Skip to content

Update CodeQL warning suppressions#4985

Merged
StephanTLavavej merged 1 commit intomicrosoft:mainfrom
StephanTLavavej:a-silence-like-the-depths
Sep 28, 2024
Merged

Update CodeQL warning suppressions#4985
StephanTLavavej merged 1 commit intomicrosoft:mainfrom
StephanTLavavej:a-silence-like-the-depths

Conversation

@StephanTLavavej
Copy link
Member

@StephanTLavavej StephanTLavavej commented Sep 26, 2024

Our internal infrastructure that periodically runs CodeQL and creates automated bug reports is changing how it accepts warning suppressions.

🏚️ Old suppression comments

The suppression comments that we've been using, of the form // lgtm [cpp/too-many-puppies], are now rejected with:

cpp/policy/alert-suppression-without-justification
[SM03936] Alert Suppression Without Justification
A legacy (LGTM) CodeQL suppression comment without a justification was detected.

🪄 New suppression comments

The new form that we must use is:

// CodeQL [OpaqueID] Justification consisting of 25 or more characters

This comment can appear on the affected line, or immediately above it.

Note that the opaque ID SM03936 for Alert Suppression Without Justification isn't what we ever want to use - we need to use the opaque ID for the underlying warning. I believe I've correctly looked these up, but we'll have to wait for the next round of automated bug reports to confirm.

🧹 Control flow cleanup

I'm changing how we handle _System_error_message. The behavior is unchanged, except that it replaces an _STL_INTERNAL_CHECK (can't happen) with emitting "unknown error".

🤫 Original suppression PRs

🐞 Internal bugs fixed

@StephanTLavavej
Update CodeQL suppressions
43df307 
Fixes:
VSO-2255050
VSO-2255054
VSO-2255066
VSO-2255071
VSO-2255089
VSO-2255098
VSO-2255102
VSO-2255103
VSO-2255111

Original suppressions:
GH 3489
GH 3585
GH 4942

Change `_System_error_message` control flow. This replaces an `_STL_INTERNAL_CHECK` with "unknown error".
@StephanTLavavej StephanTLavavej added the enhancement Something can be improved label Sep 26, 2024
@StephanTLavavej StephanTLavavej requested a review from a team as a code owner September 26, 2024 19:56
@StephanTLavavej StephanTLavavej mentioned this pull request Sep 26, 2024
Open
@CaseyCarter CaseyCarter self-assigned this Sep 26, 2024
@CaseyCarter CaseyCarter removed their assignment Sep 27, 2024
@StephanTLavavej StephanTLavavej self-assigned this Sep 27, 2024
@StephanTLavavej
Copy link
Member Author

StephanTLavavej commented Sep 27, 2024

I'm mirroring this to the MSVC-internal repo - please notify me if any further changes are pushed.

@StephanTLavavej StephanTLavavej merged commit faccf00 into microsoft:main Sep 28, 2024
@StephanTLavavej StephanTLavavej deleted the a-silence-like-the-depths branch September 28, 2024 20:28
@StephanTLavavej StephanTLavavej mentioned this pull request Oct 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@CaseyCarter CaseyCarter CaseyCarter approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@StephanTLavavej StephanTLavavej

Labels

enhancement Something can be improved

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@StephanTLavavej @CaseyCarter