Cleanup of various issues before RI.

- Update name/message of KeSetEventPaged to KeSetEventPageable - Add missing diff for RoutineFunctionTypeNotExpected - Update baseline for KeWaitLocal - Add RoutineFunctionTypeNotExpected to ported_driver_ca_checks suite
microsoft · Nov 21, 2023 · 0976a3c · 0976a3c
1 parent 143fe74
commit 0976a3c
Show file tree

Hide file tree

Showing 11 changed files with 190 additions and 57 deletions.
diff --git a/...ueries/KeSetEventPaged/KeSetEventPaged.ql → .../KeSetEventPageable/KeSetEventPageable.ql b/...ueries/KeSetEventPaged/KeSetEventPaged.ql → .../KeSetEventPageable/KeSetEventPageable.ql
@@ -1,14 +1,14 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 /**
- * @id cpp/drivers/ke-set-event-irql
- * @name KeSetEvent called in paged segment with wait
- * @description Calles to KeSetEvent in a paged segment must not call with the Wait parameter set to true.  This can cause a system crash if the segment is paged out.
+ * @id cpp/drivers/ke-set-event-pageable
+ * @name KeSetEvent called in pageable segment with wait
+ * @description Calls to KeSetEvent in a pageable segment must not call with the Wait parameter set to true.  This can cause a system crash if the segment is paged out.
  * @platform Desktop
  * @security.severity Low
  * @feature.area Multiple
  * @impact Exploitable Design
- * @repro.text The following call to KeSetEvent has Wait set to true while in a paged segment.
+ * @repro.text The following call to KeSetEvent has Wait set to true while in a pageable segment.
  * @owner.email [email protected]
  * @opaqueid CQLD-D0004
  * @kind problem
@@ -32,5 +32,5 @@ where
   enclosingFunc = ksec.getEnclosingFunction() and
   ksec.getArgument(2).getValue() = "1"
 select ksec,
-  "$@: KeSetEvent should not be called with the Wait parameter set to true when in a paged function.",
+  "$@: KeSetEvent should not be called with the Wait parameter set to true when in a pageable segment.",
   ksec.getControlFlowScope(), ksec.getControlFlowScope().getQualifiedName()
diff --git a/...es/KeSetEventPaged/KeSetEventPaged.qlhelp → ...etEventPageable/KeSetEventPageable.qlhelp b/...es/KeSetEventPaged/KeSetEventPaged.qlhelp → ...etEventPageable/KeSetEventPageable.qlhelp
diff --git a/...ies/KeSetEventPaged/KeSetEventPaged.sarif → ...SetEventPageable/KeSetEventPageable.sarif b/...ies/KeSetEventPaged/KeSetEventPaged.sarif → ...SetEventPageable/KeSetEventPageable.sarif
@@ -24,41 +24,41 @@
           }
         } ],
         "rules" : [ {
-          "id" : "cpp/drivers/ke-set-event-irql",
-          "name" : "cpp/drivers/ke-set-event-irql",
+          "id" : "cpp/drivers/ke-set-event-pageable",
+          "name" : "cpp/drivers/ke-set-event-pageable",
           "shortDescription" : {
-            "text" : "KeSetEvent called in paged segment with wait"
+            "text" : "KeSetEvent called in pageable segment with wait"
           },
           "fullDescription" : {
-            "text" : "Calles to KeSetEvent in a paged segment must not call with the Wait parameter set to true. This can cause a system crash if the segment is paged out."
+            "text" : "Calls to KeSetEvent in a pageable segment must not call with the Wait parameter set to true. This can cause a system crash if the segment is paged out."
           },
           "defaultConfiguration" : {
             "enabled" : true,
-            "level" : "warning"
+            "level" : "error"
           },
           "properties" : {
             "tags" : [ "correctness", "wddst" ],
-            "description" : "Calles to KeSetEvent in a paged segment must not call with the Wait parameter set to true.  This can cause a system crash if the segment is paged out.",
+            "description" : "Calls to KeSetEvent in a pageable segment must not call with the Wait parameter set to true.  This can cause a system crash if the segment is paged out.",
             "feature.area" : "Multiple",
-            "id" : "cpp/drivers/ke-set-event-irql",
+            "id" : "cpp/drivers/ke-set-event-pageable",
             "impact" : "Exploitable Design",
             "kind" : "problem",
-            "name" : "KeSetEvent called in paged segment with wait",
+            "name" : "KeSetEvent called in pageable segment with wait",
             "opaqueid" : "CQLD-D0004",
             "owner.email" : "[email protected]",
             "platform" : "Desktop",
-            "precision" : "medium",
-            "problem.severity" : "warning",
+            "precision" : "high",
+            "problem.severity" : "error",
             "query-version" : "v1",
-            "repro.text" : "The following call to KeSetEvent has Wait set to true while in a paged segment.",
+            "repro.text" : "The following call to KeSetEvent has Wait set to true while in a pageable segment.",
             "scope" : "domainspecific",
             "security.severity" : "Low"
           }
         } ]
       },
       "extensions" : [ {
         "name" : "microsoft/windows-drivers",
-        "semanticVersion" : "0.2.0+234ee9b709196a3a802b2c02ad7945ba0dfb0ac0",
+        "semanticVersion" : "0.2.0+143fe74d66f4093412a7b21390672217b557bba2",
         "locations" : [ {
           "uri" : "file:///C:/codeql-home/Windows-Driver-Developer-Supplemental-Tools/src/",
           "description" : {
@@ -165,14 +165,14 @@
       }
     } ],
     "results" : [ {
-      "ruleId" : "cpp/drivers/ke-set-event-irql",
+      "ruleId" : "cpp/drivers/ke-set-event-pageable",
       "ruleIndex" : 0,
       "rule" : {
-        "id" : "cpp/drivers/ke-set-event-irql",
+        "id" : "cpp/drivers/ke-set-event-pageable",
         "index" : 0
       },
       "message" : {
-        "text" : "[KeSetEventIrql_Fail2](1): KeSetEvent should not be called with the Wait parameter set to true when in a paged function."
+        "text" : "[KeSetEventIrql_Fail2](1): KeSetEvent should not be called with the Wait parameter set to true when in a pageable segment."
       },
       "locations" : [ {
         "physicalLocation" : {
@@ -211,14 +211,14 @@
         }
       } ]
     }, {
-      "ruleId" : "cpp/drivers/ke-set-event-irql",
+      "ruleId" : "cpp/drivers/ke-set-event-pageable",
       "ruleIndex" : 0,
       "rule" : {
-        "id" : "cpp/drivers/ke-set-event-irql",
+        "id" : "cpp/drivers/ke-set-event-pageable",
         "index" : 0
       },
       "message" : {
-        "text" : "[KeSetEventIrql_Fail1](1): KeSetEvent should not be called with the Wait parameter set to true when in a paged function."
+        "text" : "[KeSetEventIrql_Fail1](1): KeSetEvent should not be called with the Wait parameter set to true when in a pageable segment."
       },
       "locations" : [ {
         "physicalLocation" : {

diff --git a/.../queries/KeSetEventPaged/driver_snippet.c → ...eries/KeSetEventPageable/driver_snippet.c b/.../queries/KeSetEventPaged/driver_snippet.c → ...eries/KeSetEventPageable/driver_snippet.c
diff --git a/src/drivers/test/build_create_analyze_test.cmd b/src/drivers/test/build_create_analyze_test.cmd
@@ -32,7 +32,7 @@ call :test IllegalFieldWrite WDMTestTemplate wdm queries
 call :test IllegalFieldAccess2 WDMTestTemplate wdm queries
 call :test RoutineFunctionTypeNotExpected WDMTestTemplate general queries
 call :test KeSetEventIrql WDMTestTemplate general queries\experimental
-call :test KeSetEventPaged WDMTestTemplate general queries
+call :test KeSetEventPageable WDMTestTemplate general queries
 
 exit /b 0
 

diff --git a/src/drivers/test/diff/KeSetEventPaged.sarif → ...rivers/test/diff/KeSetEventPageable.sarif b/src/drivers/test/diff/KeSetEventPaged.sarif → ...rivers/test/diff/KeSetEventPageable.sarif
diff --git a/src/drivers/test/diff/KeWaitLocal.sarif b/src/drivers/test/diff/KeWaitLocal.sarif
@@ -1,28 +1,17 @@
 {
     "all": {
-        "+": 1,
-        "-": 1
+        "+": 0,
+        "-": 0
     },
     "error": {
         "+": 0,
         "-": 0,
         "codes": []
     },
     "warning": {
-        "+": 1,
-        "-": 1,
-        "codes": [
-            [
-                "cpp/drivers/kewaitlocal-requires-kernel-mode [good_use](1): KeWaitForSingleObject should have a KernelMode AccessMode when the [first argument](2) is local",
-                0,
-                1
-            ],
-            [
-                "cpp/drivers/kewaitlocal-requires-kernel-mode KeWaitForSingleObject should have a KernelMode AccessMode when the first argument is local",
-                1,
-                0
-            ]
-        ]
+        "+": 0,
+        "-": 0,
+        "codes": []
     },
     "note": {
         "+": 0,

diff --git a/src/drivers/test/diff/RoutineFunctionTypeNotExpected.sarif b/src/drivers/test/diff/RoutineFunctionTypeNotExpected.sarif
@@ -0,0 +1,21 @@
+{
+    "all": {
+        "+": 0,
+        "-": 0
+    },
+    "error": {
+        "+": 0,
+        "-": 0,
+        "codes": []
+    },
+    "warning": {
+        "+": 0,
+        "-": 0,
+        "codes": []
+    },
+    "note": {
+        "+": 0,
+        "-": 0,
+        "codes": []
+    }
+}
diff --git a/src/drivers/wdm/queries/KeWaitLocal/KeWaitLocal.sarif b/src/drivers/wdm/queries/KeWaitLocal/KeWaitLocal.sarif
@@ -6,7 +6,23 @@
       "driver" : {
         "name" : "CodeQL",
         "organization" : "GitHub",
-        "semanticVersion" : "2.11.5",
+        "semanticVersion" : "2.15.1",
+        "notifications" : [ {
+          "id" : "cpp/baseline/expected-extracted-files",
+          "name" : "cpp/baseline/expected-extracted-files",
+          "shortDescription" : {
+            "text" : "Expected extracted files"
+          },
+          "fullDescription" : {
+            "text" : "Files appearing in the source archive that are expected to be extracted."
+          },
+          "defaultConfiguration" : {
+            "enabled" : true
+          },
+          "properties" : {
+            "tags" : [ "expected-extracted-files", "telemetry" ]
+          }
+        } ],
         "rules" : [ {
           "id" : "cpp/drivers/kewaitlocal-requires-kernel-mode",
           "name" : "cpp/drivers/kewaitlocal-requires-kernel-mode",
@@ -42,7 +58,7 @@
       },
       "extensions" : [ {
         "name" : "microsoft/windows-drivers",
-        "semanticVersion" : "0.1.0+c5706b97bc9d314a2dabbf2421005784dd3c1303",
+        "semanticVersion" : "0.2.0+143fe74d66f4093412a7b21390672217b557bba2",
         "locations" : [ {
           "uri" : "file:///C:/codeql-home/Windows-Driver-Developer-Supplemental-Tools/src/",
           "description" : {
@@ -54,28 +70,99 @@
             "text" : "The QL pack definition file."
           }
         } ]
+      } ]
+    },
+    "invocations" : [ {
+      "toolExecutionNotifications" : [ {
+        "locations" : [ {
+          "physicalLocation" : {
+            "artifactLocation" : {
+              "uri" : "driver/driver_snippet.c",
+              "uriBaseId" : "%SRCROOT%",
+              "index" : 0
+            }
+          }
+        } ],
+        "message" : {
+          "text" : ""
+        },
+        "level" : "none",
+        "descriptor" : {
+          "id" : "cpp/baseline/expected-extracted-files",
+          "index" : 0
+        },
+        "properties" : {
+          "formattedMessage" : {
+            "text" : ""
+          }
+        }
       }, {
-        "name" : "legacy-upgrades",
-        "semanticVersion" : "0.0.0",
         "locations" : [ {
-          "uri" : "file:///C:/codeql-home/codeql/legacy-upgrades/",
-          "description" : {
-            "text" : "The QL pack root directory."
+          "physicalLocation" : {
+            "artifactLocation" : {
+              "uri" : "driver/fail_driver1.c",
+              "uriBaseId" : "%SRCROOT%",
+              "index" : 1
+            }
           }
-        }, {
-          "uri" : "file:///C:/codeql-home/codeql/legacy-upgrades/qlpack.yml",
-          "description" : {
-            "text" : "The QL pack definition file."
+        } ],
+        "message" : {
+          "text" : ""
+        },
+        "level" : "none",
+        "descriptor" : {
+          "id" : "cpp/baseline/expected-extracted-files",
+          "index" : 0
+        },
+        "properties" : {
+          "formattedMessage" : {
+            "text" : ""
           }
-        } ]
-      } ]
-    },
+        }
+      }, {
+        "locations" : [ {
+          "physicalLocation" : {
+            "artifactLocation" : {
+              "uri" : "driver/fail_driver1.h",
+              "uriBaseId" : "%SRCROOT%",
+              "index" : 2
+            }
+          }
+        } ],
+        "message" : {
+          "text" : ""
+        },
+        "level" : "none",
+        "descriptor" : {
+          "id" : "cpp/baseline/expected-extracted-files",
+          "index" : 0
+        },
+        "properties" : {
+          "formattedMessage" : {
+            "text" : ""
+          }
+        }
+      } ],
+      "executionSuccessful" : true
+    } ],
     "artifacts" : [ {
       "location" : {
         "uri" : "driver/driver_snippet.c",
         "uriBaseId" : "%SRCROOT%",
         "index" : 0
       }
+    }, {
+      "location" : {
+        "uri" : "driver/fail_driver1.c",
+        "uriBaseId" : "%SRCROOT%",
+        "index" : 1
+      }
+    }, {
+      "location" : {
+        "uri" : "driver/fail_driver1.h",
+        "uriBaseId" : "%SRCROOT%",
+        "index" : 2
+      }
     } ],
     "results" : [ {
       "ruleId" : "cpp/drivers/kewaitlocal-requires-kernel-mode",
@@ -85,7 +172,7 @@
         "index" : 0
       },
       "message" : {
-        "text" : "KeWaitForSingleObject should have a KernelMode AccessMode when the first argument is local"
+        "text" : "[good_use](1): KeWaitForSingleObject should have a KernelMode AccessMode when the [first argument](2) is local"
       },
       "locations" : [ {
         "physicalLocation" : {
@@ -104,7 +191,42 @@
       "partialFingerprints" : {
         "primaryLocationLineHash" : "61bc3c7079348327:1",
         "primaryLocationStartColumnFingerprint" : "0"
-      }
+      },
+      "relatedLocations" : [ {
+        "id" : 1,
+        "physicalLocation" : {
+          "artifactLocation" : {
+            "uri" : "driver/driver_snippet.c",
+            "uriBaseId" : "%SRCROOT%",
+            "index" : 0
+          },
+          "region" : {
+            "startLine" : 7,
+            "startColumn" : 6,
+            "endColumn" : 14
+          }
+        },
+        "message" : {
+          "text" : "good_use"
+        }
+      }, {
+        "id" : 2,
+        "physicalLocation" : {
+          "artifactLocation" : {
+            "uri" : "driver/driver_snippet.c",
+            "uriBaseId" : "%SRCROOT%",
+            "index" : 0
+          },
+          "region" : {
+            "startLine" : 9,
+            "startColumn" : 12,
+            "endColumn" : 19
+          }
+        },
+        "message" : {
+          "text" : "first argument"
+        }
+      } ]
     } ],
     "columnKind" : "utf16CodeUnits",
     "properties" : {

diff --git a/src/suites/ported_driver_ca_checks.qls b/src/suites/ported_driver_ca_checks.qls
@@ -10,6 +10,7 @@
       - drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql
       - drivers/general/queries/IrqlNotSaved/IrqlNotSaved.ql
       - drivers/general/queries/IrqlNotUsed/IrqlNotUsed.ql
+      - drivers/general/queries/RoutineFunctionTypeNotExpected/RoutineFunctionTypeNotExpected.ql
       - drivers/general/queries/PoolTagIntegral/PoolTagIntegral.ql
       - drivers/general/queries/WdkDeprecatedApis/wdk-deprecated-api.ql
       - drivers/kmdf/queries/StrSafe/StrSafe.ql

diff --git a/src/suites/windows_driver_recommended.qls b/src/suites/windows_driver_recommended.qls
@@ -31,4 +31,4 @@
       - microsoft/Likely Bugs/Memory Management/UseAfterFree/UseAfterFree.ql
       - microsoft/Likely Bugs/UninitializedPtrField.ql
       - microsoft/Security/Crytpography/HardcodedIVCNG.ql
-      - drivers/general/queries/KeSetEventPaged/KeSetEventPaged.ql
+      - drivers/general/queries/KeSetEventPaged/KeSetEventPageable.ql