Role Types Correctly Used Query (#94)

* Initial work at IRQL-checking * Significant extra IRQL work. * In-progress work * More puttering around with IRQL * Update to CodeQL 2.14.4 Update cpp-all to 0.9.2, cpp-queries to 0.7.4 * Commit more IRQL code. Needs cleanup. * Some cleanup and minor fixes to entry IRQL evaluation. * Replace old Irql high/low checks with new version and update library. Still needs cleanup. * Irql.qll cleanup * Get rid of old prototype version of IrqlTooLow * Update README.md * Clean up file names * Clean up queries. * Update test script for IRQL queries. * Update build-codeql.yaml Signed-off-by: NateD-MSFT <[email protected]> * Update ported_driver_ca_checks.qls * Add IrqlSetTooHigh/IrqlSetTooLow queries. * Bugfix for IrqlTooHigh/IrqlTooLow The changes to Irql.qll needed for IrqlSetTooHigh, etc. means we are more likely to see IRQL evaluations that return -1. Update queries to exclude those numbers. * Fix test issues for several IRQL checks. * WIP unit tests for IrqlSetTooHigh and IrqlSetTooLow queries * WIP unit tests for IrqlSetTooHigh and IrqlSetTooLow queries * WIP more tests and comments * bug fixes * WIP updates to tests * WIP update tests * remove bad tests. Fix run script to run all tests again. run script now cleans first automatically. * update tests for IrqlSetTooHigh * WIP IrqlSetTooLow tests * Fix typo in Irql.qll * irqlSetTooHigh tests remove calls to KeGetCurrentIRQL as they are not needed * update IrqlSetTooLow tests * update tests. line 90 should be a failling test but isnt * fix IrqlLowerWithFunctionCall1 to call IrqlMinDispatchLowerIrql_fail1 * Revert"fix IrqlLowerWithFunctionCall1 to call IrqlMinDispatchLowerIrql_fail1" This reverts commit fd9084b. * fix IrqlLowerWithFunctionCall1 to call IrqlMinDispatchLowerIrql_fail1 * add WDF function class and structure class * add kmdf callback functions * syntax updates * add comments * Expand WdmDrivers.qll. Add missing WDM Callback Routine types and Role Type class * WIP query to check role types * queries for implicit and explicit role types * move implicit role type query to library as a class * update wdmdrivers.qll * RoleTypeCorrectlyUsed query * WIP * update query * WIP updating wdmdrivers.qll to better define role type functions * update query message * adding KMDF support for role types * updates to role type query for kmdf and wdm * move wdm role type query to wdm folder * WIP library for NDIS * WIP NDIS role type query * WIP storport library * WIP storport query * add irql level to wdm role types * create generic RoleTypes library to include wdm, kmdf, ndis, and storport * generic role type query * add function annotation role types. Add extra role types from wdfroletypes.h * ignore c++ functions for now until codeql issue figured out * update role type query to remove double results * update role type query * update sarif results, diff, and test script * fix conflict in WdmDrivers.qll * remove irql level from role type library due to conflict * fix WdmDrivers.qll * fix wdmdrivers.qll * remove irql library from wdmdrivers.qll * remove old/unused role type queries * Update src/drivers/storport/libraries/StorportDrivers.qll Co-authored-by: NateD-MSFT <[email protected]> Signed-off-by: Jacob Ronstadt <[email protected]> * Update src/drivers/storport/libraries/StorportDrivers.qll Co-authored-by: NateD-MSFT <[email protected]> Signed-off-by: Jacob Ronstadt <[email protected]> * Update src/drivers/storport/libraries/StorportDrivers.qll Co-authored-by: NateD-MSFT <[email protected]> Signed-off-by: Jacob Ronstadt <[email protected]> * Update src/drivers/storport/libraries/StorportDrivers.qll Co-authored-by: NateD-MSFT <[email protected]> Signed-off-by: Jacob Ronstadt <[email protected]> * Update src/drivers/storport/libraries/StorportDrivers.qll Co-authored-by: NateD-MSFT <[email protected]> Signed-off-by: Jacob Ronstadt <[email protected]> * fix issue causing problems with diffs * changes for pull request --------- Signed-off-by: NateD-MSFT <[email protected]> Signed-off-by: Jacob Ronstadt <[email protected]> Co-authored-by: NateD-MSFT <[email protected]>
microsoft · Dec 15, 2023 · f1b0cd2 · f1b0cd2
1 parent bc42bc2
commit f1b0cd2
Show file tree

Hide file tree

Showing 30 changed files with 3,135 additions and 402 deletions.
diff --git a/src/drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.ql b/src/drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.ql
@@ -0,0 +1,39 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * @id cpp/drivers/role-type-correctly-used
+ * @kind problem
+ * @name Incorrect Role Type Use
+ * @description A function is declared with a role type but used as an argument in a function that expects a different role type for that argument.
+ * @platform Desktop
+ * @feature.area Multiple
+ * @impact Insecure Coding Practice
+ * @repro.text
+ * @owner.email: [email protected]
+ * @opaqueid CQLD-C28147e
+ * @problem.severity warning
+ * @precision medium
+ * @tags correctness
+ * @scope domainspecific
+ * @query-version v1
+ */
+
+import cpp
+import drivers.libraries.RoleTypes
+import semmle.code.cpp.TypedefType
+
+from ImplicitRoleTypeFunction irtf, Function f, string rtActual, string rtExpected
+where
+  irtf.getActualRoleTypeString() != irtf.getExpectedRoleTypeString() and
+  f = irtf.getFunctionUse().getTarget() and
+  (
+    if f instanceof RoleTypeFunction
+    then rtActual = f.(RoleTypeFunction).getRoleTypeString()
+    else rtActual = "<NO_ROLE_TYPE>"
+  ) and
+  rtExpected = irtf.getExpectedRoleTypeString() and
+  not isEqualRoleTypes(rtExpected, rtActual)
+select irtf.getFunctionUse(),
+  "Function " + f.toString() + " declared with role type " + rtActual + " but role type " + rtExpected +
+    " is expected."
+
diff --git a/src/drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.qlhelp b/src/drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.qlhelp
@@ -0,0 +1,28 @@
+<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
+<qhelp>
+	<overview>
+		<p>
+			Driver entry point functions should be declared with a function role type.
+		</p>
+	</overview>
+	<recommendation>
+		<p>
+			Make sure the role type of the function being used matches the expected role type.
+		</p>
+	</recommendation>
+	<example>
+		<sample src="driver_snippet.c" />
+	</example>
+	<semmleNotes>
+		<p>
+			C++ functions not currently supported. See https://github.com/github/codeql/issues/14869
+		</p>
+	</semmleNotes>
+	<references>
+		<li>
+			<a href="https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/declaring-functions-using-function-role-types-for-wdm-drivers">
+				C28158 warning - Windows Drivers
+			</a>
+		</li>
+	</references>
+</qhelp>
diff --git a/src/drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.sarif b/src/drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.sarif
@@ -0,0 +1,172 @@
+{
+  "$schema" : "https://json.schemastore.org/sarif-2.1.0.json",
+  "version" : "2.1.0",
+  "runs" : [ {
+    "tool" : {
+      "driver" : {
+        "name" : "CodeQL",
+        "organization" : "GitHub",
+        "semanticVersion" : "2.14.6",
+        "notifications" : [ {
+          "id" : "cpp/baseline/expected-extracted-files",
+          "name" : "cpp/baseline/expected-extracted-files",
+          "shortDescription" : {
+            "text" : "Expected extracted files"
+          },
+          "fullDescription" : {
+            "text" : "Files appearing in the source archive that are expected to be extracted."
+          },
+          "defaultConfiguration" : {
+            "enabled" : true
+          },
+          "properties" : {
+            "tags" : [ "expected-extracted-files", "telemetry" ]
+          }
+        } ],
+        "rules" : [ {
+          "id" : "cpp/drivers/role-type-correctly-used",
+          "name" : "cpp/drivers/role-type-correctly-used",
+          "shortDescription" : {
+            "text" : "Incorrect Role Type Use"
+          },
+          "fullDescription" : {
+            "text" : "A function is declared with a role type but used as an argument in a function that expects a different role type for that argument."
+          },
+          "defaultConfiguration" : {
+            "enabled" : true,
+            "level" : "warning"
+          },
+          "properties" : {
+            "tags" : [ "correctness" ],
+            "description" : "A function is declared with a role type but used as an argument in a function that expects a different role type for that argument.",
+            "feature.area" : "Multiple",
+            "id" : "cpp/drivers/role-type-correctly-used",
+            "impact" : "Insecure Coding Practice",
+            "kind" : "problem",
+            "name" : "Incorrect Role Type Use",
+            "opaqueid" : "CQLD-C28147e",
+            "owner.email:" : "[email protected]",
+            "platform" : "Desktop",
+            "precision" : "medium",
+            "problem.severity" : "warning",
+            "query-version" : "v1",
+            "repro.text" : "",
+            "scope" : "domainspecific"
+          }
+        } ]
+      },
+      "extensions" : [ {
+        "name" : "microsoft/windows-drivers",
+        "semanticVersion" : "0.2.0+688db58415e76d66f8b04a2bb6931f3d56028174",
+        "locations" : [ {
+          "uri" : "file:///C:/codeql-home/Windows-Driver-Developer-Supplemental-Tools/src/",
+          "description" : {
+            "text" : "The QL pack root directory."
+          }
+        }, {
+          "uri" : "file:///C:/codeql-home/Windows-Driver-Developer-Supplemental-Tools/src/qlpack.yml",
+          "description" : {
+            "text" : "The QL pack definition file."
+          }
+        } ]
+      } ]
+    },
+    "invocations" : [ {
+      "toolExecutionNotifications" : [ {
+        "locations" : [ {
+          "physicalLocation" : {
+            "artifactLocation" : {
+              "uri" : "driver/fail_driver1.c",
+              "uriBaseId" : "%SRCROOT%",
+              "index" : 0
+            }
+          }
+        } ],
+        "message" : {
+          "text" : ""
+        },
+        "level" : "none",
+        "descriptor" : {
+          "id" : "cpp/baseline/expected-extracted-files",
+          "index" : 0
+        },
+        "properties" : {
+          "formattedMessage" : {
+            "text" : ""
+          }
+        }
+      }, {
+        "locations" : [ {
+          "physicalLocation" : {
+            "artifactLocation" : {
+              "uri" : "driver/driver_snippet.c",
+              "uriBaseId" : "%SRCROOT%",
+              "index" : 1
+            }
+          }
+        } ],
+        "message" : {
+          "text" : ""
+        },
+        "level" : "none",
+        "descriptor" : {
+          "id" : "cpp/baseline/expected-extracted-files",
+          "index" : 0
+        },
+        "properties" : {
+          "formattedMessage" : {
+            "text" : ""
+          }
+        }
+      }, {
+        "locations" : [ {
+          "physicalLocation" : {
+            "artifactLocation" : {
+              "uri" : "driver/fail_driver1.h",
+              "uriBaseId" : "%SRCROOT%",
+              "index" : 2
+            }
+          }
+        } ],
+        "message" : {
+          "text" : ""
+        },
+        "level" : "none",
+        "descriptor" : {
+          "id" : "cpp/baseline/expected-extracted-files",
+          "index" : 0
+        },
+        "properties" : {
+          "formattedMessage" : {
+            "text" : ""
+          }
+        }
+      } ],
+      "executionSuccessful" : true
+    } ],
+    "artifacts" : [ {
+      "location" : {
+        "uri" : "driver/fail_driver1.c",
+        "uriBaseId" : "%SRCROOT%",
+        "index" : 0
+      }
+    }, {
+      "location" : {
+        "uri" : "driver/driver_snippet.c",
+        "uriBaseId" : "%SRCROOT%",
+        "index" : 1
+      }
+    }, {
+      "location" : {
+        "uri" : "driver/fail_driver1.h",
+        "uriBaseId" : "%SRCROOT%",
+        "index" : 2
+      }
+    } ],
+    "results" : [ ],
+    "columnKind" : "utf16CodeUnits",
+    "properties" : {
+      "semmle.formatSpecifier" : "sarifv2.1.0"
+    }
+  } ]
+}
diff --git a/src/drivers/general/queries/RoleTypeCorrectlyUsed/driver_snippet.c b/src/drivers/general/queries/RoleTypeCorrectlyUsed/driver_snippet.c
@@ -0,0 +1,10 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+
+//Macros to enable or disable a code section that may or maynot conflict with this test.
+#define SET_DISPATCH 1
+
+//Template function. Not used for this test.
+void top_level_call(){
+}
+
diff --git a/src/drivers/general/queries/experimental/IrqlSetTooHigh/IrqlSetTooHigh.sarif b/src/drivers/general/queries/experimental/IrqlSetTooHigh/IrqlSetTooHigh.sarif
@@ -422,4 +422,4 @@
       "semmle.formatSpecifier" : "sarifv2.1.0"
     }
   } ]
-}
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -422,4 +422,4 @@ @@
           "semmle.formatSpecifier" : "sarifv2.1.0"
         }
       } ]
-    }
+    }