Merge pull request #807 from github/lcartey/extend-deviations

Add support for deviations on next line and multiple lines

Author: MichaelRFairhurst

change_notes/2025-02-13-deviations.md

@@ -0,0 +1,13 @@
+ - A new in code deviation format has been introduced, using the C/C++ attribute syntax:
+   ```
+   [[codeql::<standard>_deviation("<code-identifier>")]]
+   ```
+   This can be applied to functions, statements and variables to apply a deviation from the Coding Standards configuration file. The user manual has been updated to describe the new format.
+ - For those codebases that cannot use standard attributes, we have also introduced a comment based syntax
+   ```
+   // codeql::<standard>_deviation(<code-identifier>)
+   // codeql::<standard>_deviation_next_line(<code-identifier>)
+   // codeql::<standard>_deviation_begin(<code-identifier>)
+   // codeql::<standard>_deviation_end(<code-identifier>)
+   ```
+   Further information is available in the user manual.

cpp/common/src/codingstandards/cpp/Exclusions.qll

@@ -35,19 +35,14 @@ predicate isExcluded(Element e, Query query, string reason) {
     ) and
     reason = "Query has an associated deviation record for the element's file."
     or
-    // The element is on the same line as a suppression comment
-    exists(Comment c |
-      c = dr.getACodeIdentifierComment() and
-      query = dr.getQuery()
-    |
-      exists(string filepath, int endLine |
-        // Comment occurs on the same line as the end line of the element
-        e.getLocation().hasLocationInfo(filepath, _, _, endLine, _) and
-        c.getLocation().hasLocationInfo(filepath, endLine, _, _, _)
-      )
-    ) and
-    reason =
-      "Query has an associated deviation record with a code identifier that is applied to the element."
+    // The element is annotated by a code identifier that deviates this rule
+    exists(CodeIdentifierDeviation deviationInCode |
+      dr.getQuery() = query and
+      deviationInCode = dr.getACodeIdentifierDeviation() and
+      deviationInCode.isElementMatching(e) and
+      reason =
+        "Query has an associated deviation record with a code identifier that is applied to the element."
+    )
   )
   or
   // The effective category of the query is 'Disapplied'.