C#: Mass add quality queries to the Code Quality suite.

[michaelnebel]

In this PR we

• Add many queries to the Code Quality suite, which means that all C# quality like queries with precision high or very-high are now included in the Code Quality suite except for some queries that should be configurable. The following queries were not added
  • cs/too-many-ref-parameters
  • cs/complex-block
  • cs/complex-condition
  • cs/chained-type-tests
  • cs/coupled-types
• Tagging of all queries in the Code Quality suite is now aligned with the guide.

The changes were made using Co-Pilot agent mode and the prompt:

Find the queries with the following IDs
<List of query IDS>

Please change the query metadata in the following way

• Add the tag “quality” if not already there.
• Add either the tag “maintainability” or “reliability” based on the following description:
  • “maintainability”: For queries that detect patterns that make it harder for developers to make changes to the code.
  • “reliability”: For queries that detect issues that affect whether the code will perform as expected during execution.
• If a query already has both the tag “maintainability” and “reliability” only keep the most relevant one.
• Also consider adding the following sub-category tags
  • If a query is tagged with “maintainability” then: Add “readability” if the query detects confusing patterns that make it harder for developers to read the code. Add “useless-code” if the query detects functions that are never used and other instances of unused code. Add “complexity” if the query patterns in the code that lead to unnecessary complexity such as unclear control flow, or high cyclomatic complexity
  • If a query is tagged with "reliability" then: Add “correctness” if the query detects incorrect program behavior or can result in unintended outcomes. Add “performance” if the query detects code that could impact performance through inefficient algorithms, unnecessary computation. Add “concurrency” if the query detects concurrency related issues such as race conditions, deadlocks, thread safety, add “error-handling” if the query detects issues related to unsafe error handling such as uncaught exceptions.

[michaelnebel]

Compared the number of alerts pr query for traced / buildless on approximately the same set of projects (the traced include dotnet/runtime by mistake - but then had other 15 overlapping projects). There doesn't appear to be a difference in the total number of alerts that are off by an order of magnitude (eg. 10x+) for any query, except for cs/comparison-of-identical-expressions. Since cs/comparison-of-identical-expressions doesn't appear to produce that many results overall, I think we should still include it for now (maybe feedback will tell us something different).

[Copilot]

Pull Request Overview

Adds high-precision C# quality queries to the Code Quality suite and aligns all query metadata tags with the official style guide.

• Systematically updates each query’s @tags to include the generic quality tag, a primary category (maintainability or reliability), and relevant sub-categories.
• Introduces a new change-notes entry summarizing the tagging updates.
• Updates the csharp-code-quality.qls.expected integration test to include all newly tagged queries.

Reviewed Changes

Copilot reviewed 79 out of 79 changed files in this pull request and generated no comments.

File	Description
csharp/ql/src/change-notes/2025-06-16-tagging.md	Add change-notes entry summarizing the metadata tagging changes
csharp/ql/src/**/*.ql	Retag queries with quality plus appropriate primary/sub-category tags
csharp/ql/integration-tests/posix/query-suite/csharp-code-quality.qls.expected	Extend expected suite listing to include newly added queries

Comments suppressed due to low confidence (6)

csharp/ql/src/change-notes/2025-06-16-tagging.md:1

• Consider adding a title field in the front-matter (e.g., title: "2025-06-16 Tagging Update") to follow the pattern used by other change-notes and improve discoverability.

---

csharp/ql/src/Language Abuse/ChainedIs.ql:6

• Per the PR description, cs/chained-type-tests should be configurable and not added. Please remove the tag changes for this query.

* @id cs/chained-type-tests

csharp/ql/integration-tests/posix/query-suite/csharp-code-quality.qls.expected:1

• [nitpick] The expected suite list has many new entries; consider sorting them alphabetically (or grouping by category) to maintain readability and reduce merge conflicts.

ql/csharp/ql/src/API Abuse/CallToGCCollect.ql

csharp/ql/src/Complexity/ComplexCondition.ql:8

• The PR description states that cs/complex-condition should be excluded from the suite; this change re-tags it. Please remove or revert the tag updates for this query to honor the exclusion.

* @tags maintainability

csharp/ql/src/Complexity/BlockWithTooManyStatements.ql:12

• According to the PR description, cs/complex-block should not be added to the suite. These tag changes should be reverted for this query.

*       testability

csharp/ql/src/Bad Practices/Declarations/TooManyRefParameters.ql:9

• The PR description excludes cs/too-many-ref-parameters; this retagging contradicts that. Please revert these metadata updates.

* @tags maintainability

[tamasvajk]

This query also uses a hardcoded threshold. I wouldn't include it.

[michaelnebel]

Yes, you are right! I missed that!

[tamasvajk]

LGTM