microsoft · jacob-ronstadt · May 9, 2025 · Apr 24, 2025 · May 2, 2025 · May 6, 2025
diff --git a/src/qlpack.yml b/src/qlpack.yml
@@ -2,7 +2,7 @@
 # Licensed under the MIT license.
 
 name: microsoft/windows-drivers
-version: 1.5.0
+version: 1.5.1
 dependencies:
     codeql/cpp-all: 4.0.0
     microsoft/cpp-queries: 0.0.2

diff --git a/src/windows-driver-suites/mustfix.qls b/src/windows-driver-suites/mustfix.qls
@@ -14,30 +14,7 @@
 - include:
     query path: 
       - Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
-      - Likely Bugs/Format/WrongNumberOfFormatArguments.ql
       - Likely Bugs/Memory Management/PointerOverflow.ql
-      - Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql
-      - Likely Bugs/OO/UnsafeUseOfThis.ql
-      - Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql
-      - Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql
       - Likely Bugs/Underspecified Functions/TooFewArguments.ql
-      - Microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql
-      - Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql
-      - Microsoft/Security/Cryptography/BannedEncryption.ql
-      - Microsoft/Security/Cryptography/BannedModesCAPI.ql
-      - Microsoft/Security/Cryptography/BannedModesCNG.ql
-      - Microsoft/Security/Cryptography/HardcodedIVCNG.ql
-      - Microsoft/Security/MemoryAccess/EnumIndex/UncheckedBoundsEnumAsIndex.ql
-      - Security/CWE/CWE-078/ExecTainted.ql
-      - Security/CWE/CWE-114/UncontrolledProcessOperation.ql
-      - Security/CWE/CWE-120/BadlyBoundedWrite.ql
-      - Security/CWE/CWE-120/OverrunWrite.ql
-      - Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
-      - Security/CWE/CWE-170/ImproperNullTerminationTainted.ql
       - Security/CWE/CWE-190/ComparisonWithWiderType.ql
-      - Security/CWE/CWE-253/HResultBooleanConversion.ql
-      - Security/CWE/CWE-327/OpenSslHeartbleed.ql
-      - Security/CWE/CWE-676/DangerousFunctionOverflow.ql
-      - Security/CWE/CWE-676/DangerousUseOfCin.ql
-      - Security/CWE/CWE-704/WcharCharConversion.ql 
-      - Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql
+      - Security/CWE/CWE-253/HResultBooleanConversion.ql
diff --git a/src/windows-driver-suites/mustrun.qls b/src/windows-driver-suites/mustrun.qls
@@ -0,0 +1,5 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT license.
+
+- description: Must-run queries for Windows Drivers.
+- import: windows-driver-suites/recommended.qls #recommended includes mustfix
diff --git a/src/windows-driver-suites/recommended.qls b/src/windows-driver-suites/recommended.qls
@@ -3,77 +3,31 @@
 
 - description: Recommended and required queries for Windows Drivers.
 - import: windows-driver-suites/mustfix.qls
-- queries: .
-  from: microsoft/windows-drivers
-- include:
-    query path: 
-      - drivers/general/queries/AnnotationSyntax/AnnotationSyntax.ql
-      - drivers/general/queries/CurrentFunctionTypeNotCorrect/CurrentFunctionTypeNotCorrect.ql
-      - drivers/general/queries/DefaultPoolTag/DefaultPoolTag.ql
-      - drivers/general/queries/DriverEntrySaveBuffer/DriverEntrySaveBuffer.ql
-      - drivers/general/queries/ExaminedValue/ExaminedValue.ql
-      - drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql
-      - drivers/general/queries/IRPStackEntryCopy/IRPStackEntryCopy.ql
-      - drivers/general/queries/ImportantFunctionCallOptimizedOut/ImportantFunctionCallOptimizedOut.ql
-      - drivers/general/queries/ImproperNotOperatorOnZero/ImproperNotOperatorOnZero.ql
-      - drivers/general/queries/InvalidFunctionClassTypedef/InvalidFunctionClassTypedef.ql
-      - drivers/general/queries/InvalidFunctionPointerAnnotation/InvalidFunctionPointerAnnotation.ql
-      - drivers/general/queries/IoInitializeTimerCall/IoInitializeTimerCall.ql
-      - drivers/general/queries/IrqlAnnotationIssue/IrqlAnnotationIssue.ql
-      - drivers/general/queries/IrqlCancelRoutine/IrqlCancelRoutine.ql
-      - drivers/general/queries/IrqlFloatStateMismatch/IrqlFloatStateMismatch.ql
-      - drivers/general/queries/IrqlNotSaved/IrqlNotSaved.ql
-      - drivers/general/queries/IrqlNotUsed/IrqlNotUsed.ql
-      - drivers/general/queries/IrqlSetTooHigh/IrqlSetTooHigh.ql
-      - drivers/general/queries/IrqlSetTooLow/IrqlSetTooLow.ql
-      - drivers/general/queries/IrqlTooHigh/IrqlTooHigh.ql
-      - drivers/general/queries/IrqlTooLow/IrqlTooLow.ql
-      - drivers/general/queries/KeSetEventPageable/KeSetEventPageable.ql
-      - drivers/general/queries/MultithreadedAVCondition/MultithreadedAVCondition.ql
-      - drivers/general/queries/NtstatusExplicitCast/NtstatusExplicitCast.ql
-      - drivers/general/queries/NtstatusExplicitCast2/NtstatusExplicitCast2.ql
-      - drivers/general/queries/NtstatusExplicitCast3/NtstatusExplicitCast3.ql
-      - drivers/general/queries/NullCharacterPointerAssignment/NullCharacterPointerAssignment.ql
-      - drivers/general/queries/OperandAssignment/OperandAssignment.ql
-      - drivers/general/queries/PointerVariableSize/PointerVariableSize.ql
-      - drivers/general/queries/PoolTagIntegral/PoolTagIntegral.ql
-      - drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.ql
-      - drivers/general/queries/RoutineFunctionTypeNotExpected/RoutineFunctionTypeNotExpected.ql
-      - drivers/general/queries/StrSafe/StrSafe.ql
-      - drivers/general/queries/StrictTypeMatch/StrictTypeMatch.ql
-      - drivers/wdm/queries/IllegalFieldAccess/IllegalFieldAccess.ql
-      - drivers/wdm/queries/IllegalFieldAccess2/IllegalFieldAccess2.ql
-      - drivers/wdm/queries/IllegalFieldWrite/IllegalFieldWrite.ql
-      - drivers/wdm/queries/InitNotCleared/InitNotCleared.ql
-      - drivers/wdm/queries/KeWaitLocal/KeWaitLocal.ql
-      - drivers/wdm/queries/MultiplePagedCode/MultiplePagedCode.ql
-      - drivers/wdm/queries/ObReferenceMode/ObReferenceMode.ql
-      - drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlUse.ql
-      - drivers/wdm/queries/OpaqueMdlWrite/OpaqueMdlWrite.ql
-      - drivers/wdm/queries/PendingStatusError/PendingStatusError.ql
-      - drivers/wdm/queries/WrongDispatchTableAssignment/WrongDispatchTableAssignment.ql
-      - microsoft/Likely Bugs/Boundary Violations/PaddingByteInformationDisclosure.ql
-      - microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql
-      - microsoft/Likely Bugs/Conversion/InfiniteLoop.ql
-      - microsoft/Likely Bugs/Memory Management/UseAfterFree/UseAfterFree.ql
-      - microsoft/Likely Bugs/UninitializedPtrField.ql
-      - microsoft/Security/Crytpography/HardcodedIVCNG.ql
 - queries: . 
   from: microsoft/cpp-queries 
   version: 0.0.2
 - include:
     query path: 
-     - Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql
-     - Likely Bugs/Arithmetic/IntMultToLong.ql
-     - Likely Bugs/Arithmetic/SignedOverflowCheck.ql
-     - Likely Bugs/Conversion/CastArrayPointerArithmetic.ql
-     - Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql
-     - Likely Bugs/Memory Management/SuspiciousSizeof.ql
-     - Likely Bugs/Memory Management/UninitializedLocal.ql
-     - Security/CWE/CWE-121/UnterminatedVarargsCall.ql
-     - Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql
-     - Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
-     - Security/CWE/CWE-468/IncorrectPointerScaling.ql
-     - Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql
-     - Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
-     - Security/CWE/CWE-119/OverflowBuffer.ql
+      - Likely Bugs/Format/WrongNumberOfFormatArguments.ql
+      - Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql
+      - Likely Bugs/OO/UnsafeUseOfThis.ql
+      - Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql
+      - Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql
+      - Microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql
+      - Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql
+      - Microsoft/Security/Cryptography/BannedEncryption.ql
+      - Microsoft/Security/Cryptography/BannedModesCAPI.ql
+      - Microsoft/Security/Cryptography/BannedModesCNG.ql
+      - Microsoft/Security/Cryptography/HardcodedIVCNG.ql
+      - Microsoft/Security/MemoryAccess/EnumIndex/UncheckedBoundsEnumAsIndex.ql
+      - Security/CWE/CWE-078/ExecTainted.ql
+      - Security/CWE/CWE-114/UncontrolledProcessOperation.ql
+      - Security/CWE/CWE-120/BadlyBoundedWrite.ql
+      - Security/CWE/CWE-120/OverrunWrite.ql
+      - Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
+      - Security/CWE/CWE-170/ImproperNullTerminationTainted.ql
+      - Security/CWE/CWE-327/OpenSslHeartbleed.ql
+      - Security/CWE/CWE-676/DangerousFunctionOverflow.ql
+      - Security/CWE/CWE-676/DangerousUseOfCin.ql
+      - Security/CWE/CWE-704/WcharCharConversion.ql 
+      - Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql