RI Development to main

[jacob-ronstadt]

Checklist for Pull Requests

• Description is filled out.
• Only one query or related query group is in this pull request.
• The version number on changed queries has been increased via the @version comment in the file header.
• All unit tests have been run: (Test README.md).
• Commands codeql database create and codeql database analyze have completed successfully.
• A .qhelp file has been added for any new queries or updated if changes have been made to an existing query.

[Copilot]

Pull Request Overview

This pull request introduces several new query implementations, updates to query documentation, and modifications to the CodeQL configuration and workflow. Key changes include new and updated CodeQL queries for driver entry buffer handling, current function type correctness, annotation syntax checking, and an experimental check for unsafe calls in global initializers; dependency updates in codeql-pack.lock.yml; and significant refinements in the GitHub Actions workflows.

Reviewed Changes

Copilot reviewed 302 out of 302 changed files in this pull request and generated 2 comments.

File	Description
src/drivers/general/queries/DriverEntrySaveBuffer/driver_snippet.c	Added multiple DriverEntry functions with variations in how RegistryPath is saved, triggering CodeQL rule warnings
src/drivers/general/queries/AnnotationSyntax/driver_snippet.c	Introduced test cases for various annotation scenarios, including cases with out-of-range dispatch type values
Other files (SARIF, .ql, .qhelp, workflows, README.md, config files)	Updated or added new CodeQL queries, documentation, and dependency & workflow configuration changes

[Copilot]

Assigning the dereferenced RegistryPath directly may not perform a proper copy of the buffer. Consider using a dedicated string copy function like RtlUnicodeStringCopy to ensure that the contents are safely duplicated before the I/O Manager frees the original buffer.

Suggested change

	g_RP3 = *RegistryPath;
	RtlUnicodeStringCopy(&g_RP3, RegistryPath);

[Copilot]

The value 65 used in __drv_dispatchType is outside the allowed range (-1 to 63). Updating this value to a valid number is recommended to prevent annotation-related errors.

Suggested change

	__drv_dispatchType(65)
	__drv_dispatchType(0)

[NateD-MSFT]

@jacob-ronstadt I asked Copilot to summarize the changes in this RI (see below). It's missing some obvious things (like all the queries that have been added) that got caught in the above summary, but it's got some things that that summary missed too. Between these two comments do we have good coverage of everything in this RI?

---

This pull request introduces significant updates to the CodeQL workflow and documentation for Windows driver development. Key changes include improvements to the .github/workflows/build-codeql.yaml file, new job definitions for testing and publishing, and updates to the README.md for clarity and accuracy regarding CodeQL usage. These changes enhance automation, streamline testing processes, and ensure the documentation aligns with the latest practices.

Workflow Updates

CodeQL Automation Enhancements:

• Added a new environment variable CODEQL_VERSION for centralized version management in the build-codeql.yaml workflow.
• Replaced the i3h/download-release-asset action with a direct download and extraction method using PowerShell for CodeQL CLI. This ensures compatibility with dynamic versioning.
• Introduced multiple new jobs (test-query-health, test-codeql-latest-vs-current, test-pack-version-update, test-create-dvl, and publish) to automate testing, validation, and publishing processes. [1] [2]

Testing Improvements:

• Added conditional logic for running test scripts based on environment variables, ensuring flexibility in testing scenarios.
• Enhanced validation for qlpack.yml version updates with detailed error messages for better debugging.

Documentation Updates

CodeQL Usage Clarity:

• Updated the README.md to reflect the latest CodeQL CLI and pack versions, ensuring users have accurate information for setup and compatibility.
• Simplified instructions for downloading and installing CodeQL CLI and packs, removing outdated references to submodules and older workflows.

[jacob-ronstadt]

@NateD-MSFT Copilot doesn't seem to work with *.ql files. Most of the changes are additional queries. There are also codeql library improvements and additions, new test templates, workflow improvements, and qlpack updates.