Skip to content

Commit 163198f

Browse files
authored
Merge pull request #80 from microsoft/development
RI of development branch to main.
2 parents 66e17ba + 71ffd58 commit 163198f

47 files changed

Lines changed: 1253 additions & 10091 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

src/drivers/general/queries/DefaultPoolTag/DefaultPoolTag.ql

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,23 +1,26 @@
11
// Copyright (c) Microsoft Corporation.
22
// Licensed under the MIT license.
33
/**
4-
* @name Use of string in pool tag instead of integral (C28147)
5-
* @description Driver should not allocate memory with the default tags of ' mdW' or ' kdD'.
4+
* @id cpp/drivers/default-pool-tag
5+
* @kind problem
6+
* @name Use of default pool tag in memory allocation (C28147)
7+
* @description Tagging memory with the default tags of ' mdW' or ' kdD' can make it difficult to debug allocations.
68
* @platform Desktop
79
* @feature.area Multiple
10+
* @impact Insecure Coding Practice
811
* @repro.text The following code locations call a pool allocation function with one of the default tags (' mdW' or ' kdD').
9-
* @kind problem
10-
* @id cpp/windows/drivers/queries/default-pool-tag
12+
* @owner.email: sdat@microsoft.com
13+
* @opaqueid CQLD-C28147
1114
* @problem.severity warning
1215
* @precision high
1316
* @tags correctness
17+
* @scope domainspecific
1418
* @query-version v1
1519
*/
1620

1721
import cpp
18-
import semmle.code.cpp.dataflow.DataFlow
1922

20-
/** Represents a pool allocation function (has a ULONG "Tag" field, a "Flags" field, and a size parameter.) */
23+
/** A pool allocation function (has a ULONG "Tag" field, a "Flags" field, and a size parameter.) */
2124
class PoolTypeFunction extends Function {
2225
PoolTypeFunction() {
2326
exists(Parameter p |
@@ -30,7 +33,7 @@ class PoolTypeFunction extends Function {
3033
}
3134
}
3235

33-
/** Represents a default pool tag (' mdw' or ' kdD'.) */
36+
/** A default pool tag (' mdw' or ' kdD'.) */
3437
class DefaultPoolTag extends Literal {
3538
DefaultPoolTag() {
3639
this.(CharLiteral).getValueText() = "' mdW'" or

src/drivers/general/queries/DefaultPoolTag/DefaultPoolTag.sarif

Lines changed: 20 additions & 534 deletions
Large diffs are not rendered by default.

src/drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,27 +1,33 @@
11
// Copyright (c) Microsoft Corporation.
22
// Licensed under the MIT license.
33
/**
4+
* @id cpp/drivers/extended-deprecated-apis
5+
* @kind problem
46
* @name Use of deprecated function or macro (C28719, C28726, C28735, C28750)
5-
* @description Unsafe, deprecated APIs should not be used. This is a port of Code Analysis checks C28719, C28726, and C28750.
7+
* @description Use of deprecated APIs causes correctness or safety issues. This is a port of Code Analysis checks C28719, C28726, and C28750.
68
* @platform Desktop
79
* @security.severity Low
810
* @impact Attack Surface Reduction
911
* @feature.area Multiple
1012
* @repro.text The following code locations contain calls to an unsafe, deprecated function or macro.
11-
* @kind problem
12-
* @id cpp/windows/drivers/queries/extended-deprecated-apis
13+
* @owner.email: sdat@microsoft.com
14+
* @opaqueid CQLD-C28719
1315
* @problem.severity warning
1416
* @precision high
1517
* @tags correctness
18+
* security
19+
* @scope generic
1620
* @query-version v1
1721
*/
1822

1923
import cpp
2024

25+
/** A function call targeting a deprecated API. */
2126
class ExtendedDeprecatedApiCall extends FunctionCall {
2227
ExtendedDeprecatedApiCall() { this.getTarget() instanceof ExtendedDeprecatedApi }
2328
}
2429

30+
/** Holds if the given string matches the name of a deprecated function or macro. */
2531
predicate matchesBannedApi(string input) {
2632
// Functions marked deprecated in C28719
2733
input =
@@ -68,6 +74,7 @@ predicate matchesBannedApi(string input) {
6874
input = any(["lstrlen", "lstrlenA", "lstrlenW"])
6975
}
7076

77+
/** A deprecated API. */
7178
class ExtendedDeprecatedApi extends Function {
7279
string name;
7380

@@ -77,6 +84,7 @@ class ExtendedDeprecatedApi extends Function {
7784
}
7885
}
7986

87+
/** A deprecated macro. */
8088
class ExtendedDeprecatedMacro extends Macro {
8189
string name;
8290

@@ -86,10 +94,12 @@ class ExtendedDeprecatedMacro extends Macro {
8694
}
8795
}
8896

97+
/** An invocation of a deprecated macro. */
8998
class ExtendedDeprecatedMacroInvocation extends MacroInvocation {
9099
ExtendedDeprecatedMacroInvocation() { this.getMacro() instanceof ExtendedDeprecatedMacro }
91100
}
92101

102+
/** A function call or macro invocation to a deprecated API. */
93103
class ExtendedDeprecatedCall extends Element {
94104
string name;
95105
string replacement;
@@ -442,6 +452,7 @@ class ExtendedDeprecatedCall extends Element {
442452
)
443453
}
444454

455+
/** Gets an error message describing the deprecated API and the standard replacement, if any. */
445456
string getMessage() {
446457
if replacement.matches("None")
447458
then

0 commit comments

Comments
 (0)