microsoft · jacob-ronstadt · May 9, 2025 · Apr 24, 2025 · May 2, 2025 · May 6, 2025
diff --git a/src/codeql-pack.lock.yml b/src/codeql-pack.lock.yml
@@ -2,27 +2,27 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 4.0.0
+    version: 4.2.0
   codeql/dataflow:
-    version: 2.0.0
+    version: 2.0.5
   codeql/mad:
-    version: 1.0.16
+    version: 1.0.21
   codeql/rangeanalysis:
-    version: 1.0.16
+    version: 1.0.21
   codeql/ssa:
-    version: 1.0.16
+    version: 1.1.0
   codeql/suite-helpers:
-    version: 1.0.16
+    version: 1.0.21
   codeql/tutorial:
-    version: 1.0.16
+    version: 1.0.21
   codeql/typeflow:
-    version: 1.0.16
+    version: 1.0.21
   codeql/typetracking:
-    version: 2.0.0
+    version: 2.0.5
   codeql/util:
-    version: 2.0.3
+    version: 2.0.8
   codeql/xml:
-    version: 1.0.16
+    version: 1.0.21
   microsoft/cpp-queries:
-    version: 0.0.2
+    version: 0.0.4
 compiled: false
diff --git a/src/drivers/test/dvl_tests/dvl_tests.ps1 b/src/drivers/test/dvl_tests/dvl_tests.ps1
@@ -8,7 +8,7 @@ param(
     [string]$vcxproj_template_path = "src\drivers\test\TestTemplates\WDMTestTemplate",
     [string]$vcxproj_name = "fail_driver1",
     [string]$codeql_path = ".\codeql-cli\",
-    [string]$query_suite = ".\suites\windows_driver_mustfix.qls",
+    [string]$query_suite = ".\src\windows-driver-suites\mustfix.qls",
     [string]$default_platform = "x64",
     [string]$default_configuration = "Release",
     [string]$db_name = "temp_db",

diff --git a/src/qlpack.yml b/src/qlpack.yml
@@ -2,10 +2,10 @@
 # Licensed under the MIT license.
 
 name: microsoft/windows-drivers
-version: 1.5.0
+version: 1.6.0
 dependencies:
-    codeql/cpp-all: 4.0.0
-    microsoft/cpp-queries: 0.0.2
+    codeql/cpp-all: 4.2.0
+    microsoft/cpp-queries: 0.0.4
 suites: windows-driver-suites
 defaultSuiteFile: windows-driver-suites/recommended.qls
 extractor: cpp

diff --git a/src/windows-driver-suites/mustfix.qls b/src/windows-driver-suites/mustfix.qls
@@ -10,34 +10,11 @@
       - microsoft/Security/CWE/CWE-704/WcharCharConversionLimited.ql
 - queries: . 
   from: microsoft/cpp-queries 
-  version: 0.0.2
+  version: 0.0.4
 - include:
     query path: 
       - Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
-      - Likely Bugs/Format/WrongNumberOfFormatArguments.ql
       - Likely Bugs/Memory Management/PointerOverflow.ql
-      - Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql
-      - Likely Bugs/OO/UnsafeUseOfThis.ql
-      - Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql
-      - Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql
       - Likely Bugs/Underspecified Functions/TooFewArguments.ql
-      - Microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql
-      - Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql
-      - Microsoft/Security/Cryptography/BannedEncryption.ql
-      - Microsoft/Security/Cryptography/BannedModesCAPI.ql
-      - Microsoft/Security/Cryptography/BannedModesCNG.ql
-      - Microsoft/Security/Cryptography/HardcodedIVCNG.ql
-      - Microsoft/Security/MemoryAccess/EnumIndex/UncheckedBoundsEnumAsIndex.ql
-      - Security/CWE/CWE-078/ExecTainted.ql
-      - Security/CWE/CWE-114/UncontrolledProcessOperation.ql
-      - Security/CWE/CWE-120/BadlyBoundedWrite.ql
-      - Security/CWE/CWE-120/OverrunWrite.ql
-      - Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
-      - Security/CWE/CWE-170/ImproperNullTerminationTainted.ql
       - Security/CWE/CWE-190/ComparisonWithWiderType.ql
-      - Security/CWE/CWE-253/HResultBooleanConversion.ql
-      - Security/CWE/CWE-327/OpenSslHeartbleed.ql
-      - Security/CWE/CWE-676/DangerousFunctionOverflow.ql
-      - Security/CWE/CWE-676/DangerousUseOfCin.ql
-      - Security/CWE/CWE-704/WcharCharConversion.ql 
-      - Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql
+      - Security/CWE/CWE-253/HResultBooleanConversion.ql
diff --git a/src/windows-driver-suites/mustrun.qls b/src/windows-driver-suites/mustrun.qls
@@ -0,0 +1,5 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT license.
+
+- description: Must-run queries for Windows Drivers.
+- import: windows-driver-suites/recommended.qls #recommended includes mustfix
diff --git a/src/windows-driver-suites/recommended.qls b/src/windows-driver-suites/recommended.qls
@@ -3,77 +3,31 @@
 
 - description: Recommended and required queries for Windows Drivers.
 - import: windows-driver-suites/mustfix.qls
-- queries: .
-  from: microsoft/windows-drivers
-- include:
-    query path: 
-      - drivers/general/queries/AnnotationSyntax/AnnotationSyntax.ql
-      - drivers/general/queries/CurrentFunctionTypeNotCorrect/CurrentFunctionTypeNotCorrect.ql
-      - drivers/general/queries/DefaultPoolTag/DefaultPoolTag.ql
-      - drivers/general/queries/DriverEntrySaveBuffer/DriverEntrySaveBuffer.ql
-      - drivers/general/queries/ExaminedValue/ExaminedValue.ql
-      - drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql
-      - drivers/general/queries/IRPStackEntryCopy/IRPStackEntryCopy.ql
-      - drivers/general/queries/ImportantFunctionCallOptimizedOut/ImportantFunctionCallOptimizedOut.ql
-      - drivers/general/queries/ImproperNotOperatorOnZero/ImproperNotOperatorOnZero.ql
-      - drivers/general/queries/InvalidFunctionClassTypedef/InvalidFunctionClassTypedef.ql
-      - drivers/general/queries/InvalidFunctionPointerAnnotation/InvalidFunctionPointerAnnotation.ql
-      - drivers/general/queries/IoInitializeTimerCall/IoInitializeTimerCall.ql
-      - drivers/general/queries/IrqlAnnotationIssue/IrqlAnnotationIssue.ql
-      - drivers/general/queries/IrqlCancelRoutine/IrqlCancelRoutine.ql
-      - drivers/general/queries/IrqlFloatStateMismatch/IrqlFloatStateMismatch.ql
-      - drivers/general/queries/IrqlNotSaved/IrqlNotSaved.ql
-      - drivers/general/queries/IrqlNotUsed/IrqlNotUsed.ql
-      - drivers/general/queries/IrqlSetTooHigh/IrqlSetTooHigh.ql
-      - drivers/general/queries/IrqlSetTooLow/IrqlSetTooLow.ql
-      - drivers/general/queries/IrqlTooHigh/IrqlTooHigh.ql
-      - drivers/general/queries/IrqlTooLow/IrqlTooLow.ql
-      - drivers/general/queries/KeSetEventPageable/KeSetEventPageable.ql
-      - drivers/general/queries/MultithreadedAVCondition/MultithreadedAVCondition.ql
-      - drivers/general/queries/NtstatusExplicitCast/NtstatusExplicitCast.ql
-      - drivers/general/queries/NtstatusExplicitCast2/NtstatusExplicitCast2.ql
-      - drivers/general/queries/NtstatusExplicitCast3/NtstatusExplicitCast3.ql
-      - drivers/general/queries/NullCharacterPointerAssignment/NullCharacterPointerAssignment.ql
-      - drivers/general/queries/OperandAssignment/OperandAssignment.ql
-      - drivers/general/queries/PointerVariableSize/PointerVariableSize.ql
-      - drivers/general/queries/PoolTagIntegral/PoolTagIntegral.ql
-      - drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.ql
-      - drivers/general/queries/RoutineFunctionTypeNotExpected/RoutineFunctionTypeNotExpected.ql
-      - drivers/general/queries/StrSafe/StrSafe.ql
-      - drivers/general/queries/StrictTypeMatch/StrictTypeMatch.ql
-      - drivers/wdm/queries/IllegalFieldAccess/IllegalFieldAccess.ql
-      - drivers/wdm/queries/IllegalFieldAccess2/IllegalFieldAccess2.ql
-      - drivers/wdm/queries/IllegalFieldWrite/IllegalFieldWrite.ql
-      - drivers/wdm/queries/InitNotCleared/InitNotCleared.ql
-      - drivers/wdm/queries/KeWaitLocal/KeWaitLocal.ql
-      - drivers/wdm/queries/MultiplePagedCode/MultiplePagedCode.ql
-      - drivers/wdm/queries/ObReferenceMode/ObReferenceMode.ql
-      - drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlUse.ql
-      - drivers/wdm/queries/OpaqueMdlWrite/OpaqueMdlWrite.ql
-      - drivers/wdm/queries/PendingStatusError/PendingStatusError.ql
-      - drivers/wdm/queries/WrongDispatchTableAssignment/WrongDispatchTableAssignment.ql
-      - microsoft/Likely Bugs/Boundary Violations/PaddingByteInformationDisclosure.ql
-      - microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql
-      - microsoft/Likely Bugs/Conversion/InfiniteLoop.ql
-      - microsoft/Likely Bugs/Memory Management/UseAfterFree/UseAfterFree.ql
-      - microsoft/Likely Bugs/UninitializedPtrField.ql
-      - microsoft/Security/Crytpography/HardcodedIVCNG.ql
 - queries: . 
   from: microsoft/cpp-queries 
-  version: 0.0.2
+  version: 0.0.4
 - include:
     query path: 
-     - Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql
-     - Likely Bugs/Arithmetic/IntMultToLong.ql
-     - Likely Bugs/Arithmetic/SignedOverflowCheck.ql
-     - Likely Bugs/Conversion/CastArrayPointerArithmetic.ql
-     - Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql
-     - Likely Bugs/Memory Management/SuspiciousSizeof.ql
-     - Likely Bugs/Memory Management/UninitializedLocal.ql
-     - Security/CWE/CWE-121/UnterminatedVarargsCall.ql
-     - Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql
-     - Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
-     - Security/CWE/CWE-468/IncorrectPointerScaling.ql
-     - Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql
-     - Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
-     - Security/CWE/CWE-119/OverflowBuffer.ql
+      - Likely Bugs/Format/WrongNumberOfFormatArguments.ql
+      - Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql
+      - Likely Bugs/OO/UnsafeUseOfThis.ql
+      - Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql
+      - Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql
+      - Microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql
+      - Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql
+      - Microsoft/Security/Cryptography/BannedEncryption.ql
+      - Microsoft/Security/Cryptography/BannedModesCAPI.ql
+      - Microsoft/Security/Cryptography/BannedModesCNG.ql
+      - Microsoft/Security/Cryptography/HardcodedIVCNG.ql
+      - Microsoft/Security/MemoryAccess/EnumIndex/UncheckedBoundsEnumAsIndex.ql
+      - Security/CWE/CWE-078/ExecTainted.ql
+      - Security/CWE/CWE-114/UncontrolledProcessOperation.ql
+      - Security/CWE/CWE-120/BadlyBoundedWrite.ql
+      - Security/CWE/CWE-120/OverrunWrite.ql
+      - Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
+      - Security/CWE/CWE-170/ImproperNullTerminationTainted.ql
+      - Security/CWE/CWE-327/OpenSslHeartbleed.ql
+      - Security/CWE/CWE-676/DangerousFunctionOverflow.ql
+      - Security/CWE/CWE-676/DangerousUseOfCin.ql
+      - Security/CWE/CWE-704/WcharCharConversion.ql 
+      - Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql
diff --git a/suites/windows_driver_mustfix.qls b/suites/windows_driver_mustfix.qls
diff --git a/suites/windows_driver_recommended.qls b/suites/windows_driver_recommended.qls