analyzer: Add SecurityLintCode and a new getter on ErrorCode, isIgnorable

`isIgnorable` is the new way to determine whether a report from the
analyzer can be ignored. Codes with an ERROR severity are not ignorable,
and the new SecurityLintCode is not ignorable.

Change-Id: Ied72f1b61808eda088b947b8836e0cf1dfdd9850
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/143331
Commit-Queue: Samuel Rawlins <srawlins@google.com>
Reviewed-by: Brian Wilkerson <brianwilkerson@google.com>

pkg/_fe_analyzer_shared/lib/src/base/errors.dart

@@ -62,6 +62,10 @@ abstract class ErrorCode {
    */
   ErrorSeverity get errorSeverity;
 
+  /// Whether a finding of this error is ignorable via comments such as
+  /// `// ignore:` or `// ignore_for_file:`.
+  bool get isIgnorable => errorSeverity != ErrorSeverity.ERROR;
+
   /**
    * The type of the error.
    */
@@ -225,7 +229,7 @@ class ErrorType implements Comparable<ErrorType> {
     STATIC_WARNING,
     STATIC_TYPE_WARNING,
     SYNTACTIC_ERROR,
-    LINT
+    LINT,
   ];
 
   /**

pkg/analysis_server/test/protocol_server_test.dart

@@ -359,6 +359,9 @@ class MockErrorCode implements engine.ErrorCode {
   @override
   bool get hasPublishedDocs => false;
 
+  @override
+  bool get isIgnorable => true;
+
   @override
   bool get isUnresolvedIdentifier => false;
 

pkg/analyzer/lib/src/dart/analysis/library_analyzer.dart

@@ -7,7 +7,6 @@ import 'package:analyzer/dart/analysis/features.dart';
 import 'package:analyzer/dart/ast/ast.dart';
 import 'package:analyzer/dart/ast/visitor.dart';
 import 'package:analyzer/dart/element/element.dart';
-import 'package:analyzer/diagnostic/diagnostic.dart';
 import 'package:analyzer/error/error.dart';
 import 'package:analyzer/error/listener.dart';
 import 'package:analyzer/file_system/file_system.dart';
@@ -414,7 +413,14 @@ class LibraryAnalyzer {
     bool isIgnored(AnalysisError error) {
       var code = error.errorCode;
       // Don't allow error severity issues to be ignored.
-      if (error.severity == Severity.error) {
+      if (!code.isIgnorable) {
+        // The [code] is not ignorable, but we've allowed a few "privileged"
+        // cases. Each is annotated with an issue which represents technical
+        // debt. Once cleaned up, we may remove this notion of "privileged".
+        // In the case of [CompileTimeErrorCode.IMPORT_INTERNAL_LIBRARY], we may
+        // just decide that it happens enough in tests that it can be declared
+        // an ignorable error, and in practice other back ends will prevent
+        // non-internal code from importing internal code.
         bool privileged = false;
 
         if (code == StaticTypeWarningCode.UNDEFINED_FUNCTION ||

pkg/analyzer/lib/src/dart/error/lint_codes.dart

@@ -4,13 +4,11 @@
 
 import 'package:analyzer/error/error.dart';
 
-/**
- * Defines style and best practice recommendations.
- *
- * Unlike [HintCode]s, which are akin to traditional static warnings from a
- * compiler, lint recommendations focus on matters of style and practices that
- * might aggregated to define a project's style guide.
- */
+/// Defines style and best practice recommendations.
+///
+/// Unlike [HintCode]s, which are akin to traditional static warnings from a
+/// compiler, lint recommendations focus on matters of style and practices that
+/// might aggregated to define a project's style guide.
 class LintCode extends ErrorCode {
   const LintCode(String name, String message, {String correction})
       : super.temporary(name, message, correction: correction);
@@ -27,14 +25,24 @@ class LintCode extends ErrorCode {
   @override
   ErrorType get type => ErrorType.LINT;
 
-  /**
-   * Overridden so that [LintCode] and its subclasses share the same uniqueName
-   * pattern (we know how to identify a lint even if we don't know the specific
-   * subclass the lint's code is defined in.
-   */
+  /// Overridden so that [LintCode] and its subclasses share the same uniqueName
+  /// pattern (we know how to identify a lint even if we don't know the specific
+  /// subclass the lint's code is defined in.
   @override
   String get uniqueName => "LintCode.$name";
 
   @override
   String get url => 'https://dart-lang.github.io/linter/lints/$name.html';
 }
+
+/// Defines security-related best practice recommendations.
+///
+/// The primary difference from [LintCode]s is that these codes cannot be
+/// suppressed with `// ignore:` or `// ignore_for_file:` comments.
+class SecurityLintCode extends LintCode {
+  const SecurityLintCode(String name, String message, {String correction})
+      : super(name, message, correction: correction);
+
+  @override
+  bool get isIgnorable => false;
+}

pkg/analyzer_cli/test/mocks.dart

@@ -91,6 +91,9 @@ class MockErrorCode implements ErrorCode {
   @override
   bool get hasPublishedDocs => false;
 
+  @override
+  bool get isIgnorable => true;
+
   @override
   bool get isUnresolvedIdentifier => false;
 

pkg/front_end/test/spell_checking_list_common.txt

@@ -1369,6 +1369,7 @@ identify
 identity
 ie
 if
+ignorable
 ignorant
 ignore
 ignored
@@ -2556,6 +2557,7 @@ searches
 searching
 second
 section
+security
 see
 seeing
 seem