Skip to content

Commit

Permalink
Port C28127 to CodeQL query (#87)
Browse files Browse the repository at this point in the history 
* codeql port of code analysis rule C28127

---------

Co-authored-by: NateD-MSFT <[email protected]>
  • Loading branch information
@jacob-ronstadt @NateD-MSFT
jacob-ronstadt and NateD-MSFT authored Oct 25, 2023
1 parent 1093495 commit 1afd4c0
Show file tree
Hide file tree
Showing 5 changed files with 437 additions and 0 deletions.
38 changes: 38 additions & 0 deletions src/drivers/general/queries/RoutineFunctionTypeNotExpected/RoutineFunctionTypeNotExpected.ql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT license.
/**
* @id cpp/drivers/routine-function-type-not-expected
* @kind problem
* @name Unexpected function return type for routine (C28127)
* @description The function being used as a routine does not exactly match the type expected.
* @platform Desktop
* @security.severity Low
* @feature.area Multiple
* @impact Attack Surface Reduction
* @repro.text The following code locations use a function pointer with a return type that does not match the expected type
* @owner.email [email protected]
* @opaqueid CQLD-C28127
* @problem.severity warning
* @precision high
* @tags correctness
* wddst
* @scope domainspecific
* @query-version v1
*/

import cpp

from FunctionCall fc, Parameter p, int n
where
p.getFunction() = fc.getTarget() and
p.getUnspecifiedType() instanceof FunctionPointerType and
p.getIndex() = n and
fc.getArgument(n).getUnspecifiedType() instanceof FunctionPointerType and
fc.getArgument(n).getUnspecifiedType().(FunctionPointerType).getReturnType().getUnspecifiedType() !=
p.getUnspecifiedType().(FunctionPointerType).getReturnType().getUnspecifiedType()

select fc,
"Function " + fc + " may use a function pointer (" + fc.getArgument(n) +
") with an unexpected return type: " +
fc.getArgument(n).getUnspecifiedType().(FunctionPointerType).getReturnType() + " expected: " +
p.getUnspecifiedType().(FunctionPointerType).getReturnType()
23 changes: 23 additions & 0 deletions ...vers/general/queries/RoutineFunctionTypeNotExpected/RoutineFunctionTypeNotExpected.qlhelp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
<qhelp>
<overview>
<p>
The return type of a function pointer used in a function call should match the declaration of the calling function
</p>
</overview>
<recommendation>
<p>
Verify function pointer is correct
</p>
</recommendation>
<example>
<sample src="driver_snippet.c" />
</example>
<references>
<li>
<a href="https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/28127-function-routine-mismatch">
C28127 warning - Windows Drivers
</a>
</li>
</references>
</qhelp>
313 changes: 313 additions & 0 deletions ...ivers/general/queries/RoutineFunctionTypeNotExpected/RoutineFunctionTypeNotExpected.sarif
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,313 @@
{
"$schema" : "https://json.schemastore.org/sarif-2.1.0.json",
"version" : "2.1.0",
"runs" : [ {
"tool" : {
"driver" : {
"name" : "CodeQL",
"organization" : "GitHub",
"semanticVersion" : "2.14.6",
"notifications" : [ {
"id" : "cpp/baseline/expected-extracted-files",
"name" : "cpp/baseline/expected-extracted-files",
"shortDescription" : {
"text" : "Expected extracted files"
},
"fullDescription" : {
"text" : "Files appearing in the source archive that are expected to be extracted."
},
"defaultConfiguration" : {
"enabled" : true
},
"properties" : {
"tags" : [ "expected-extracted-files", "telemetry" ]
}
} ],
"rules" : [ {
"id" : "cpp/drivers/routine-function-type-not-expected",
"name" : "cpp/drivers/routine-function-type-not-expected",
"shortDescription" : {
"text" : "Unexpected function return type for routine (C28127)"
},
"fullDescription" : {
"text" : "The function being used as a routine does not exactly match the type expected."
},
"defaultConfiguration" : {
"enabled" : true,
"level" : "warning"
},
"properties" : {
"tags" : [ "correctness", "wddst" ],
"description" : "The function being used as a routine does not exactly match the type expected.",
"feature.area" : "Multiple",
"id" : "cpp/drivers/routine-function-type-not-expected",
"impact" : "Attack Surface Reduction",
"kind" : "problem",
"name" : "Unexpected function return type for routine (C28127)",
"opaqueid" : "CQLD-C28127",
"owner.email" : "[email protected]",
"platform" : "Desktop",
"precision" : "high",
"problem.severity" : "warning",
"query-version" : "v1",
"repro.text" : "The following code locations use a function pointer with a return type that does not match the expected type",
"scope" : "domainspecific",
"security.severity" : "Low"
}
} ]
},
"extensions" : [ {
"name" : "microsoft/windows-drivers",
"semanticVersion" : "0.1.0+626ab2156fae247d66b189fb2fa9a69c03082e3a",
"locations" : [ {
"uri" : "file:///c:/codeql-home/Windows-Driver-Developer-Supplemental-Tools/src/",
"description" : {
"text" : "The QL pack root directory."
}
}, {
"uri" : "file:///c:/codeql-home/Windows-Driver-Developer-Supplemental-Tools/src/qlpack.yml",
"description" : {
"text" : "The QL pack definition file."
}
} ]
} ]
},
"invocations" : [ {
"toolExecutionNotifications" : [ {
"locations" : [ {
"physicalLocation" : {
"artifactLocation" : {
"uri" : "driver/fail_driver1.c",
"uriBaseId" : "%SRCROOT%",
"index" : 1
}
}
} ],
"message" : {
"text" : ""
},
"level" : "none",
"descriptor" : {
"id" : "cpp/baseline/expected-extracted-files",
"index" : 0
},
"properties" : {
"formattedMessage" : {
"text" : ""
}
}
}, {
"locations" : [ {
"physicalLocation" : {
"artifactLocation" : {
"uri" : "driver/driver_snippet.c",
"uriBaseId" : "%SRCROOT%",
"index" : 0
}
}
} ],
"message" : {
"text" : ""
},
"level" : "none",
"descriptor" : {
"id" : "cpp/baseline/expected-extracted-files",
"index" : 0
},
"properties" : {
"formattedMessage" : {
"text" : ""
}
}
}, {
"locations" : [ {
"physicalLocation" : {
"artifactLocation" : {
"uri" : "driver/fail_driver1.h",
"uriBaseId" : "%SRCROOT%",
"index" : 2
}
}
} ],
"message" : {
"text" : ""
},
"level" : "none",
"descriptor" : {
"id" : "cpp/baseline/expected-extracted-files",
"index" : 0
},
"properties" : {
"formattedMessage" : {
"text" : ""
}
}
} ],
"executionSuccessful" : true
} ],
"artifacts" : [ {
"location" : {
"uri" : "driver/driver_snippet.c",
"uriBaseId" : "%SRCROOT%",
"index" : 0
}
}, {
"location" : {
"uri" : "driver/fail_driver1.c",
"uriBaseId" : "%SRCROOT%",
"index" : 1
}
}, {
"location" : {
"uri" : "driver/fail_driver1.h",
"uriBaseId" : "%SRCROOT%",
"index" : 2
}
} ],
"results" : [ {
"ruleId" : "cpp/drivers/routine-function-type-not-expected",
"ruleIndex" : 0,
"rule" : {
"id" : "cpp/drivers/routine-function-type-not-expected",
"index" : 0
},
"message" : {
"text" : "Function call to functionCallThatUsesFunctionPointer may use a function pointer (fun_ptr1) with an unexpected return type: int expected: void"
},
"locations" : [ {
"physicalLocation" : {
"artifactLocation" : {
"uri" : "driver/driver_snippet.c",
"uriBaseId" : "%SRCROOT%",
"index" : 0
},
"region" : {
"startLine" : 52,
"startColumn" : 5,
"endColumn" : 40
}
}
} ],
"partialFingerprints" : {
"primaryLocationLineHash" : "b6c3b797b0277bdd:1",
"primaryLocationStartColumnFingerprint" : "0"
}
}, {
"ruleId" : "cpp/drivers/routine-function-type-not-expected",
"ruleIndex" : 0,
"rule" : {
"id" : "cpp/drivers/routine-function-type-not-expected",
"index" : 0
},
"message" : {
"text" : "Function call to functionCallThatUsesFunctionPointer may use a function pointer (f3) with an unexpected return type: int expected: void"
},
"locations" : [ {
"physicalLocation" : {
"artifactLocation" : {
"uri" : "driver/driver_snippet.c",
"uriBaseId" : "%SRCROOT%",
"index" : 0
},
"region" : {
"startLine" : 54,
"startColumn" : 5,
"endColumn" : 40
}
}
} ],
"partialFingerprints" : {
"primaryLocationLineHash" : "789a3ee1dd677a33:1",
"primaryLocationStartColumnFingerprint" : "0"
}
}, {
"ruleId" : "cpp/drivers/routine-function-type-not-expected",
"ruleIndex" : 0,
"rule" : {
"id" : "cpp/drivers/routine-function-type-not-expected",
"index" : 0
},
"message" : {
"text" : "Function call to functionCallThatUsesFunctionPointer may use a function pointer (& ...) with an unexpected return type: int expected: void"
},
"locations" : [ {
"physicalLocation" : {
"artifactLocation" : {
"uri" : "driver/driver_snippet.c",
"uriBaseId" : "%SRCROOT%",
"index" : 0
},
"region" : {
"startLine" : 56,
"startColumn" : 5,
"endColumn" : 40
}
}
} ],
"partialFingerprints" : {
"primaryLocationLineHash" : "b16f3331cfb3f2dd:1",
"primaryLocationStartColumnFingerprint" : "0"
}
}, {
"ruleId" : "cpp/drivers/routine-function-type-not-expected",
"ruleIndex" : 0,
"rule" : {
"id" : "cpp/drivers/routine-function-type-not-expected",
"index" : 0
},
"message" : {
"text" : "Function call to functionCallThatUsesFunctionPointer may use a function pointer (intFunctionToCall) with an unexpected return type: int expected: void"
},
"locations" : [ {
"physicalLocation" : {
"artifactLocation" : {
"uri" : "driver/driver_snippet.c",
"uriBaseId" : "%SRCROOT%",
"index" : 0
},
"region" : {
"startLine" : 59,
"startColumn" : 5,
"endColumn" : 40
}
}
} ],
"partialFingerprints" : {
"primaryLocationLineHash" : "8a5840d23f7ece01:1",
"primaryLocationStartColumnFingerprint" : "0"
}
}, {
"ruleId" : "cpp/drivers/routine-function-type-not-expected",
"ruleIndex" : 0,
"rule" : {
"id" : "cpp/drivers/routine-function-type-not-expected",
"index" : 0
},
"message" : {
"text" : "Function call to functionCallThatUsesFunctionPointer2 may use a function pointer (intFunctionToCall) with an unexpected return type: int expected: void"
},
"locations" : [ {
"physicalLocation" : {
"artifactLocation" : {
"uri" : "driver/driver_snippet.c",
"uriBaseId" : "%SRCROOT%",
"index" : 0
},
"region" : {
"startLine" : 61,
"startColumn" : 5,
"endColumn" : 41
}
}
} ],
"partialFingerprints" : {
"primaryLocationLineHash" : "b2e192116459028c:1",
"primaryLocationStartColumnFingerprint" : "0"
}
} ],
"columnKind" : "utf16CodeUnits",
"properties" : {
"semmle.formatSpecifier" : "sarifv2.1.0"
}
} ]
}
Loading

0 comments on commit 1afd4c0

Please sign in to comment.