From 106b4c4d0aeab03e7045be0dbc1f390d05be0459 Mon Sep 17 00:00:00 2001
From: Chris Smowton <smowton@github.com>
Date: Mon, 13 Oct 2025 20:00:28 +0100
Subject: [PATCH] Map suppression names for irql-function-not-annotated

As noted at https://github.com/github/codeql/issues/20611 the suppression query doesn't currently accept the warning code for query `irql-function-not-annotated`.

Two related pieces of feedback--

1. The help page at https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/static-tools-and-codeql?tabs=whcp%2Clatest#suppressing-codeql-results uses incorrect syntax `#pragma(suppress:the-rule-id-here)` -- should be `#pragma prefast(suppress:the-rule-id-here)` or `#pragma warning(suppress:the-rule-id-here)`

2. The regex used to recognise these pragmas is quite brittle; consider accepting spaces between `prefast` or `warning` and the parenthesis, so as to recognise e.g. `#pragma warning (suppress:the-rule-id-here)`

Signed-off-by: Chris Smowton <smowton@github.com>
---
 src/drivers/libraries/Suppression.qll | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/drivers/libraries/Suppression.qll b/src/drivers/libraries/Suppression.qll
index a4223912..d69544bc 100644
--- a/src/drivers/libraries/Suppression.qll
+++ b/src/drivers/libraries/Suppression.qll
@@ -110,6 +110,9 @@ abstract class CASuppression extends PreprocessorPragma {
     this.getRuleName() = any(["__WARNING_PROTOTYPE_MISMATCH", "28127"]) and
     result = "lgtm[cpp/drivers/routine-function-type-not-expected]"
     or
+    this.getRuleName() = any(["__WARNING_UNEXPECTED_IRQL_CHANGE", "28167"]) and
+    result = "lgtm[cpp/drivers/irql-function-not-annotated]"
+    or
     result = "lgtm[" + this.getRuleName() + "]"
   }
 }