11/**
2- * Provides the `restrictAlertsTo` extensible predicate to restrict alerts to specific source
3- * locations, and the `AlertFilteringImpl` parameterized module to apply the filtering.
2+ * Provides the `restrictAlertsTo` and `restrictAlertsToExactLocation` extensible predicate to
3+ * restrict alerts to specific source locations, and the `AlertFilteringImpl` parameterized module
4+ * to apply the filtering.
45 */
56overlay [ local?]
67module ;
@@ -13,55 +14,54 @@ private import codeql.util.Location
1314 * GitHub Code Scanning.
1415 *
1516 * This predicate is active if and only if it is nonempty. If this predicate is inactive, it has no
16- * effect. If it is active, queries may omit alerts that don't have a _primary_ or _related_
17- * location ( in SARIF terminology) whose start line is within a specified range. Queries are allowed
18- * to produce alerts outside this range .
17+ * effect. If it is active, queries may omit alerts that don't have a matching ( see below ) _primary_
18+ * or _related_ location ( in SARIF terminology) . Queries are still allowed to produce alerts that
19+ * have no matching locations , but they are not required to do so .
1920 *
20- * An alert location is a match if it matches a row in this predicate . If `startLineStart ` and
21- * `startLineEnd ` are both 0 , the row specifies a whole- file match, and a location is a match if
21+ * An alert location is a match if it matches a row in this predicate . If `lineStart ` and
22+ * `lineEnd ` are both 0 , the row specifies a whole- file match, and a location is a match if
2223 * its file path matches `filePath`. Otherwise, the row specifies a line- range match, and a
23- * location is a match if its file path matches `filePath`, and its start line is between
24- * `startLineStart` and `startLineEnd`, inclusive. ( Note that only start line of the location is
25- * used for matching because an alert is displayed on the first line of its location.)
24+ * location is a match if its file path matches `filePath`, and its character range intersects
25+ * with the range from the beginning of `lineStart` to the end of `lineEnd`.
2626 *
2727 * - filePath: alert location file path ( absolute) .
28- * - startLineStart : inclusive start of the range for alert location start line number ( 1 - based) .
29- * - startLineEnd : inclusive end of the range for alert location start line number ( 1 - based) .
28+ * - lineStart : inclusive start of the line range ( 1 - based) .
29+ * - lineEnd : inclusive end of the line range ( 1 - based) .
3030 *
31- * Note that an alert that is not accepted by this filtering predicate may still be included in the
32- * query results if it is accepted by another active filtering predicate in this module . An alert is
33- * excluded from the query results if only if ( 1 ) there is at least one active filtering predicate ,
34- * and ( 2 ) it is not accepted by any active filtering predicate .
31+ * Note that even if an alert has no matching locations for this filtering predicate, it could still
32+ * have matching locations for other filtering predicates in this module . In that case , queries must
33+ * still produce such an alert. An alert can be omitted if only if ( 1 ) there is at least one active
34+ * filtering predicate , and ( 2 ) it has no matching locations for any active filtering predicate .
3535 *
3636 * See also: `restrictAlertsToExactLocation`.
3737 * /
38- extensible predicate restrictAlertsTo( string filePath, int startLineStart , int startLineEnd ) ;
38+ extensible predicate restrictAlertsTo( string filePath, int lineStart , int lineEnd ) ;
3939
4040/**
4141 * Holds if the query may restrict its computation to only produce alerts that match the given
42- * character ranges. This predicate is suitable for testing, where we want to filter by the exact
43- * alert location, distinguishing between alerts on the same line.
42+ * character ranges. This predicate is suitable for testing, where we want to distinguish between
43+ * alerts on the same line.
4444 *
4545 * This predicate is active if and only if it is nonempty. If this predicate is inactive, it has no
46- * effect. If it is active, queries may omit alerts that don't have a _primary_ or _related_
47- * location (in SARIF terminology) whose location equals a tuple from this predicate. Queries are
48- * allowed to produce alerts outside this range .
46+ * effect. If it is active, queries may omit alerts that don't have a matching (see below) _primary_
47+ * or _related_ location (in SARIF terminology). Queries are still allowed to produce alerts that
48+ * have no matching locations, but they are not required to do so .
4949 *
50- * An alert location is a match if it matches a row in this predicate. Each row specifies an exact
51- * location: an alert location is a match if its file path matches `filePath`, its start line and
52- * column match `startLine` and `startColumn`, and its end line and column match `endLine` and
53- * `endColumn`.
50+ * An alert location is a match if it matches a row in this predicate. Each row specifies a
51+ * character-range match, and a location is a match if its file path matches `filePath`, and its
52+ * character range wholly contains the character range from `startColumn` on `startLine` to
53+ * `endColumn` on `endLine` (inclusive) .
5454 *
5555 * - filePath: alert location file path (absolute).
56- * - startLine: alert location start line number (1-based).
57- * - startColumn: alert location start column number (1-based).
58- * - endLine: alert location end line number (1-based).
59- * - endColumn: alert location end column number (1-based).
56+ * - startLine: inclusive start line of the character range (1-based).
57+ * - startColumn: inclusive start column of the character range (1-based).
58+ * - endLine: inclusive end line of the character range (1-based).
59+ * - endColumn: inclusive end column of the character range (1-based).
6060 *
61- * Note that an alert that is not accepted by this filtering predicate may still be included in the
62- * query results if it is accepted by another active filtering predicate in this module. An alert is
63- * excluded from the query results if only if (1) there is at least one active filtering predicate,
64- * and (2) it is not accepted by any active filtering predicate.
61+ * Note that even if an alert has no matching locations for this filtering predicate, it could still
62+ * have matching locations for other filtering predicates in this module. In that case, queries must
63+ * still produce such an alert. An alert can be omitted if only if (1) there is at least one active
64+ * filtering predicate, and (2) it has no matching locations for any active filtering predicate.
6565 *
6666 * See also: `restrictAlertsTo`.
6767 */
@@ -83,22 +83,11 @@ module AlertFilteringImpl<LocationSig Location> {
8383 }
8484
8585 /**
86- * Holds if the given location intersects the diff range. When that is the
87- * case, ensuring that alerts mentioning this location are included in the
88- * query results is a valid overapproximation of the requirements for
89- * _diff-informed queries_ as documented under `restrictAlertsTo`.
86+ * Holds if the given location is a match for one of the active filtering
87+ * predicates in this module, or if all filtering predicates are inactive
88+ * (which means that all alerts must be produced).
9089 *
91- * Testing for full intersection rather than only matching the start line
92- * means that this predicate is more broadly useful than just checking whether
93- * a specific element is considered to be in the diff range of GitHub Code
94- * Scanning:
95- * - If it's inconvenient to pass the exact `Location` of the element of
96- * interest, it's valid to use a `Location` of an enclosing element.
97- * - This predicate could be useful for other systems of alert presentation
98- * where the rules don't exactly match GitHub Code Scanning.
99- *
100- * If there is no diff range, this predicate holds for all locations. Note
101- * that this predicate has a bindingset and will therefore be inlined;
90+ * Note that this predicate has a bindingset and will therefore be inlined;
10291 * callers should include enough context to ensure efficient evaluation.
10392 */
10493 bindingset [ location]
0 commit comments