From d6083b47fb716befadeb69bce8f8be83d4197572 Mon Sep 17 00:00:00 2001 From: NateD-MSFT <34494373+NateD-MSFT@users.noreply.github.com> Date: Wed, 25 Feb 2026 12:03:53 -0800 Subject: [PATCH 1/4] Update cpp-all and cpp-queries dependencies. --- .github/workflows/build-codeql.yaml | 2 +- src/codeql-pack.lock.yml | 28 +++++++++++-------- .../UseAfterFree/UseAfterFree.ql | 8 +++--- src/qlpack.yml | 16 +++++------ 4 files changed, 29 insertions(+), 25 deletions(-) diff --git a/.github/workflows/build-codeql.yaml b/.github/workflows/build-codeql.yaml index 09cb5d8f..e4a1fe4e 100644 --- a/.github/workflows/build-codeql.yaml +++ b/.github/workflows/build-codeql.yaml @@ -14,7 +14,7 @@ on: workflow_dispatch: env: - CODEQL_VERSION: 2.23.3 + CODEQL_VERSION: 2.24.2 jobs: build: diff --git a/src/codeql-pack.lock.yml b/src/codeql-pack.lock.yml index be288ce1..34b4af76 100644 --- a/src/codeql-pack.lock.yml +++ b/src/codeql-pack.lock.yml @@ -1,28 +1,32 @@ --- lockVersion: 1.0.0 dependencies: + codeql/controlflow: + version: 2.0.24 codeql/cpp-all: - version: 4.2.0 + version: 7.0.0 codeql/dataflow: - version: 2.0.5 + version: 2.0.24 codeql/mad: - version: 1.0.21 + version: 1.0.40 + codeql/quantum: + version: 0.0.18 codeql/rangeanalysis: - version: 1.0.21 + version: 1.0.40 codeql/ssa: - version: 1.1.0 + version: 2.0.16 codeql/suite-helpers: - version: 1.0.21 + version: 1.0.40 codeql/tutorial: - version: 1.0.21 + version: 1.0.40 codeql/typeflow: - version: 1.0.21 + version: 1.0.40 codeql/typetracking: - version: 2.0.5 + version: 2.0.24 codeql/util: - version: 2.0.8 + version: 2.0.27 codeql/xml: - version: 1.0.21 + version: 1.0.40 microsoft/cpp-queries: - version: 0.0.4 + version: 0.0.5 compiled: false diff --git a/src/microsoft/Likely Bugs/Memory Management/UseAfterFree/UseAfterFree.ql b/src/microsoft/Likely Bugs/Memory Management/UseAfterFree/UseAfterFree.ql index 22843c6f..0fa46cff 100644 --- a/src/microsoft/Likely Bugs/Memory Management/UseAfterFree/UseAfterFree.ql +++ b/src/microsoft/Likely Bugs/Memory Management/UseAfterFree/UseAfterFree.ql @@ -34,11 +34,11 @@ predicate areExpressionsGuardedBySimilarConditionsThatMayCallReturnStatement( Ex gc1.controls(e1.getBasicBlock(), _) and gc2.controls(exitExpr.getBasicBlock(), b) and gc2.controls(e2.getBasicBlock(), b.booleanNot()) and - gc1.getEnclosingFunction() = gc2.getEnclosingFunction() and - gc1.getASuccessor*() = gc2 and + gc1.(Expr).getEnclosingFunction() = gc2.(Expr).getEnclosingFunction() and + gc1.(Expr).getASuccessor*() = gc2.(Expr) and forall( Variable v | - v.getAnAccess() = gc1.getAChild() | - v.getAnAccess() = gc2.getAChild() ) and + v.getAnAccess() = gc1.(Expr).getAChild() | + v.getAnAccess() = gc2.(Expr).getAChild() ) and exitExpr.getEnclosingElement() instanceof ReturnStmt ) } diff --git a/src/qlpack.yml b/src/qlpack.yml index fe3190a5..7a92d5cd 100644 --- a/src/qlpack.yml +++ b/src/qlpack.yml @@ -1,13 +1,13 @@ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT license. - +--- +library: false +warnOnImplicitThis: false +compileForOverlayEval: false name: microsoft/windows-drivers version: 1.8.2 +description: CodeQL queries designed for Windows device driver development. dependencies: - codeql/cpp-all: ^4.2.0 - microsoft/cpp-queries: ^0.0.4 + codeql/cpp-all: ^7.0.0 + microsoft/cpp-queries: ^0.0.5 suites: windows-driver-suites -defaultSuiteFile: windows-driver-suites/recommended.qls extractor: cpp -licenses: MIT -description: CodeQL queries designed for Windows device driver development. \ No newline at end of file +defaultSuiteFile: windows-driver-suites/recommended.qls From 0ee1136b7168eeb92195b49c3f16f675787b5fed Mon Sep 17 00:00:00 2001 From: NateD-MSFT <34494373+NateD-MSFT@users.noreply.github.com> Date: Wed, 25 Feb 2026 13:01:03 -0800 Subject: [PATCH 2/4] Fix up suite dependencies --- src/windows-driver-suites/mustfix.qls | 2 +- src/windows-driver-suites/recommended.qls | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/windows-driver-suites/mustfix.qls b/src/windows-driver-suites/mustfix.qls index 4bb6cc3a..aaeb88f5 100644 --- a/src/windows-driver-suites/mustfix.qls +++ b/src/windows-driver-suites/mustfix.qls @@ -11,7 +11,7 @@ - microsoft/Security/CWE/CWE-704/WcharCharConversionLimited.ql - queries: . from: microsoft/cpp-queries - version: 0.0.4 + version: 0.0.5 - include: query path: - Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql diff --git a/src/windows-driver-suites/recommended.qls b/src/windows-driver-suites/recommended.qls index 0594bc83..22a8649b 100644 --- a/src/windows-driver-suites/recommended.qls +++ b/src/windows-driver-suites/recommended.qls @@ -59,7 +59,7 @@ - microsoft/Security/Crytpography/HardcodedIVCNG.ql - queries: . from: microsoft/cpp-queries - version: 0.0.4 + version: 0.0.5 - include: query path: - Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql From f763e36e8969d2b6301e41faed38d3853fb9b5ea Mon Sep 17 00:00:00 2001 From: NateD-MSFT <34494373+NateD-MSFT@users.noreply.github.com> Date: Wed, 25 Feb 2026 14:36:52 -0800 Subject: [PATCH 3/4] Bump version to 1.8.3 and fix up changelog --- CHANGELOG.md | 5 +++++ README.md | 2 +- src/qlpack.yml | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b72abeae..8b64106f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ # Change Log All notable changes to this project will be documented in this file. +## [1.8.3] - 2026-02-25 + +### Changed + - Updated the C/C++ CodeQL libraries we depend on to version 7.0.0. + - Updated the cpp-queries pack we depend on to version 0.0.5. ## [1.8.2] - 2026-01-23 diff --git a/README.md b/README.md index 33b5d8ea..4ec71f26 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ This repository contains open-source components for supplemental use in developi ### For General Use | CodeQL CLI Version | microsoft/windows-drivers CodeQL Pack Version | microsoft/cpp-queries CodeQL Pack Version | Associated Repo Branch| |--------------------------|------------------------------------------|-------------------------------|-----------------------------| -| 2.24.1 or greater* | [Latest Stable Version](https://github.com/microsoft/Windows-Driver-Developer-Supplemental-Tools/pkgs/container/windows-drivers) | 0.0.4 | Main | +| 2.24.1 or greater* | [Latest Stable Version](https://github.com/microsoft/Windows-Driver-Developer-Supplemental-Tools/pkgs/container/windows-drivers) | 0.0.5 | Main | When using the precompiled pack, please use the most recent CodeQL CLI version listed above. diff --git a/src/qlpack.yml b/src/qlpack.yml index 7a92d5cd..4800e19f 100644 --- a/src/qlpack.yml +++ b/src/qlpack.yml @@ -3,7 +3,7 @@ library: false warnOnImplicitThis: false compileForOverlayEval: false name: microsoft/windows-drivers -version: 1.8.2 +version: 1.8.3 description: CodeQL queries designed for Windows device driver development. dependencies: codeql/cpp-all: ^7.0.0 From 1921d4c69112d220f1a52b37d82697dff1de9a68 Mon Sep 17 00:00:00 2001 From: NateD-MSFT <34494373+NateD-MSFT@users.noreply.github.com> Date: Wed, 25 Feb 2026 14:40:29 -0800 Subject: [PATCH 4/4] Re-add copyright notice to qlpack.yml --- src/qlpack.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/qlpack.yml b/src/qlpack.yml index 4800e19f..b96e514a 100644 --- a/src/qlpack.yml +++ b/src/qlpack.yml @@ -1,4 +1,6 @@ ---- +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT license. + library: false warnOnImplicitThis: false compileForOverlayEval: false