You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| Windows Server 2022 | WHCP_21H2 | 2.4.6 or 2.15.4|
17
+
| Windows 11 | WHCP_21H2 | 2.4.6 or 2.15.4|
18
+
| Windows 11, version 22H2 | WHCP_22H2 | 2.6.3 or 2.15.4|
19
19
20
20
For general use, use the `main` branch along with [version 2.15.4 of the CodeQL CLI](https://github.com/github/codeql-cli-binaries/releases/tag/v2.15.4).
21
21
@@ -28,30 +28,15 @@ For general use, use the `main` branch along with [version 2.15.4 of the CodeQL
28
28
29
29
1. Download the CodeQL CLI zip by selecting the asset associated with your OS and architecture (codeql-win64.zip, codeql-linux64.zip, etc.), then extract it to the directory you created in the previous step.
30
30
31
-
For the WHCP Program, use the CodeQL CLI version in accordance with the table above and Windows release you are certifying for: [version 2.4.6](https://github.com/github/codeql-cli-binaries/releases/tag/v2.4.6) or [version 2.6.3](https://github.com/github/codeql-cli-binaries/releases/tag/v2.6.3).
31
+
**NOTE** Visual Studio 17.8 broke compatibility with the older versions of CodeQL used in the WHCP_21H2 and WHCP_22H2 branches. [CodeQL CLI version 2.15.4](https://github.com/github/codeql-cli-binaries/releases/tag/v2.15.4) has been validated for use with WHCP 21H2 and WHCP 22H2 when using Visual Studio 17.8 or greater.
32
+
33
+
For the WHCP Program, use the CodeQL CLI version in accordance with the table above and Windows release you are certifying for: [version 2.4.6](https://github.com/github/codeql-cli-binaries/releases/tag/v2.4.6), [version 2.6.3](https://github.com/github/codeql-cli-binaries/releases/tag/v2.6.3), or [version 2.15.4](https://github.com/github/codeql-cli-binaries/releases/tag/v2.15.4).
34
+
35
+
32
36
33
37
For general use with the `main` branch, use [CodeQL CLI version 2.15.4](https://github.com/github/codeql-cli-binaries/releases/tag/v2.15.4).
34
38
35
-
36
-
1. Clone and install the Windows Driver Developer Supplemental Tools repository which contains the CodeQL queries specific for drivers:
1. Verify CodeQL is installed correctly by checking the version:
57
42
```
@@ -64,15 +49,40 @@ For general use, use the `main` branch along with [version 2.15.4 of the CodeQL
64
49
use 'codeql resolve qlpacks' and 'codeql resolve languages'.
65
50
```
66
51
67
-
1. Install CodeQL Packages using `codeql pack install`
68
-
69
-
For WHCP BRANCHES: Skip this step.
52
+
1. Install CodeQL Packages
53
+
54
+
For WHCP_21H2 and WHCP_22H2 branches:
55
+
56
+
1. If using Visual Studio 2022 17.8 or greater with WHCP_21H2 or WHCP_22H2 and CodeQL CLI version 2.15.4:
70
57
71
-
For MAIN AND DEVELOPMENT BRANCHESuse:
58
+
Follow the steps for "ALL OTHER BRANCHES." **Make sure to remove the CodeQL submodule if you still have an old version of the repo cloned.** CodeQL might try to use the queries in the submodule by default which will cause errors because of mismatched versions.
1. If using Visual Studio version 17.7 or below **AND** either WHCP_21H2 or WHCP_22H2 **AND** CodeQL VLI version 2.4.6 or 2.6.3:
61
+
62
+
Follow special instructions for WHCP_21H2 and WHCP_22H2 using VS17.7 at the end of this readme
63
+
64
+
65
+
**For ALL OTHER BRANCHES:**
66
+
67
+
**Note:** It is no longer necessary to clone the Windows-Driver-Developer-Supplemental-Tools repo to use the queries for certification.
68
+
69
+
Download the latest version of the microsoft/windows-drivers pack:
75
70
```
71
+
codeql pack download microsoft/windows-drivers
72
+
```
73
+
CodeQL will install the microsoft/windows-drivers pack to the default directory `C:\Users\<current user>\.codeql\packages\microsoft\windows-drivers\<downloaded version>\`. Do not change this directory or move the installed pack.
@@ -88,14 +98,27 @@ For general use, use the `main` branch along with [version 2.15.4 of the CodeQL
88
98
1. Analyze your CodeQL database:
89
99
90
100
CodeQL's analysis output is provided in the form of a SARIF log file. For a human readable format, drop the SARIF file into [SARIF Viewer Website](https://microsoft.github.io/sarif-web-component/). (If there are violations, they will show up. If not, the page will not update.)
101
+
102
+
CodeQL query suites are provided in the suites directory and contain the sets of all recommended and mustfix queries. The desired query suite file should be downloaded/copied locally.
103
+
104
+
1. Create a local copy of the desired query suite file:
105
+
106
+
* windows_all_mustfix.qls
107
+
* windows_all_recommended.qls
108
+
109
+
2. To analyze a CodeQL database run the following command:
91
110
```
92
-
D:\codeql-home\codeql>codeql database analyze <path to database> --format=sarifv2.1.0 --output=<"path to output file".sarif> <path to query/suite to run>
111
+
codeql database analyze --download <path to database> <path to query suite .qls file> --format=sarifv2.1.0 --output=<outputname>.sarif
**NOTE** The "--download" flag tells CodeQL to download dependencies before running the queries.
114
+
115
+
Specific versions, queries, or suites can be specified using the format `codeql database analyze <database> <scope>/<pack>@x.x.x:<path>`. For futher information, see the [CodeQL documentation](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs#using-a-codeql-pack-to-analyze-a-codeql-database).
0 commit comments