and multiple lines #807
+329
−173
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lgtm-style suppressions are no longer supported by CodeQL and Code Scanning.
This new library supports deviating on the next line, or on ranges, in addition to deviating on the current line.
This ties in the code-identifier deviation support to the deviations and exclusions libraries.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This draft PR proposes an extension of our deviations mechanism to suppress results on the next line and on multiple lines. This would make it easier to apply deviations at a broader scale.
We do this by introducing an annotation format to be used in comment markers in code starting with
DEVIATION. The new markers are:DEVIATION(<code-identifier>)- the deviation applies to results on the current line (duplication of existing non-annotated support, included for consistency).DEVIATION_NEXT_LINE(<code-identifier>)- this deviation applies to results on the next line.DEVIATION_BEGIN(<code-identifier>)- marks the beginning of a range of lines where the deviation applies.DEVIATION_END(<code-identifier>)- marks the end of a range of lines where the deviation applies.I'm definitely open to feedback on the naming format used here. Some considerations:
NOCODEQLor similar as it doesn't apply to all of CodeQL - only the Coding Standards queries.This would address #326.
Change request type
.ql,.qll,.qlsor unit tests)Rules with added or modified queries
Release change checklist
A change note (development_handbook.md#change-notes) is required for any pull request which modifies:
If you are only adding new rule queries, a change note is not required.
Author: Is a change note required?
🚨🚨🚨
Reviewer: Confirm that format of shared queries (not the .qll file, the
.ql file that imports it) is valid by running them within VS Code.
Reviewer: Confirm that either a change note is not required or the change note is required and has been added.
Query development review checklist
For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer:
Author
As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
Reviewer
As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.