Merge pull request #186 from microsoft/development

RI development to main

Author: jacob-ronstadt

.github/workflows/publish.yml

@@ -1,12 +1,20 @@
 
-name: Build and Publish Windows CodeQL queries
+name: Publish CodeQL Pack
 on:
   workflow_dispatch:
     inputs:
-      version:
+      codeql-version:
         description: 'CodeQL version to use'
         required: true
         type: string
+      release-type:
+        description: 'Publish as a pre-release'
+        required: false
+        type: choice
+        options:
+          - alpha
+          - beta
+        
 jobs:
   publish:
     runs-on: windows-latest
@@ -26,7 +34,7 @@ jobs:
 
     - name: CodeQL Download
       run:  
-        Invoke-WebRequest -Uri "https://github.com/github/codeql-cli-binaries/releases/download/v${{ github.event.inputs.version }}/codeql-win64.zip" -OutFile codeql-win64.zip;
+        Invoke-WebRequest -Uri "https://github.com/github/codeql-cli-binaries/releases/download/v${{ github.event.inputs.codeql-version }}/codeql-win64.zip" -OutFile codeql-win64.zip;
         Expand-Archive -Path codeql-win64.zip -DestinationPath .\codeql-zip -Force;
         Move-Item -Path  .\codeql-zip\codeql -Destination .\codeql-cli\
 
@@ -40,5 +48,12 @@ jobs:
       shell: pwsh
       env:
         GITHUB_TOKEN:  ${{ secrets.GITHUB_TOKEN }}
-      run: 
-        .\codeql-cli\codeql.cmd pack publish ./src;
+      run: |
+        if ("${{ github.event.inputs.release-type }}" -ne "") {
+          $version =( Select-String .\src\qlpack.yml -Pattern "version").line;
+          $new_ver = "$version-${{ github.event.inputs.release-type }}";
+          (Get-Content .\src\qlpack.yml).Replace($version, $new_ver) | Set-Content .\src\qlpack.yml;
+          .\codeql-cli\codeql.cmd pack publish --allow-prerelease ./src;
+        } else {
+          .\codeql-cli\codeql.cmd pack publish ./src
+        }

CHANGELOG.md

@@ -0,0 +1,12 @@
+
+# Change Log
+All notable changes to this project will be documented in this file.
+ 
+## [1.8.0] - 2025-07-17
+
+### Added
+ - CHANGELOG.md
+### Changed
+ - ExtendedDeprecatedApis.ql moved from recommended.qls to mustfix.qls
+### Fixed
+ 

config/codeql-config.yml

@@ -2,8 +2,8 @@ name: "CodeQL config"
 disable-default-queries: true
 
 packs:
-  - microsoft/cpp-queries@0.0.2:codeql-suites/cpp-code-scanning.qls
-  - microsoft/windows-drivers@1.5.0-beta+5:windows-driver-suites/recommended.qls
-  - microsoft/windows-drivers@1.5.0-beta+5:drivers\general\queries\experimental\DriverIsolationZwViolation1\DriverIsolationZwViolation1.ql
-  - microsoft/windows-drivers@1.5.0-beta+5:drivers\general\queries\experimental\DriverIsolationZwViolation2\DriverIsolationZwViolation2.ql
-  - microsoft/windows-drivers@1.5.0-beta+5:drivers\general\queries\experimental\DriverIsolationRtlViolation\DriverIsolationRtlViolation.ql
+  - microsoft/cpp-queries@0.0.4:codeql-suites/cpp-code-scanning.qls
+  - microsoft/windows-drivers@1.x:windows-driver-suites/recommended.qls
+  - microsoft/windows-drivers@1.x:drivers\general\queries\experimental\DriverIsolationZwViolation1\DriverIsolationZwViolation1.ql
+  - microsoft/windows-drivers@1.x:drivers\general\queries\experimental\DriverIsolationZwViolation2\DriverIsolationZwViolation2.ql
+  - microsoft/windows-drivers@1.x:drivers\general\queries\experimental\DriverIsolationRtlViolation\DriverIsolationRtlViolation.ql

src/drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql

@@ -493,4 +493,5 @@ class ExtendedDeprecatedCall extends Element {
 
 from ExtendedDeprecatedCall deprecatedCall
 where not deprecatedCall.getLocation().getFile().toString().matches("%Windows Kits%include%.h")
+and not deprecatedCall.getLocation().getFile().toString().matches("%.tmh") // Exclude autogenerated WPP files
 select deprecatedCall, deprecatedCall.getMessage()

src/qlpack.yml

@@ -2,7 +2,7 @@
 # Licensed under the MIT license.
 
 name: microsoft/windows-drivers
-version: 1.7.1
+version: 1.8.0
 dependencies:
     codeql/cpp-all: ^4.2.0
     microsoft/cpp-queries: ^0.0.4

src/windows-driver-suites/mustfix.qls

@@ -7,6 +7,7 @@
 - include:
     query path: 
       - drivers/general/queries/WdkDeprecatedApis/wdk-deprecated-api.ql
+      - drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql
       - microsoft/Security/CWE/CWE-704/WcharCharConversionLimited.ql
 - queries: . 
   from: microsoft/cpp-queries 

src/windows-driver-suites/recommended.qls

@@ -12,7 +12,6 @@
       - drivers/general/queries/DefaultPoolTag/DefaultPoolTag.ql
       - drivers/general/queries/DriverEntrySaveBuffer/DriverEntrySaveBuffer.ql
       - drivers/general/queries/ExaminedValue/ExaminedValue.ql
-      - drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql
       - drivers/general/queries/IRPStackEntryCopy/IRPStackEntryCopy.ql
       - drivers/general/queries/ImportantFunctionCallOptimizedOut/ImportantFunctionCallOptimizedOut.ql
       - drivers/general/queries/ImproperNotOperatorOnZero/ImproperNotOperatorOnZero.ql