[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/7] Add support for CodeQL 2.20.1

On 13/11/2025 11:07, Owen Smith wrote:
> Comments inline
> _____________________________________
> From: Tu Dinh <ngoc-tu.dinh@xxxxxxxxxx>
> Sent: 12 November 2025 8:08 AM
> To: Owen Smith; win-pv-devel@xxxxxxxxxxxxxxxxxxxx
> Cc: Owen Smith
> Subject: Re: [PATCH 2/7] Add support for CodeQL 2.20.1
> 
> Hi,
> 
> On 11/11/2025 09:34, Owen Smith wrote:
>> From: Owen Smith <owen.smith@xxxxxxxxx>
>>
> <snip>
>> @@ -154,8 +155,10 @@ Function Run-CodeQL {
>>        $c += " database"
>>        $c += " analyze "
>>        $c += $database
>> -     $c += " windows_driver_recommended.qls"
>> +     $c += " "
>> +     $c += $QueryFile
>>        $c += " --format=sarifv2.1.0"
>> +     $c += " --threads=0"
>>        $c += " --output="
>>        $c += $sarif
>>        $c += " --search-path="
> 
> Using the & operator to call MSBuild and CodeQL may be cleaner here,
> though it can be done later.
> 
>      I had issues with the & operator calling msbuild and codeql - issues 
> around quoting quoted strings,
>      escaping strings and using different quotes did not help.
>      Creating a bat file to run the build from the codeql command line was 
> the only method I could get working.
> 

Got it, I can try working on it later.

Reviewed-by: Tu Dinh <ngoc-tu.dinh@xxxxxxxxxx>

> 
>> @@ -199,8 +202,22 @@ if ($Type -eq "codeql") {
>>        }
>>        New-Item -ItemType Directory "database"
>>
>> +     $queryfile = "windows_driver_recommended.qls"
>> +     Try {
>> +             $ver = New-Object System.Version((& "codeql" 
>> "--version")[0].Split(" ")[-1] + "0")
>> +             Write-Host -ForegroundColor Cyan "INFO: CodeQL version " $ver
>> +             $minver = New-Object System.Version("2.20.1.0")
>> +             if ($ver -ge $minver) {
>> +                     $queryfile = "mustfix.qls"
> 
> You can just use
> "microsoft/windows-drivers:windows-driver-suites/mustfix.qls" to target
> a specific pack, or a versioned form like
> "microsoft/windows-drivers@1.8.0:windows-driver-suites/mustfix.qls".
> 
> Also, why is mustfix.qls being used with the new pack instead of
> recommended.qls? I did notice new false positives in the newer 1.8.0
> pack, was this the cause of the change?
> 
>      recommended.qls generates several false positives, and apparent 
> incorrect analysis, which would
>      prevent these codeql logs from being valid for WHQL submissions.
>      The CODEQL_QUERY_FILE environment variable can be set to override the 
> QLS file selection, to
>      test recommended.qls while resolving issues
> 
>> +             }
>> +     } Catch {
>> +     }
> 
> 
> Owen



--
Ngoc Tu Dinh | Vates XCP-ng Developer

XCP-ng & Xen Orchestra - Vates solutions

web: https://vates.tech

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.