From a5e6cfdeb079a654352816b80c09c383fddb1d51 Mon Sep 17 00:00:00 2001
From: NateD-MSFT <34494373+NateD-MSFT@users.noreply.github.com>
Date: Wed, 25 Jun 2025 15:15:35 -0700
Subject: [PATCH 1/2] Improve replacement recommendations in
 ExtendedDeprecatedApis

---
 .../ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql      | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql b/src/drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql
index 65201dfd..85f67041 100644
--- a/src/drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql
+++ b/src/drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql
@@ -323,7 +323,7 @@ class ExtendedDeprecatedCall extends Element {
         or
         name.matches("swprintf") and
         replacement =
-          "swprintf_s StringCbPrintf, StringCbPrintf_l, StringCbPrintf_lEx, StringCbPrintf, StringCbPrintfEx"
+          "swprintf_s, StringCbPrintf, StringCbPrintf_l, StringCbPrintf_lEx, StringCbPrintf, StringCbPrintfEx"
         or
         name.matches("ualstrcpyW") and replacement = "None"
         or
@@ -447,11 +447,11 @@ class ExtendedDeprecatedCall extends Element {
       or
       // Functions marked deprecated in C28750
       (
-        name.matches("lstrlen") and replacement = "_tcslen"
+        name.matches("lstrlen") and replacement = "_tcslen if the data is trusted, or _tcsnlen or StringCchLength if the data is untrusted"
         or
-        name.matches("lstrlenA") and replacement = "strlen"
+        name.matches("lstrlenA") and replacement = "strlen if the data is trusted, or strnlen or StringCchLengthA if the data is untrusted"
         or
-        name.matches("lstrlenW") and replacement = "wcslen"
+        name.matches("lstrlenW") and replacement = "wcslen if the data is trusted, or wcsnlen or StringCchLengthW if the data is untrusted"
       )
 
       or

From 606a3ecda00258de2e372b2a5983290dfa8d44b5 Mon Sep 17 00:00:00 2001
From: NateD-MSFT <34494373+NateD-MSFT@users.noreply.github.com>
Date: Wed, 25 Jun 2025 15:17:39 -0700
Subject: [PATCH 2/2] Bump query version

---
 .../queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql b/src/drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql
index 85f67041..63fd8fac 100644
--- a/src/drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql
+++ b/src/drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql
@@ -18,7 +18,7 @@
  *       security
 *        ca_ported
  * @scope generic
- * @query-version v1
+ * @query-version v2
  */
 
 import cpp