Restore deleted deviations suppression query

change_notes/2025-03-26-deviations-suppression.md

@@ -0,0 +1 @@
+ - The `DeviationsSuppression.ql` query has been restored after being incorrectly deleted in a previous release.

cpp/common/src/codingstandards/cpp/Locations.qll

@@ -0,0 +1,30 @@
+import cpp
+
+/** Holds if `lineNumber` is an indexed line number in file `f`. */
+predicate isLineNumber(File f, int lineNumber) {
+  exists(Location l | l.getFile() = f |
+    l.getStartLine() = lineNumber
+    or
+    l.getEndLine() = lineNumber
+  )
+}
+
+/** Gets the last line number in `f`. */
+int getLastLineNumber(File f) { result = max(int lineNumber | isLineNumber(f, lineNumber)) }
+
+/** Gets the last column number on the last line of `f`. */
+int getLastColumnNumber(File f) {
+  result =
+    max(Location l |
+      l.getFile() = f and
+      l.getEndLine() = getLastLineNumber(f)
+    |
+      l.getEndColumn()
+    )
+}
+
+/** Gets the last column number on the given line of `filepath`. */
+bindingset[filepath, lineNumber]
+int getLastColumnNumber(string filepath, int lineNumber) {
+  result = max(Location l | l.hasLocationInfo(filepath, _, _, lineNumber, _) | l.getEndColumn())
+}

cpp/common/src/codingstandards/cpp/deviations/CodeIdentifierDeviation.qll

@@ -32,6 +32,7 @@
 
 import cpp
 import Deviations
+import codingstandards.cpp.Locations
 
 string supportedStandard() { result = ["misra", "autosar", "cert"] }
 
@@ -226,15 +227,20 @@ class DeviationAttribute extends StdAttribute {
 
   DeviationRecord getADeviationRecord() { result = record }
 
-  pragma[nomagic]
-  Element getASuppressedElement() {
+  /** Gets the element to which this attribute was applied. */
+  Element getPrimarySuppressedElement() {
     result.(Type).getAnAttribute() = this
     or
     result.(Stmt).getAnAttribute() = this
     or
     result.(Variable).getAnAttribute() = this
     or
     result.(Function).getAnAttribute() = this
+  }
+
+  pragma[nomagic]
+  Element getASuppressedElement() {
+    result = this.getPrimarySuppressedElement()
     or
     result.(Expr).getEnclosingStmt() = this.getASuppressedElement()
     or
@@ -289,11 +295,14 @@ newtype TCodeIndentifierDeviation =
   } or
   TMultiLineDeviation(
     DeviationRecord record, DeviationBegin beginComment, DeviationEnd endComment, string filepath,
-    int suppressedStartLine, int suppressedEndLine
+    int suppressedStartLine, int suppressedStartColumn, int suppressedEndLine,
+    int suppressedEndColumn
   ) {
     isDeviationRangePaired(record, beginComment, endComment) and
-    beginComment.getLocation().hasLocationInfo(filepath, suppressedStartLine, _, _, _) and
-    endComment.getLocation().hasLocationInfo(filepath, suppressedEndLine, _, _, _)
+    beginComment
+        .getLocation()
+        .hasLocationInfo(filepath, suppressedStartLine, suppressedStartColumn, _, _) and
+    endComment.getLocation().hasLocationInfo(filepath, _, _, suppressedEndLine, suppressedEndColumn)
   } or
   TCodeIdentifierDeviation(DeviationRecord record, DeviationAttribute attribute) {
     attribute.getADeviationRecord() = record
@@ -304,7 +313,7 @@ class CodeIdentifierDeviation extends TCodeIndentifierDeviation {
   DeviationRecord getADeviationRecord() {
     this = TSingleLineDeviation(result, _, _, _)
     or
-    this = TMultiLineDeviation(result, _, _, _, _, _)
+    this = TMultiLineDeviation(result, _, _, _, _, _, _, _)
     or
     this = TCodeIdentifierDeviation(result, _)
   }
@@ -315,18 +324,38 @@ class CodeIdentifierDeviation extends TCodeIndentifierDeviation {
   bindingset[e]
   pragma[inline_late]
   predicate isElementMatching(Element e) {
-    exists(string filepath, int elementLocationStart |
-      e.getLocation().hasLocationInfo(filepath, elementLocationStart, _, _, _)
+    exists(string filepath, int elementLocationStart, int elementLocationColumnStart |
+      e.getLocation()
+          .hasLocationInfo(filepath, elementLocationStart, elementLocationColumnStart, _, _)
     |
       exists(int suppressedLine |
         this = TSingleLineDeviation(_, _, filepath, suppressedLine) and
         suppressedLine = elementLocationStart
       )
       or
-      exists(int suppressedStartLine, int suppressedEndLine |
-        this = TMultiLineDeviation(_, _, _, filepath, suppressedStartLine, suppressedEndLine) and
-        suppressedStartLine < elementLocationStart and
-        suppressedEndLine > elementLocationStart
+      exists(
+        int suppressedStartLine, int suppressedStartColumn, int suppressedEndLine,
+        int suppressedEndColumn
+      |
+        this =
+          TMultiLineDeviation(_, _, _, filepath, suppressedStartLine, suppressedStartColumn,
+            suppressedEndLine, suppressedEndColumn) and
+        (
+          // Element starts on a line after the begin marker of the suppression
+          suppressedStartLine < elementLocationStart
+          or
+          // Element exists on the same line as the begin marker, and occurs after it
+          suppressedStartLine = elementLocationStart and
+          suppressedStartColumn < elementLocationColumnStart
+        ) and
+        (
+          // Element starts on a line before the end marker of the suppression
+          suppressedEndLine > elementLocationStart
+          or
+          // Element exists on the same line as the end marker of the suppression, and occurs before it
+          suppressedEndLine = elementLocationStart and
+          elementLocationColumnStart < suppressedEndColumn
+        )
       )
     )
     or
@@ -336,26 +365,64 @@ class CodeIdentifierDeviation extends TCodeIndentifierDeviation {
     )
   }
 
+  /**
+   * Holds for the region matched by this code identifier deviation.
+   *
+   * Note: this is not the location of the marker itself.
+   */
+  predicate hasLocationInfo(
+    string filepath, int suppressedLine, int suppressedColumn, int endline, int endcolumn
+  ) {
+    exists(Comment commentMarker |
+      this = TSingleLineDeviation(_, commentMarker, filepath, suppressedLine) and
+      suppressedColumn = 1 and
+      endline = suppressedLine
+    |
+      if commentMarker instanceof DeviationEndOfLineMarker
+      then endcolumn = commentMarker.(DeviationEndOfLineMarker).getLocation().getEndColumn()
+      else
+        // Find the last column for a location on the next line
+        endcolumn = getLastColumnNumber(filepath, suppressedLine)
+    )
+    or
+    this =
+      TMultiLineDeviation(_, _, _, filepath, suppressedLine, suppressedColumn, endline, endcolumn)
+    or
+    exists(DeviationAttribute attribute |
+      this = TCodeIdentifierDeviation(_, attribute) and
+      attribute
+          .getPrimarySuppressedElement()
+          .getLocation()
+          .hasLocationInfo(filepath, suppressedLine, suppressedColumn, endline, endcolumn)
+    )
+  }
+
   string toString() {
     exists(string filepath |
       exists(int suppressedLine |
         this = TSingleLineDeviation(_, _, filepath, suppressedLine) and
         result =
-          "Deviation record " + getADeviationRecord() + " applied to " + filepath + " Line " +
+          "Deviation of " + getADeviationRecord().getQuery() + " applied to " + filepath + " Line " +
             suppressedLine
       )
       or
-      exists(int suppressedStartLine, int suppressedEndLine |
-        this = TMultiLineDeviation(_, _, _, filepath, suppressedStartLine, suppressedEndLine) and
+      exists(
+        int suppressedStartLine, int suppressedStartColumn, int suppressedEndLine,
+        int suppressedEndColumn
+      |
+        this =
+          TMultiLineDeviation(_, _, _, filepath, suppressedStartLine, suppressedStartColumn,
+            suppressedEndLine, suppressedEndColumn) and
         result =
-          "Deviation record " + getADeviationRecord() + " applied to " + filepath + " Line" +
-            suppressedStartLine + ":" + suppressedEndLine
+          "Deviation of " + getADeviationRecord().getQuery() + " applied to " + filepath + " Line " +
+            suppressedStartLine + ":" + suppressedStartColumn + ":" + suppressedEndLine + ":" +
+            suppressedEndColumn
       )
     )
     or
     exists(DeviationAttribute attribute |
       this = TCodeIdentifierDeviation(_, attribute) and
-      result = "Deviation record " + getADeviationRecord() + " applied to " + attribute
+      result = "Deviation of " + getADeviationRecord().getQuery() + " applied to " + attribute
     )
   }
 }

cpp/common/src/codingstandards/cpp/deviations/DeviationsSuppression.qhelp

@@ -0,0 +1,12 @@
+<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
+<qhelp>
+    <overview>
+        <p>This query generates suppression information for rules that have an associated deviation record.</p>
+    </overview>
+    <references>
+        <li>
+            MISRA Compliance 2020 document:
+            <a href="https://www.misra.org.uk/app/uploads/2021/06/MISRA-Compliance-2020.pdf">Chapter 4.2 (page 12) - Deviations.</a>
+        </li>
+    </references>
+</qhelp>

cpp/common/src/codingstandards/cpp/deviations/DeviationsSuppression.ql

@@ -0,0 +1,102 @@
+/**
+ * @name Deviation suppression
+ * @description Generates information about files and locations where certain alerts should be considered suppressed by deviations.
+ * @kind alert-suppression
+ * @id cpp/coding-standards/deviation-suppression
+ */
+
+import cpp
+import Deviations
+import codingstandards.cpp.Locations
+
+newtype TDeviationScope =
+  TDeviationRecordFileScope(DeviationRecord dr, File file) {
+    exists(string deviationPath |
+      dr.isDeviated(_, deviationPath) and
+      file.getRelativePath().prefix(deviationPath.length()) = deviationPath
+    )
+  } or
+  TDeviationRecordCodeIdentiferDeviationScope(DeviationRecord dr, CodeIdentifierDeviation c) {
+    c = dr.getACodeIdentifierDeviation()
+  }
+
+/** A deviation scope. */
+class DeviationScope extends TDeviationScope {
+  /** Gets the location at which this deviation was defined. */
+  abstract Locatable getDeviationDefinitionLocation();
+
+  /** Gets the Query being deviated. */
+  abstract Query getQuery();
+
+  abstract string toString();
+
+  abstract predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  );
+}
+
+/** A deviation scope derived from a "path" entry in a `DeviationRecord`. */
+class DeviationRecordFileScope extends DeviationScope, TDeviationRecordFileScope {
+  private DeviationRecord getDeviationRecord() { this = TDeviationRecordFileScope(result, _) }
+
+  override Locatable getDeviationDefinitionLocation() { result = getDeviationRecord() }
+
+  private File getFile() { this = TDeviationRecordFileScope(_, result) }
+
+  override Query getQuery() { result = getDeviationRecord().getQuery() }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    // In an ideal world, we would produce a URL here that informed the AlertSuppression code that
+    // the whole file was suppressed. However, the alert suppression code only works with locations
+    // with lines and columns, so we generate a location that covers the whole "indexed" file, by
+    // finding the location indexed in the database with the latest line and column number.
+    exists(File f | f = getFile() |
+      f.getLocation().hasLocationInfo(filepath, _, _, _, _) and
+      startline = 1 and
+      startcolumn = 1 and
+      endline = getLastLineNumber(f) and
+      endcolumn = getLastColumnNumber(f)
+    )
+  }
+
+  override string toString() {
+    result = "Deviation of " + getDeviationRecord().getQuery() + " for " + getFile() + "."
+  }
+}
+
+/**
+ * A deviation scope derived from a comment corresponding to a "code-identifier" entry for a
+ * `DeviationRecord`.
+ */
+class DeviationRecordCommentScope extends DeviationScope,
+  TDeviationRecordCodeIdentiferDeviationScope
+{
+  private DeviationRecord getDeviationRecord() {
+    this = TDeviationRecordCodeIdentiferDeviationScope(result, _)
+  }
+
+  private CodeIdentifierDeviation getCodeIdentifierDeviation() {
+    this = TDeviationRecordCodeIdentiferDeviationScope(_, result)
+  }
+
+  override Locatable getDeviationDefinitionLocation() { result = getDeviationRecord() }
+
+  override Query getQuery() { result = getDeviationRecord().getQuery() }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    getCodeIdentifierDeviation()
+        .hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
+
+  override string toString() { result = getCodeIdentifierDeviation().toString() }
+}
+
+from DeviationScope deviationScope
+select deviationScope.getDeviationDefinitionLocation(), // suppression comment
+  "// lgtm[" + deviationScope.getQuery().getQueryId() + "]", // text of suppression comment (excluding delimiters)
+  "lgtm[" + deviationScope.getQuery().getQueryId() + "]", // text of suppression annotation
+  deviationScope // scope of suppression

cpp/common/test/deviations/deviations_basic_test/TypeLongDoubleUsed.expected

@@ -10,3 +10,5 @@
 | main.cpp:21:15:21:16 | d6 | Use of long double type. |
 | main.cpp:30:15:30:17 | d10 | Use of long double type. |
 | main.cpp:38:15:38:17 | d14 | Use of long double type. |
+| main.cpp:42:15:42:17 | d15 | Use of long double type. |
+| main.cpp:43:113:43:115 | d18 | Use of long double type. |

cpp/common/test/deviations/deviations_basic_test/main.cpp

@@ -37,5 +37,10 @@ int main(int argc, char **argv) {
   // codeql::autosar_deviation_end(a-0-4-2-deviation)
   long double d14; // NON_COMPLIANT (A0-4-2)
   getX();          // NON_COMPLIANT (A0-1-2)
+
+  // clang-format off
+  long double d15; /* NON_COMPLIANT*/ /* codeql::autosar_deviation_begin(a-0-4-2-deviation) */ long double d16; // COMPLIANT[DEVIATED]
+  long double d17; /* COMPLIANT[DEVIATED] */ /* codeql::autosar_deviation_end(a-0-4-2-deviation) */ long double d18; // NON_COMPLIANT
+  // clang-format on
   return 0;
 }

cpp/common/test/deviations/deviations_report_deviated/DeviationsSuppression.expected

@@ -0,0 +1,12 @@
+| file://:0:0:0:0 | (no string representation) | // lgtm[cpp/autosar/type-long-double-used] | lgtm[cpp/autosar/type-long-double-used] | main.cpp:12:1:12:58 | Deviation of cpp/autosar/type-long-double-used applied to main.cpp Line 12 |
+| file://:0:0:0:0 | (no string representation) | // lgtm[cpp/autosar/type-long-double-used] | lgtm[cpp/autosar/type-long-double-used] | main.cpp:14:1:14:65 | Deviation of cpp/autosar/type-long-double-used applied to main.cpp Line 14 |
+| file://:0:0:0:0 | (no string representation) | // lgtm[cpp/autosar/type-long-double-used] | lgtm[cpp/autosar/type-long-double-used] | main.cpp:18:1:18:40 | Deviation of cpp/autosar/type-long-double-used applied to main.cpp Line 18 |
+| file://:0:0:0:0 | (no string representation) | // lgtm[cpp/autosar/type-long-double-used] | lgtm[cpp/autosar/type-long-double-used] | main.cpp:21:3:27:53 | Deviation of cpp/autosar/type-long-double-used applied to main.cpp Line 21:3:27:53 |
+| file://:0:0:0:0 | (no string representation) | // lgtm[cpp/autosar/type-long-double-used] | lgtm[cpp/autosar/type-long-double-used] | main.cpp:29:3:35:53 | Deviation of cpp/autosar/type-long-double-used applied to main.cpp Line 29:3:35:53 |
+| file://:0:0:0:0 | (no string representation) | // lgtm[cpp/autosar/type-long-double-used] | lgtm[cpp/autosar/type-long-double-used] | main.cpp:40:39:41:99 | Deviation of cpp/autosar/type-long-double-used applied to main.cpp Line 40:39:41:99 |
+| file://:0:0:0:0 | (no string representation) | // lgtm[cpp/autosar/unused-return-value] | lgtm[cpp/autosar/unused-return-value] | nested/nested2/test2.h:1:1:6:1 | Deviation of cpp/autosar/unused-return-value for nested/nested2/test2.h. |
+| file://:0:0:0:0 | (no string representation) | // lgtm[cpp/autosar/useless-assignment] | lgtm[cpp/autosar/useless-assignment] | coding-standards.xml:1:1:17:19 | Deviation of cpp/autosar/useless-assignment for coding-standards.xml. |
+| file://:0:0:0:0 | (no string representation) | // lgtm[cpp/autosar/useless-assignment] | lgtm[cpp/autosar/useless-assignment] | main.cpp:1:1:44:1 | Deviation of cpp/autosar/useless-assignment for main.cpp. |
+| file://:0:0:0:0 | (no string representation) | // lgtm[cpp/autosar/useless-assignment] | lgtm[cpp/autosar/useless-assignment] | nested/coding-standards.xml:1:1:13:19 | Deviation of cpp/autosar/useless-assignment for nested/coding-standards.xml. |
+| file://:0:0:0:0 | (no string representation) | // lgtm[cpp/autosar/useless-assignment] | lgtm[cpp/autosar/useless-assignment] | nested/nested2/test2.h:1:1:6:1 | Deviation of cpp/autosar/useless-assignment for nested/nested2/test2.h. |
+| file://:0:0:0:0 | (no string representation) | // lgtm[cpp/autosar/useless-assignment] | lgtm[cpp/autosar/useless-assignment] | nested/test.h:1:1:6:1 | Deviation of cpp/autosar/useless-assignment for nested/test.h. |

cpp/common/test/deviations/deviations_report_deviated/DeviationsSuppression.qlref

@@ -0,0 +1 @@
+codingstandards/cpp/deviations/DeviationsSuppression.ql

cpp/common/test/deviations/deviations_report_deviated/TypeLongDoubleUsed.expected

@@ -0,0 +1,18 @@
+| main.cpp:11:15:11:16 | d1 | Use of long double type. |
+| main.cpp:12:15:12:16 | d2 | Use of long double type. |
+| main.cpp:14:15:14:16 | d3 | Use of long double type. |
+| main.cpp:16:15:16:16 | d4 | Use of long double type. |
+| main.cpp:18:15:18:16 | d5 | Use of long double type. |
+| main.cpp:19:15:19:16 | d6 | Use of long double type. |
+| main.cpp:22:15:22:16 | d7 | Use of long double type. |
+| main.cpp:24:15:24:16 | d8 | Use of long double type. |
+| main.cpp:26:15:26:16 | d9 | Use of long double type. |
+| main.cpp:28:15:28:17 | d10 | Use of long double type. |
+| main.cpp:30:15:30:17 | d11 | Use of long double type. |
+| main.cpp:32:15:32:17 | d12 | Use of long double type. |
+| main.cpp:34:15:34:17 | d13 | Use of long double type. |
+| main.cpp:36:15:36:17 | d14 | Use of long double type. |
+| main.cpp:40:15:40:17 | d15 | Use of long double type. |
+| main.cpp:40:108:40:110 | d16 | Use of long double type. |
+| main.cpp:41:15:41:17 | d17 | Use of long double type. |
+| main.cpp:41:113:41:115 | d18 | Use of long double type. |