Skip to content

Commit 0976a3c

Browse files
committed
Cleanup of various issues before RI.
- Update name/message of KeSetEventPaged to KeSetEventPageable - Add missing diff for RoutineFunctionTypeNotExpected - Update baseline for KeWaitLocal - Add RoutineFunctionTypeNotExpected to ported_driver_ca_checks suite
1 parent 143fe74 commit 0976a3c

11 files changed

Lines changed: 190 additions & 57 deletions

src/drivers/general/queries/KeSetEventPaged/KeSetEventPaged.ql renamed to src/drivers/general/queries/KeSetEventPageable/KeSetEventPageable.ql

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,14 @@
11
// Copyright (c) Microsoft Corporation.
22
// Licensed under the MIT license.
33
/**
4-
* @id cpp/drivers/ke-set-event-irql
5-
* @name KeSetEvent called in paged segment with wait
6-
* @description Calles to KeSetEvent in a paged segment must not call with the Wait parameter set to true. This can cause a system crash if the segment is paged out.
4+
* @id cpp/drivers/ke-set-event-pageable
5+
* @name KeSetEvent called in pageable segment with wait
6+
* @description Calls to KeSetEvent in a pageable segment must not call with the Wait parameter set to true. This can cause a system crash if the segment is paged out.
77
* @platform Desktop
88
* @security.severity Low
99
* @feature.area Multiple
1010
* @impact Exploitable Design
11-
* @repro.text The following call to KeSetEvent has Wait set to true while in a paged segment.
11+
* @repro.text The following call to KeSetEvent has Wait set to true while in a pageable segment.
1212
* @owner.email sdat@microsoft.com
1313
* @opaqueid CQLD-D0004
1414
* @kind problem
@@ -32,5 +32,5 @@ where
3232
enclosingFunc = ksec.getEnclosingFunction() and
3333
ksec.getArgument(2).getValue() = "1"
3434
select ksec,
35-
"$@: KeSetEvent should not be called with the Wait parameter set to true when in a paged function.",
35+
"$@: KeSetEvent should not be called with the Wait parameter set to true when in a pageable segment.",
3636
ksec.getControlFlowScope(), ksec.getControlFlowScope().getQualifiedName()

src/drivers/general/queries/KeSetEventPaged/KeSetEventPaged.qlhelp renamed to src/drivers/general/queries/KeSetEventPageable/KeSetEventPageable.qlhelp

File renamed without changes.

src/drivers/general/queries/KeSetEventPaged/KeSetEventPaged.sarif renamed to src/drivers/general/queries/KeSetEventPageable/KeSetEventPageable.sarif

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -24,41 +24,41 @@
2424
}
2525
} ],
2626
"rules" : [ {
27-
"id" : "cpp/drivers/ke-set-event-irql",
28-
"name" : "cpp/drivers/ke-set-event-irql",
27+
"id" : "cpp/drivers/ke-set-event-pageable",
28+
"name" : "cpp/drivers/ke-set-event-pageable",
2929
"shortDescription" : {
30-
"text" : "KeSetEvent called in paged segment with wait"
30+
"text" : "KeSetEvent called in pageable segment with wait"
3131
},
3232
"fullDescription" : {
33-
"text" : "Calles to KeSetEvent in a paged segment must not call with the Wait parameter set to true. This can cause a system crash if the segment is paged out."
33+
"text" : "Calls to KeSetEvent in a pageable segment must not call with the Wait parameter set to true. This can cause a system crash if the segment is paged out."
3434
},
3535
"defaultConfiguration" : {
3636
"enabled" : true,
37-
"level" : "warning"
37+
"level" : "error"
3838
},
3939
"properties" : {
4040
"tags" : [ "correctness", "wddst" ],
41-
"description" : "Calles to KeSetEvent in a paged segment must not call with the Wait parameter set to true. This can cause a system crash if the segment is paged out.",
41+
"description" : "Calls to KeSetEvent in a pageable segment must not call with the Wait parameter set to true. This can cause a system crash if the segment is paged out.",
4242
"feature.area" : "Multiple",
43-
"id" : "cpp/drivers/ke-set-event-irql",
43+
"id" : "cpp/drivers/ke-set-event-pageable",
4444
"impact" : "Exploitable Design",
4545
"kind" : "problem",
46-
"name" : "KeSetEvent called in paged segment with wait",
46+
"name" : "KeSetEvent called in pageable segment with wait",
4747
"opaqueid" : "CQLD-D0004",
4848
"owner.email" : "sdat@microsoft.com",
4949
"platform" : "Desktop",
50-
"precision" : "medium",
51-
"problem.severity" : "warning",
50+
"precision" : "high",
51+
"problem.severity" : "error",
5252
"query-version" : "v1",
53-
"repro.text" : "The following call to KeSetEvent has Wait set to true while in a paged segment.",
53+
"repro.text" : "The following call to KeSetEvent has Wait set to true while in a pageable segment.",
5454
"scope" : "domainspecific",
5555
"security.severity" : "Low"
5656
}
5757
} ]
5858
},
5959
"extensions" : [ {
6060
"name" : "microsoft/windows-drivers",
61-
"semanticVersion" : "0.2.0+234ee9b709196a3a802b2c02ad7945ba0dfb0ac0",
61+
"semanticVersion" : "0.2.0+143fe74d66f4093412a7b21390672217b557bba2",
6262
"locations" : [ {
6363
"uri" : "file:///C:/codeql-home/Windows-Driver-Developer-Supplemental-Tools/src/",
6464
"description" : {
@@ -165,14 +165,14 @@
165165
}
166166
} ],
167167
"results" : [ {
168-
"ruleId" : "cpp/drivers/ke-set-event-irql",
168+
"ruleId" : "cpp/drivers/ke-set-event-pageable",
169169
"ruleIndex" : 0,
170170
"rule" : {
171-
"id" : "cpp/drivers/ke-set-event-irql",
171+
"id" : "cpp/drivers/ke-set-event-pageable",
172172
"index" : 0
173173
},
174174
"message" : {
175-
"text" : "[KeSetEventIrql_Fail2](1): KeSetEvent should not be called with the Wait parameter set to true when in a paged function."
175+
"text" : "[KeSetEventIrql_Fail2](1): KeSetEvent should not be called with the Wait parameter set to true when in a pageable segment."
176176
},
177177
"locations" : [ {
178178
"physicalLocation" : {
@@ -211,14 +211,14 @@
211211
}
212212
} ]
213213
}, {
214-
"ruleId" : "cpp/drivers/ke-set-event-irql",
214+
"ruleId" : "cpp/drivers/ke-set-event-pageable",
215215
"ruleIndex" : 0,
216216
"rule" : {
217-
"id" : "cpp/drivers/ke-set-event-irql",
217+
"id" : "cpp/drivers/ke-set-event-pageable",
218218
"index" : 0
219219
},
220220
"message" : {
221-
"text" : "[KeSetEventIrql_Fail1](1): KeSetEvent should not be called with the Wait parameter set to true when in a paged function."
221+
"text" : "[KeSetEventIrql_Fail1](1): KeSetEvent should not be called with the Wait parameter set to true when in a pageable segment."
222222
},
223223
"locations" : [ {
224224
"physicalLocation" : {

src/drivers/general/queries/KeSetEventPaged/driver_snippet.c renamed to src/drivers/general/queries/KeSetEventPageable/driver_snippet.c

File renamed without changes.

src/drivers/test/build_create_analyze_test.cmd

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ call :test IllegalFieldWrite WDMTestTemplate wdm queries
3232
call :test IllegalFieldAccess2 WDMTestTemplate wdm queries
3333
call :test RoutineFunctionTypeNotExpected WDMTestTemplate general queries
3434
call :test KeSetEventIrql WDMTestTemplate general queries\experimental
35-
call :test KeSetEventPaged WDMTestTemplate general queries
35+
call :test KeSetEventPageable WDMTestTemplate general queries
3636

3737
exit /b 0
3838

File renamed without changes.

src/drivers/test/diff/KeWaitLocal.sarif

Lines changed: 5 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,28 +1,17 @@
11
{
22
"all": {
3-
"+": 1,
4-
"-": 1
3+
"+": 0,
4+
"-": 0
55
},
66
"error": {
77
"+": 0,
88
"-": 0,
99
"codes": []
1010
},
1111
"warning": {
12-
"+": 1,
13-
"-": 1,
14-
"codes": [
15-
[
16-
"cpp/drivers/kewaitlocal-requires-kernel-mode [good_use](1): KeWaitForSingleObject should have a KernelMode AccessMode when the [first argument](2) is local",
17-
0,
18-
1
19-
],
20-
[
21-
"cpp/drivers/kewaitlocal-requires-kernel-mode KeWaitForSingleObject should have a KernelMode AccessMode when the first argument is local",
22-
1,
23-
0
24-
]
25-
]
12+
"+": 0,
13+
"-": 0,
14+
"codes": []
2615
},
2716
"note": {
2817
"+": 0,
Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
{
2+
"all": {
3+
"+": 0,
4+
"-": 0
5+
},
6+
"error": {
7+
"+": 0,
8+
"-": 0,
9+
"codes": []
10+
},
11+
"warning": {
12+
"+": 0,
13+
"-": 0,
14+
"codes": []
15+
},
16+
"note": {
17+
"+": 0,
18+
"-": 0,
19+
"codes": []
20+
}
21+
}

src/drivers/wdm/queries/KeWaitLocal/KeWaitLocal.sarif

Lines changed: 138 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,23 @@
66
"driver" : {
77
"name" : "CodeQL",
88
"organization" : "GitHub",
9-
"semanticVersion" : "2.11.5",
9+
"semanticVersion" : "2.15.1",
10+
"notifications" : [ {
11+
"id" : "cpp/baseline/expected-extracted-files",
12+
"name" : "cpp/baseline/expected-extracted-files",
13+
"shortDescription" : {
14+
"text" : "Expected extracted files"
15+
},
16+
"fullDescription" : {
17+
"text" : "Files appearing in the source archive that are expected to be extracted."
18+
},
19+
"defaultConfiguration" : {
20+
"enabled" : true
21+
},
22+
"properties" : {
23+
"tags" : [ "expected-extracted-files", "telemetry" ]
24+
}
25+
} ],
1026
"rules" : [ {
1127
"id" : "cpp/drivers/kewaitlocal-requires-kernel-mode",
1228
"name" : "cpp/drivers/kewaitlocal-requires-kernel-mode",
@@ -42,7 +58,7 @@
4258
},
4359
"extensions" : [ {
4460
"name" : "microsoft/windows-drivers",
45-
"semanticVersion" : "0.1.0+c5706b97bc9d314a2dabbf2421005784dd3c1303",
61+
"semanticVersion" : "0.2.0+143fe74d66f4093412a7b21390672217b557bba2",
4662
"locations" : [ {
4763
"uri" : "file:///C:/codeql-home/Windows-Driver-Developer-Supplemental-Tools/src/",
4864
"description" : {
@@ -54,28 +70,99 @@
5470
"text" : "The QL pack definition file."
5571
}
5672
} ]
73+
} ]
74+
},
75+
"invocations" : [ {
76+
"toolExecutionNotifications" : [ {
77+
"locations" : [ {
78+
"physicalLocation" : {
79+
"artifactLocation" : {
80+
"uri" : "driver/driver_snippet.c",
81+
"uriBaseId" : "%SRCROOT%",
82+
"index" : 0
83+
}
84+
}
85+
} ],
86+
"message" : {
87+
"text" : ""
88+
},
89+
"level" : "none",
90+
"descriptor" : {
91+
"id" : "cpp/baseline/expected-extracted-files",
92+
"index" : 0
93+
},
94+
"properties" : {
95+
"formattedMessage" : {
96+
"text" : ""
97+
}
98+
}
5799
}, {
58-
"name" : "legacy-upgrades",
59-
"semanticVersion" : "0.0.0",
60100
"locations" : [ {
61-
"uri" : "file:///C:/codeql-home/codeql/legacy-upgrades/",
62-
"description" : {
63-
"text" : "The QL pack root directory."
101+
"physicalLocation" : {
102+
"artifactLocation" : {
103+
"uri" : "driver/fail_driver1.c",
104+
"uriBaseId" : "%SRCROOT%",
105+
"index" : 1
106+
}
64107
}
65-
}, {
66-
"uri" : "file:///C:/codeql-home/codeql/legacy-upgrades/qlpack.yml",
67-
"description" : {
68-
"text" : "The QL pack definition file."
108+
} ],
109+
"message" : {
110+
"text" : ""
111+
},
112+
"level" : "none",
113+
"descriptor" : {
114+
"id" : "cpp/baseline/expected-extracted-files",
115+
"index" : 0
116+
},
117+
"properties" : {
118+
"formattedMessage" : {
119+
"text" : ""
69120
}
70-
} ]
71-
} ]
72-
},
121+
}
122+
}, {
123+
"locations" : [ {
124+
"physicalLocation" : {
125+
"artifactLocation" : {
126+
"uri" : "driver/fail_driver1.h",
127+
"uriBaseId" : "%SRCROOT%",
128+
"index" : 2
129+
}
130+
}
131+
} ],
132+
"message" : {
133+
"text" : ""
134+
},
135+
"level" : "none",
136+
"descriptor" : {
137+
"id" : "cpp/baseline/expected-extracted-files",
138+
"index" : 0
139+
},
140+
"properties" : {
141+
"formattedMessage" : {
142+
"text" : ""
143+
}
144+
}
145+
} ],
146+
"executionSuccessful" : true
147+
} ],
73148
"artifacts" : [ {
74149
"location" : {
75150
"uri" : "driver/driver_snippet.c",
76151
"uriBaseId" : "%SRCROOT%",
77152
"index" : 0
78153
}
154+
}, {
155+
"location" : {
156+
"uri" : "driver/fail_driver1.c",
157+
"uriBaseId" : "%SRCROOT%",
158+
"index" : 1
159+
}
160+
}, {
161+
"location" : {
162+
"uri" : "driver/fail_driver1.h",
163+
"uriBaseId" : "%SRCROOT%",
164+
"index" : 2
165+
}
79166
} ],
80167
"results" : [ {
81168
"ruleId" : "cpp/drivers/kewaitlocal-requires-kernel-mode",
@@ -85,7 +172,7 @@
85172
"index" : 0
86173
},
87174
"message" : {
88-
"text" : "KeWaitForSingleObject should have a KernelMode AccessMode when the first argument is local"
175+
"text" : "[good_use](1): KeWaitForSingleObject should have a KernelMode AccessMode when the [first argument](2) is local"
89176
},
90177
"locations" : [ {
91178
"physicalLocation" : {
@@ -104,7 +191,42 @@
104191
"partialFingerprints" : {
105192
"primaryLocationLineHash" : "61bc3c7079348327:1",
106193
"primaryLocationStartColumnFingerprint" : "0"
107-
}
194+
},
195+
"relatedLocations" : [ {
196+
"id" : 1,
197+
"physicalLocation" : {
198+
"artifactLocation" : {
199+
"uri" : "driver/driver_snippet.c",
200+
"uriBaseId" : "%SRCROOT%",
201+
"index" : 0
202+
},
203+
"region" : {
204+
"startLine" : 7,
205+
"startColumn" : 6,
206+
"endColumn" : 14
207+
}
208+
},
209+
"message" : {
210+
"text" : "good_use"
211+
}
212+
}, {
213+
"id" : 2,
214+
"physicalLocation" : {
215+
"artifactLocation" : {
216+
"uri" : "driver/driver_snippet.c",
217+
"uriBaseId" : "%SRCROOT%",
218+
"index" : 0
219+
},
220+
"region" : {
221+
"startLine" : 9,
222+
"startColumn" : 12,
223+
"endColumn" : 19
224+
}
225+
},
226+
"message" : {
227+
"text" : "first argument"
228+
}
229+
} ]
108230
} ],
109231
"columnKind" : "utf16CodeUnits",
110232
"properties" : {

src/suites/ported_driver_ca_checks.qls

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
- drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql
1111
- drivers/general/queries/IrqlNotSaved/IrqlNotSaved.ql
1212
- drivers/general/queries/IrqlNotUsed/IrqlNotUsed.ql
13+
- drivers/general/queries/RoutineFunctionTypeNotExpected/RoutineFunctionTypeNotExpected.ql
1314
- drivers/general/queries/PoolTagIntegral/PoolTagIntegral.ql
1415
- drivers/general/queries/WdkDeprecatedApis/wdk-deprecated-api.ql
1516
- drivers/kmdf/queries/StrSafe/StrSafe.ql

0 commit comments

Comments
 (0)