-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathAlertFiltering.qll
More file actions
97 lines (93 loc) · 4.7 KB
/
Copy pathAlertFiltering.qll
File metadata and controls
97 lines (93 loc) · 4.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
/**
* Provides the `restrictAlertsTo` extensible predicate to restrict alerts to specific source
* locations, and the `AlertFilteringImpl` parameterized module to apply the filtering.
*/
private import codeql.util.Location
/**
* Holds if the query should produce alerts that match the given line ranges.
*
* This predicate is active if and only if it is nonempty. If this predicate is inactive, it has no
* effect. If it is active, it accepts any alert that has at least one matching location.
*
* Note that an alert that is not accepted by this filtering predicate may still be included in the
* query results if it is accepted by another active filtering predicate in this module. An alert is
* excluded from the query results if only if (1) there is at least one active filtering predicate,
* and (2) it is not accepted by any active filtering predicate.
*
* An alert location is a match if it matches a row in this predicate. If `startLineStart` and
* `startLineEnd` are both 0, the row specifies a whole-file match, and a location is a match if
* its file path matches `filePath`. Otherwise, the row specifies a line-range match, and a
* location is a match if its file path matches `filePath`, and its start line is between
* `startLineStart` and `startLineEnd`, inclusive. (Note that only start line of the location is
* used for matching because an alert is displayed on the first line of its location.)
*
* - filePath: alert location file path (absolute).
* - startLineStart: inclusive start of the range for alert location start line number (1-based).
* - startLineEnd: inclusive end of the range for alert location start line number (1-based).
*
* A query should either perform no alert filtering, or adhere to all the filtering rules in this
* module and return all and only the accepted alerts.
*
* This predicate is suitable for situations where we want to filter alerts at line granularity,
* such as based on the pull request diff.
*
* See also: `restrictAlertsToExactLocation`.
*/
extensible predicate restrictAlertsTo(string filePath, int startLineStart, int startLineEnd);
/**
* Holds if the query should produce alerts that match the given locations.
*
* This predicate is active if and only if it is nonempty. If this predicate is inactive, it has no
* effect. If it is active, it accepts any alert that has at least one matching location.
*
* Note that an alert that is not accepted by this filtering predicate may still be included in the
* query results if it is accepted by another active filtering predicate in this module. An alert is
* excluded from the query results if only if (1) there is at least one active filtering predicate,
* and (2) it is not accepted by any active filtering predicate.
*
* An alert location is a match if it matches a row in this predicate. Each row specifies an exact
* location: an alert location is a match if its file path matches `filePath`, its start line and
* column match `startLine` and `startColumn`, and its end line and column match `endLine` and
* `endColumn`.
*
* - filePath: alert location file path (absolute).
* - startLine: alert location start line number (1-based).
* - startColumn: alert location start column number (1-based).
* - endLine: alert location end line number (1-based).
* - endColumn: alert location end column number (1-based).
*
* A query should either perform no alert filtering, or adhere to all the filtering rules in this
* module and return all and only the accepted alerts.
*
* This predicate is suitable for situations where we want to filter by the exact alert location,
* distinguishing between alerts on the same line.
*
* See also: `restrictAlertsTo`.
*/
extensible predicate restrictAlertsToExactLocation(
string filePath, int startLine, int startColumn, int endLine, int endColumn
);
/** Module for applying alert location filtering. */
module AlertFilteringImpl<LocationSig Location> {
/** Applies alert filtering to the given location. */
bindingset[location]
predicate filterByLocation(Location location) {
not restrictAlertsTo(_, _, _) and not restrictAlertsToExactLocation(_, _, _, _, _)
or
exists(string filePath, int startLineStart, int startLineEnd |
restrictAlertsTo(filePath, startLineStart, startLineEnd)
|
startLineStart = 0 and
startLineEnd = 0 and
location.hasLocationInfo(filePath, _, _, _, _)
or
location.hasLocationInfo(filePath, [startLineStart .. startLineEnd], _, _, _)
)
or
exists(string filePath, int startLine, int startColumn, int endLine, int endColumn |
restrictAlertsToExactLocation(filePath, startLine, startColumn, endLine, endColumn)
|
location.hasLocationInfo(filePath, startLine, startColumn, endLine, endColumn)
)
}
}