[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/7] Add support for CodeQL 2.20.1

  • To: Tu Dinh <ngoc-tu.dinh@xxxxxxxxxx>, "win-pv-devel@xxxxxxxxxxxxxxxxxxxx" <win-pv-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Owen Smith <owen.smith@xxxxxxxxxx>
  • Date: Thu, 13 Nov 2025 10:07:17 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XpcEByTY5uH/uajFykvcy8KsCxhavIeN4jCbKzJrcqY=; b=m7rjH27H9VM/Bih27QVk4ELbJPa2hLdWivXMUxZ6GZIP5Qw4lKY6H6TA1VmI/eWA6VHDmrv1ajxm5Axmtb8Ne9qPUUehQ5oNfSnp+4YZ3kNMHTLYUa5FjONooMCWFB6jm58P4lXiieviVA6owa7U+hVAWbKpjINno1pFFPQAmqkFdk2o1s6j63maIPNXm7xQO5a/ubFCU6wHkXzEsvokFB7n6yJDerkxMzGHW1SLqQO3tn+W1NiHcykPwLPicjUrlszqFICeorRNkeD7VmPwefNAVak3YypAtqBrKwqgjKVWD7slklhSXHRzNnVavDEXsS1QLM/LCtlBDd7VjJkZVA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=luUkfkPTZojE2ExCJZURD5Fu8XDlufZ588oAexoHj1dQ3/iZqs+oiSDwosPui5A64BozVf7gbaVqvchRgR1quKM01k5WMTQOwTrmz1LZiRWNhZ/UMbZPskaEKeHj60jjVE7m7kSozddwwHCJWbmsM6dyoiFdWV3aXxonurR7vIxxxisAI5oUKO8P08lMlqKjX8ZYn68/dRv7Emn6CyStqTdMKVDManFoeTSOHhCz6A66Y/e4ZHio803WJm7bePuDKXEJd4eZdC0PV9iS6BCO+ZIF1v/6gsqp9S/bgO/gvu1VwVutZO0xOIcC1Ci/8KbBMVSqiOA/CXodWW2RTXe6zA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Owen Smith <owen.smith@xxxxxxxxx>
  • Delivery-date: Thu, 13 Nov 2025 10:07:27 +0000
  • List-id: Developer list for the Windows PV Drivers subproject <win-pv-devel.lists.xenproject.org>
  • Msip_labels:
  • Thread-index: AQHcUuYBfJ+eGnTEek27bC+qrgShibTusVcAgAGxbCE=
  • Thread-topic: [PATCH 2/7] Add support for CodeQL 2.20.1
Comments inline
_____________________________________
From: Tu Dinh <ngoc-tu.dinh@xxxxxxxxxx>
Sent: 12 November 2025 8:08 AM
To: Owen Smith; win-pv-devel@xxxxxxxxxxxxxxxxxxxx
Cc: Owen Smith
Subject: Re: [PATCH 2/7] Add support for CodeQL 2.20.1

Hi,

On 11/11/2025 09:34, Owen Smith wrote:
> From: Owen Smith <owen.smith@xxxxxxxxx>
>
<snip>
> @@ -154,8 +155,10 @@ Function Run-CodeQL {
>       $c += " database"
>       $c += " analyze "
>       $c += $database
> -     $c += " windows_driver_recommended.qls"
> +     $c += " "
> +     $c += $QueryFile
>       $c += " --format=sarifv2.1.0"
> +     $c += " --threads=0"
>       $c += " --output="
>       $c += $sarif
>       $c += " --search-path="

Using the & operator to call MSBuild and CodeQL may be cleaner here,
though it can be done later.

    I had issues with the & operator calling msbuild and codeql - issues around 
quoting quoted strings,
    escaping strings and using different quotes did not help.
    Creating a bat file to run the build from the codeql command line was the 
only method I could get working.


> @@ -199,8 +202,22 @@ if ($Type -eq "codeql") {
>       }
>       New-Item -ItemType Directory "database"
>
> +     $queryfile = "windows_driver_recommended.qls"
> +     Try {
> +             $ver = New-Object System.Version((& "codeql" 
> "--version")[0].Split(" ")[-1] + "0")
> +             Write-Host -ForegroundColor Cyan "INFO: CodeQL version " $ver
> +             $minver = New-Object System.Version("2.20.1.0")
> +             if ($ver -ge $minver) {
> +                     $queryfile = "mustfix.qls"

You can just use
"microsoft/windows-drivers:windows-driver-suites/mustfix.qls" to target
a specific pack, or a versioned form like
"microsoft/windows-drivers@1.8.0:windows-driver-suites/mustfix.qls".

Also, why is mustfix.qls being used with the new pack instead of
recommended.qls? I did notice new false positives in the newer 1.8.0
pack, was this the cause of the change?

    recommended.qls generates several false positives, and apparent incorrect 
analysis, which would
    prevent these codeql logs from being valid for WHQL submissions.
    The CODEQL_QUERY_FILE environment variable can be set to override the QLS 
file selection, to 
    test recommended.qls while resolving issues

> +             }
> +     } Catch {
> +     }


Owen

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.