Role Types Correctly Used Query

src/drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.ql

@@ -0,0 +1,39 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * @id cpp/drivers/role-type-correctly-used
+ * @kind problem
+ * @name Incorrect Role Type Use
+ * @description A function is declared with a role type but used as an argument in a function that expects a different role type for that argument.
+ * @platform Desktop
+ * @feature.area Multiple
+ * @impact Insecure Coding Practice
+ * @repro.text
+ * @owner.email: [email protected]
+ * @opaqueid CQLD-C28147e
+ * @problem.severity warning
+ * @precision medium
+ * @tags correctness
+ * @scope domainspecific
+ * @query-version v1
+ */
+
+import cpp
+import drivers.libraries.RoleTypes
+import semmle.code.cpp.TypedefType
+
+from ImplicitRoleTypeFunction irtf, Function f, string rtActual, string rtExpected
+where
+  irtf.getActualRoleTypeString() != irtf.getExpectedRoleTypeString() and
+  f = irtf.getFunctionUse().getTarget() and
+  (
+    if f instanceof RoleTypeFunction
+    then rtActual = f.(RoleTypeFunction).getRoleTypeString()
+    else rtActual = "<NO_ROLE_TYPE>"
+  ) and
+  rtExpected = irtf.getExpectedRoleTypeString() and
+  not isEqualRoleTypes(rtExpected, rtActual)
+select irtf.getFunctionUse(),
+  "Function " + f.toString() + " declared with role type " + rtActual + " but role type " + rtExpected +
+    " is expected."
+

src/drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.qlhelp

@@ -0,0 +1,28 @@
+<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
+<qhelp>
+	<overview>
+		<p>
+			Driver entry point functions should be declared with a function role type.
+		</p>
+	</overview>
+	<recommendation>
+		<p>
+			Make sure the role type of the function being used matches the expected role type.
+		</p>
+	</recommendation>
+	<example>
+		<sample src="driver_snippet.c" />
+	</example>
+	<semmleNotes>
+		<p>
+			C++ functions not currently supported. See https://github.com/github/codeql/issues/14869
+		</p>
+	</semmleNotes>
+	<references>
+		<li>
+			<a href="https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/declaring-functions-using-function-role-types-for-wdm-drivers">
+				C28158 warning - Windows Drivers
+			</a>
+		</li>
+	</references>
+</qhelp>

src/drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.sarif

@@ -0,0 +1,200 @@
+{
+  "$schema" : "https://json.schemastore.org/sarif-2.1.0.json",
+  "version" : "2.1.0",
+  "runs" : [ {
+    "tool" : {
+      "driver" : {
+        "name" : "CodeQL",
+        "organization" : "GitHub",
+        "semanticVersion" : "2.14.6",
+        "notifications" : [ {
+          "id" : "cpp/baseline/expected-extracted-files",
+          "name" : "cpp/baseline/expected-extracted-files",
+          "shortDescription" : {
+            "text" : "Expected extracted files"
+          },
+          "fullDescription" : {
+            "text" : "Files appearing in the source archive that are expected to be extracted."
+          },
+          "defaultConfiguration" : {
+            "enabled" : true
+          },
+          "properties" : {
+            "tags" : [ "expected-extracted-files", "telemetry" ]
+          }
+        } ],
+        "rules" : [ {
+          "id" : "cpp/drivers/role-type-correctly-used",
+          "name" : "cpp/drivers/role-type-correctly-used",
+          "shortDescription" : {
+            "text" : "Incorrect Role Type Use"
+          },
+          "fullDescription" : {
+            "text" : "A function is declared with a role type but used as an argument in a function that expects a different role type for that argument."
+          },
+          "defaultConfiguration" : {
+            "enabled" : true,
+            "level" : "warning"
+          },
+          "properties" : {
+            "tags" : [ "correctness" ],
+            "description" : "A function is declared with a role type but used as an argument in a function that expects a different role type for that argument.",
+            "feature.area" : "Multiple",
+            "id" : "cpp/drivers/role-type-correctly-used",
+            "impact" : "Insecure Coding Practice",
+            "kind" : "problem",
+            "name" : "Incorrect Role Type Use",
+            "opaqueid" : "CQLD-C28147e",
+            "owner.email:" : "[email protected]",
+            "platform" : "Desktop",
+            "precision" : "medium",
+            "problem.severity" : "warning",
+            "query-version" : "v1",
+            "repro.text" : "",
+            "scope" : "domainspecific"
+          }
+        } ]
+      },
+      "extensions" : [ {
+        "name" : "microsoft/windows-drivers",
+        "semanticVersion" : "0.2.0+89c5bbb932add8b9f527d104a47ab0828cb93370",
+        "locations" : [ {
+          "uri" : "file:///C:/codeql-home/Windows-Driver-Developer-Supplemental-Tools/src/",
+          "description" : {
+            "text" : "The QL pack root directory."
+          }
+        }, {
+          "uri" : "file:///C:/codeql-home/Windows-Driver-Developer-Supplemental-Tools/src/qlpack.yml",
+          "description" : {
+            "text" : "The QL pack definition file."
+          }
+        } ]
+      } ]
+    },
+    "invocations" : [ {
+      "toolExecutionNotifications" : [ {
+        "locations" : [ {
+          "physicalLocation" : {
+            "artifactLocation" : {
+              "uri" : "driver/driver_snippet.c",
+              "uriBaseId" : "%SRCROOT%",
+              "index" : 1
+            }
+          }
+        } ],
+        "message" : {
+          "text" : ""
+        },
+        "level" : "none",
+        "descriptor" : {
+          "id" : "cpp/baseline/expected-extracted-files",
+          "index" : 0
+        },
+        "properties" : {
+          "formattedMessage" : {
+            "text" : ""
+          }
+        }
+      }, {
+        "locations" : [ {
+          "physicalLocation" : {
+            "artifactLocation" : {
+              "uri" : "driver/fail_driver1.c",
+              "uriBaseId" : "%SRCROOT%",
+              "index" : 0
+            }
+          }
+        } ],
+        "message" : {
+          "text" : ""
+        },
+        "level" : "none",
+        "descriptor" : {
+          "id" : "cpp/baseline/expected-extracted-files",
+          "index" : 0
+        },
+        "properties" : {
+          "formattedMessage" : {
+            "text" : ""
+          }
+        }
+      }, {
+        "locations" : [ {
+          "physicalLocation" : {
+            "artifactLocation" : {
+              "uri" : "driver/fail_driver1.h",
+              "uriBaseId" : "%SRCROOT%",
+              "index" : 2
+            }
+          }
+        } ],
+        "message" : {
+          "text" : ""
+        },
+        "level" : "none",
+        "descriptor" : {
+          "id" : "cpp/baseline/expected-extracted-files",
+          "index" : 0
+        },
+        "properties" : {
+          "formattedMessage" : {
+            "text" : ""
+          }
+        }
+      } ],
+      "executionSuccessful" : true
+    } ],
+    "artifacts" : [ {
+      "location" : {
+        "uri" : "driver/fail_driver1.c",
+        "uriBaseId" : "%SRCROOT%",
+        "index" : 0
+      }
+    }, {
+      "location" : {
+        "uri" : "driver/driver_snippet.c",
+        "uriBaseId" : "%SRCROOT%",
+        "index" : 1
+      }
+    }, {
+      "location" : {
+        "uri" : "driver/fail_driver1.h",
+        "uriBaseId" : "%SRCROOT%",
+        "index" : 2
+      }
+    } ],
+    "results" : [ {
+      "ruleId" : "cpp/drivers/role-type-correctly-used",
+      "ruleIndex" : 0,
+      "rule" : {
+        "id" : "cpp/drivers/role-type-correctly-used",
+        "index" : 0
+      },
+      "message" : {
+        "text" : "Function DriverUnload declared with role type <NO_ROLE_TYPE> but role type DRIVER_UNLOAD is expected."
+      },
+      "locations" : [ {
+        "physicalLocation" : {
+          "artifactLocation" : {
+            "uri" : "driver/fail_driver1.c",
+            "uriBaseId" : "%SRCROOT%",
+            "index" : 0
+          },
+          "region" : {
+            "startLine" : 83,
+            "startColumn" : 60,
+            "endColumn" : 72
+          }
+        }
+      } ],
+      "partialFingerprints" : {
+        "primaryLocationLineHash" : "b54b2cfbe2573eb8:1",
+        "primaryLocationStartColumnFingerprint" : "55"
+      }
+    } ],
+    "columnKind" : "utf16CodeUnits",
+    "properties" : {
+      "semmle.formatSpecifier" : "sarifv2.1.0"
+    }
+  } ]
+}

src/drivers/general/queries/RoleTypeCorrectlyUsed/driver_snippet.c

@@ -0,0 +1,10 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+
+//Macros to enable or disable a code section that may or maynot conflict with this test.
+#define SET_DISPATCH 1
+
+//Template function. Not used for this test.
+void top_level_call(){
+}
+

src/drivers/general/queries/experimental/IrqlSetTooHigh/IrqlSetTooHigh.sarif

@@ -422,4 +422,4 @@
       "semmle.formatSpecifier" : "sarifv2.1.0"
     }
   } ]
-}
+}