From 54864d8dd3507b4281d45ea2e1c320f1e379c769 Mon Sep 17 00:00:00 2001
From: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>
Date: Mon, 28 Jul 2025 12:45:20 -0700
Subject: [PATCH 1/3] Update README.md for WHCP versions

Signed-off-by: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>
---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index ca9c99db..d88c2936 100644
--- a/README.md
+++ b/README.md
@@ -145,8 +145,8 @@ The versions below are the minumum required versions for WHCP certification. New
 | Windows 11, version 23H2 |  [2.6.3](https://github.com/github/codeql-cli-binaries/releases/tag/v2.6.3) or [2.15.4](https://github.com/github/codeql-cli-binaries/releases/tag/v2.15.4)|  1.0.13 (If using codeql 2.15.4)| N/A |0.9.0 (If using codeql 2.15.4) | WHCP_22H2 |
 | Windows 11               |  [2.4.6](https://github.com/github/codeql-cli-binaries/releases/tag/v2.4.6) or [2.15.4](https://github.com/github/codeql-cli-binaries/releases/tag/v2.15.4)|  1.0.13 (If using codeql 2.15.4)| N/A |0.9.0 (If using codeql 2.15.4) | WHCP_21H2 |
 | Windows 11, version 24H2 |  [2.15.4](https://github.com/github/codeql-cli-binaries/releases/tag/v2.15.4)		                                                                        |  1.1.0                          | N/A |0.9.0                          | WHCP_24H2 |
-| Windows Server 2025      |  [2.20.1](https://github.com/github/codeql-cli-binaries/releases/tag/v2.20.1)		                                                                        |  1.6.0                          | 0.0.4 | N/A                          | <todo> |
-| Windows 11, version <todo> |  [2.20.1](https://github.com/github/codeql-cli-binaries/releases/tag/v2.20.1)		                                                                        |  1.6.0                          | 0.0.4 | N/A                          | <todo> |
+| Windows Server 2025      |  [2.20.1](https://github.com/github/codeql-cli-binaries/releases/tag/v2.20.1)		                                                                        |  1.8.0                          | 0.0.4 | N/A                          | WHCP_25H2 |
+| Windows 11, version 25H2 |  [2.20.1](https://github.com/github/codeql-cli-binaries/releases/tag/v2.20.1)		                                                                        |  1.8.0                          | 0.0.4 | N/A                          | WHCP_25H2 |
 
 
 ### Special instructions for for WHCP_21H2 and WHCP_22H2 branches:

From d1c698cf334687e9f15d5bc67bae8d045f7c63e9 Mon Sep 17 00:00:00 2001
From: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>
Date: Mon, 28 Jul 2025 12:49:26 -0700
Subject: [PATCH 2/3] Update publish.yml to fix pre-release version

Signed-off-by: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>
---
 .github/workflows/publish.yml | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 1b89d525..c20a0e09 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -8,12 +8,9 @@ on:
         required: true
         type: string
       release-type:
-        description: 'Publish as a pre-release'
+        description: 'Publish with pre-release version'
         required: false
-        type: choice
-        options:
-          - alpha
-          - beta
+        type: string
         
 jobs:
   publish:

From 106b4c4d0aeab03e7045be0dbc1f390d05be0459 Mon Sep 17 00:00:00 2001
From: Chris Smowton <smowton@github.com>
Date: Mon, 13 Oct 2025 20:00:28 +0100
Subject: [PATCH 3/3] Map suppression names for irql-function-not-annotated

As noted at https://github.com/github/codeql/issues/20611 the suppression query doesn't currently accept the warning code for query `irql-function-not-annotated`.

Two related pieces of feedback--

1. The help page at https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/static-tools-and-codeql?tabs=whcp%2Clatest#suppressing-codeql-results uses incorrect syntax `#pragma(suppress:the-rule-id-here)` -- should be `#pragma prefast(suppress:the-rule-id-here)` or `#pragma warning(suppress:the-rule-id-here)`

2. The regex used to recognise these pragmas is quite brittle; consider accepting spaces between `prefast` or `warning` and the parenthesis, so as to recognise e.g. `#pragma warning (suppress:the-rule-id-here)`

Signed-off-by: Chris Smowton <smowton@github.com>
---
 src/drivers/libraries/Suppression.qll | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/drivers/libraries/Suppression.qll b/src/drivers/libraries/Suppression.qll
index a4223912..d69544bc 100644
--- a/src/drivers/libraries/Suppression.qll
+++ b/src/drivers/libraries/Suppression.qll
@@ -110,6 +110,9 @@ abstract class CASuppression extends PreprocessorPragma {
     this.getRuleName() = any(["__WARNING_PROTOTYPE_MISMATCH", "28127"]) and
     result = "lgtm[cpp/drivers/routine-function-type-not-expected]"
     or
+    this.getRuleName() = any(["__WARNING_UNEXPECTED_IRQL_CHANGE", "28167"]) and
+    result = "lgtm[cpp/drivers/irql-function-not-annotated]"
+    or
     result = "lgtm[" + this.getRuleName() + "]"
   }
 }