Enhancement: add support for suppressing multiple types of CodeQL alerts on the same line

[adam-vonderviszt]

Naming code-identifiers in coding-standards.yml differently for each rule-id should be considered a good practice, however the current implementation of CodeQL, doesn't provide a way for suppressing multiple types of CodeQL alerts on the same line with different code-identifiers. Using the same code-identifier should not be considered as a solution for this problem.

Therefore, a feature for suppressing multiple types of CodeQL alerts on the same line would be inevitable in the future, similarly what clang-tidy can provide with the syntax NOLINT(error_code1, error_code2, ..., error_codeN).

Proposed Solution: Introduce NOCODEQL syntax or similar feature for suppressing multiple types of CodeQL alerts on the same line:

ReturnTypeGeneratesAnAlert MyFunction(ParamTypeGeneratesAnAlert p1) {  // NOCODEQL(code-identifier#1, code-identifier#2)
...
}

[lcartey]

@adam-vonderviszt thank you for opening this issue!

I believe we already support two code-identifiers on the same comment line - as we support one at the start and one at the end of the comment, like this:

ReturnTypeGeneratesAnAlert MyFunction(ParamTypeGeneratesAnAlert p1) {  // code-identifier#1 code-identifier#2
...
}

However, it seems reasonable to generalize this to support multiple suppressions. I think we'd need to bikeshed the name and structure, as this wouldn't apply to CodeQL as a whole - only the Coding Standards queries.

/cc @rvermeulen

[adam-vonderviszt]

@lcartey Thanks for your reply, and I am glad you are sort of positive about it. :)

Maybe I used not the most up to date version of CodeQL, but the last time I tried using two identifiers on a single line it didnt work for me.