[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/7] Add support for CodeQL 2.20.1

Hi,

On 11/11/2025 09:34, Owen Smith wrote:
> From: Owen Smith <owen.smith@xxxxxxxxx>
> 
> CodeQL 2.20.1 uses a different query file to previous versions, and relies
> on using different query packs, which need to be present on the system.
> 
> Adds CODEQL_QUERY_FILE environment variable to force a specific query file, 
> if set.
> 
> Also adds "--threads=0" parameter, to use alll available CPUs.
> 
> https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/static-tools-and-codeql
> 
> Signed-off-by: Owen Smith <owen.smith@xxxxxxxxx>
> ---
>   msbuild.ps1 | 23 ++++++++++++++++++++---
>   1 file changed, 20 insertions(+), 3 deletions(-)
> 
> diff --git a/msbuild.ps1 b/msbuild.ps1
> index 83b6928..9484a8d 100644
> --- a/msbuild.ps1
> +++ b/msbuild.ps1
> @@ -110,7 +110,8 @@ Function Run-CodeQL {
>               [string]$Name,
>               [string]$Configuration,
>               [string]$Platform,
> -             [string]$SearchPath
> +             [string]$SearchPath,
> +             [string]$QueryFile
>       )
>   
>       $projpath = Resolve-Path (Join-Path $SolutionPath $Name)
> @@ -154,8 +155,10 @@ Function Run-CodeQL {
>       $c += " database"
>       $c += " analyze "
>       $c += $database
> -     $c += " windows_driver_recommended.qls"
> +     $c += " "
> +     $c += $QueryFile
>       $c += " --format=sarifv2.1.0"
> +     $c += " --threads=0"
>       $c += " --output="
>       $c += $sarif
>       $c += " --search-path="

Using the & operator to call MSBuild and CodeQL may be cleaner here, 
though it can be done later.

> @@ -199,8 +202,22 @@ if ($Type -eq "codeql") {
>       }
>       New-Item -ItemType Directory "database"
>   
> +     $queryfile = "windows_driver_recommended.qls"
> +     Try {
> +             $ver = New-Object System.Version((& "codeql" 
> "--version")[0].Split(" ")[-1] + "0")
> +             Write-Host -ForegroundColor Cyan "INFO: CodeQL version " $ver
> +             $minver = New-Object System.Version("2.20.1.0")
> +             if ($ver -ge $minver) {
> +                     $queryfile = "mustfix.qls"

You can just use 
"microsoft/windows-drivers:windows-driver-suites/mustfix.qls" to target 
a specific pack, or a versioned form like 
"microsoft/windows-drivers@1.8.0:windows-driver-suites/mustfix.qls".

Also, why is mustfix.qls being used with the new pack instead of 
recommended.qls? I did notice new false positives in the newer 1.8.0 
pack, was this the cause of the change?

> +             }
> +     } Catch {
> +     }
> +     if (-not [string]::IsNullOrEmpty($Env:CODEQL_QUERY_FILE)) {
> +             $queryfile = $Env:CODEQL_QUERY_FILE
> +             Write-Host -ForegroundColor Cyan "INFO: Overwriting codeql 
> query file to " $queryfile
> +     }
>       ForEach ($project in $ProjectList) {
> -             Run-CodeQL $solutionpath $project $configuration["codeql"] 
> $platform[$Arch] $searchpath
> +             Run-CodeQL $solutionpath $project $configuration["codeql"] 
> $platform[$Arch] $searchpath $queryfile
>       }
>       Copy-Item -Path (Join-Path -Path $SolutionPath -ChildPath "*.sarif") 
> -Destination $archivepath
>   }



--
Ngoc Tu Dinh | Vates XCP-ng Developer

XCP-ng & Xen Orchestra - Vates solutions

web: https://vates.tech

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.