Skip to content

Commit c3e0a1c

Browse files
Merge pull request #109 from microsoft/development
Update main with latest changes
2 parents be4c77e + aa2af66 commit c3e0a1c

58 files changed

Lines changed: 5467 additions & 942 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/build-codeql.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ jobs:
3232
with:
3333
owner: "github"
3434
repo: "codeql-cli-binaries"
35-
tag: "v2.15.1"
35+
tag: "v2.15.4"
3636
file: "codeql-win64.zip"
3737

3838
- name: Unzip CodeQL CLI

README.md

Lines changed: 92 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -13,9 +13,9 @@ This repository contains open-source components for supplemental use in developi
1313
### Windows Hardware Compatibility Program Release Version Matrix
1414
| Release | Branch to use | CodeQL CLI version |
1515
|--------------------------|---------------|--------------------|
16-
| Windows Server 2022 | WHCP_21H2 | 2.4.6 |
17-
| Windows 11 | WHCP_21H2 | 2.4.6 |
18-
| Windows 11, version 22H2 | WHCP_22H2 | 2.6.3 |
16+
| Windows Server 2022 | WHCP_21H2 | 2.4.6 or 2.15.4 |
17+
| Windows 11 | WHCP_21H2 | 2.4.6 or 2.15.4 |
18+
| Windows 11, version 22H2 | WHCP_22H2 | 2.6.3 or 2.15.4 |
1919

2020
For general use, use the `main` branch along with [version 2.15.4 of the CodeQL CLI](https://github.com/github/codeql-cli-binaries/releases/tag/v2.15.4).
2121

@@ -28,30 +28,15 @@ For general use, use the `main` branch along with [version 2.15.4 of the CodeQL
2828
2929
1. Download the CodeQL CLI zip by selecting the asset associated with your OS and architecture (codeql-win64.zip, codeql-linux64.zip, etc.), then extract it to the directory you created in the previous step.
3030
31-
For the WHCP Program, use the CodeQL CLI version in accordance with the table above and Windows release you are certifying for: [version 2.4.6](https://github.com/github/codeql-cli-binaries/releases/tag/v2.4.6) or [version 2.6.3](https://github.com/github/codeql-cli-binaries/releases/tag/v2.6.3).
31+
**NOTE** Visual Studio 17.8 broke compatibility with the older versions of CodeQL used in the WHCP_21H2 and WHCP_22H2 branches. [CodeQL CLI version 2.15.4](https://github.com/github/codeql-cli-binaries/releases/tag/v2.15.4) has been validated for use with WHCP 21H2 and WHCP 22H2 when using Visual Studio 17.8 or greater.
32+
33+
For the WHCP Program, use the CodeQL CLI version in accordance with the table above and Windows release you are certifying for: [version 2.4.6](https://github.com/github/codeql-cli-binaries/releases/tag/v2.4.6), [version 2.6.3](https://github.com/github/codeql-cli-binaries/releases/tag/v2.6.3), or [version 2.15.4](https://github.com/github/codeql-cli-binaries/releases/tag/v2.15.4).
34+
35+
3236
3337
For general use with the `main` branch, use [CodeQL CLI version 2.15.4](https://github.com/github/codeql-cli-binaries/releases/tag/v2.15.4).
3438
35-
36-
1. Clone and install the Windows Driver Developer Supplemental Tools repository which contains the CodeQL queries specific for drivers:
37-
38-
For WHCP BRANCHES use:
39-
```
40-
D:\codeql-home\>git clone https://github.com/microsoft/Windows-Driver-Developer-Supplemental-Tools.git --recurse-submodules
41-
```
42-
43-
For MAIN AND DEVELOPMENT BRANCHES use:
44-
45-
```
46-
D:\codeql-home\>git clone https://github.com/microsoft/Windows-Driver-Developer-Supplemental-Tools.git
47-
```
48-
49-
Now you should have:
50-
```
51-
D:/codeql-home
52-
|--- codeql
53-
|--- Windows-Driver-Developer-Supplemental-Tools
54-
```
39+
5540
5641
1. Verify CodeQL is installed correctly by checking the version:
5742
```
@@ -64,15 +49,40 @@ For general use, use the `main` branch along with [version 2.15.4 of the CodeQL
6449
use 'codeql resolve qlpacks' and 'codeql resolve languages'.
6550
```
6651
67-
1. Install CodeQL Packages using `codeql pack install`
68-
69-
For WHCP BRANCHES: Skip this step.
52+
1. Install CodeQL Packages
53+
54+
For WHCP_21H2 and WHCP_22H2 branches:
55+
56+
1. If using Visual Studio 2022 17.8 or greater with WHCP_21H2 or WHCP_22H2 and CodeQL CLI version 2.15.4:
7057
71-
For MAIN AND DEVELOPMENT BRANCHES use:
58+
Follow the steps for "ALL OTHER BRANCHES." **Make sure to remove the CodeQL submodule if you still have an old version of the repo cloned.** CodeQL might try to use the queries in the submodule by default which will cause errors because of mismatched versions.
7259
73-
```
74-
D:\codeql-home\codeql>codeql pack install D:\codeql-home\Windows-Driver-Developer-Supplemental-Tools\src
60+
1. If using Visual Studio version 17.7 or below **AND** either WHCP_21H2 or WHCP_22H2 **AND** CodeQL VLI version 2.4.6 or 2.6.3:
61+
62+
Follow special instructions for WHCP_21H2 and WHCP_22H2 using VS17.7 at the end of this readme
63+
64+
65+
**For ALL OTHER BRANCHES:**
66+
67+
**Note:** It is no longer necessary to clone the Windows-Driver-Developer-Supplemental-Tools repo to use the queries for certification.
68+
69+
Download the latest version of the microsoft/windows-drivers pack:
7570
```
71+
codeql pack download microsoft/windows-drivers
72+
```
73+
CodeQL will install the microsoft/windows-drivers pack to the default directory `C:\Users\<current user>\.codeql\packages\microsoft\windows-drivers\<downloaded version>\`. Do not change this directory or move the installed pack.
74+
75+
<!-- Resolve dependencies for the pack:
76+
```
77+
codeql pack resolve-dependencies C:\Users\<current user>\.codeql\packages\microsoft\windows-drivers\1.0.2\ --no-strict-mode
78+
```
79+
80+
Install dependencies for the pack:
81+
```
82+
codeql pack install C:\Users\<current user>\.codeql\packages\microsoft\windows-drivers\1.0.2\
83+
```
84+
-->
85+
7686
7787
1. Build your CodeQL database:
7888
@@ -88,14 +98,27 @@ For general use, use the `main` branch along with [version 2.15.4 of the CodeQL
8898
1. Analyze your CodeQL database:
8999
90100
CodeQL's analysis output is provided in the form of a SARIF log file. For a human readable format, drop the SARIF file into [SARIF Viewer Website](https://microsoft.github.io/sarif-web-component/). (If there are violations, they will show up. If not, the page will not update.)
101+
102+
CodeQL query suites are provided in the suites directory and contain the sets of all recommended and mustfix queries. The desired query suite file should be downloaded/copied locally.
103+
104+
1. Create a local copy of the desired query suite file:
105+
106+
* windows_all_mustfix.qls
107+
* windows_all_recommended.qls
108+
109+
2. To analyze a CodeQL database run the following command:
91110
```
92-
D:\codeql-home\codeql>codeql database analyze <path to database> --format=sarifv2.1.0 --output=<"path to output file".sarif> <path to query/suite to run>
111+
codeql database analyze --download <path to database> <path to query suite .qls file> --format=sarifv2.1.0 --output=<outputname>.sarif
93112
```
94-
Example: `codeql database analyze D:\DriverDatabase --format=sarifv2.1.0 --output=D:\DriverAnalysis1.sarif D:\codeql-home\Windows-driver-developer-supplemental-tools\src\suites\windows_driver_mustfix.qls`
113+
**NOTE** The "--download" flag tells CodeQL to download dependencies before running the queries.
114+
115+
Specific versions, queries, or suites can be specified using the format `codeql database analyze <database> <scope>/<pack>@x.x.x:<path>`. For futher information, see the [CodeQL documentation](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs#using-a-codeql-pack-to-analyze-a-codeql-database).
116+
117+
118+
Example: `codeql database analyze --download D:\DriverDatabase suites/windows-all-recommended.qls --format=sarifv2.1.0 --output=D:\DriverAnalysis1.sarif `
95119
96-
_(Parameters: path to new database, format, output sarif file, path to CodeQL query or query suite to use in analysis.)_
120+
_(Parameters: path to new database, query pack, format, output sarif file)_
97121
98-
**Note**: Be sure to check the path to the suite or query you want to run, not every branch has the same file structure.
99122
100123
1. ***For WHCP Users Only***: Prepare to Create a Driver Verification Log (DVL):
101124
@@ -111,7 +134,9 @@ Windows drivers queries are in the `src/drivers` directory.
111134
112135
Non-driver Microsoft-specific queries provided by Microsoft are in the `src/microsoft` directory.
113136
114-
Query suites are located in the `src/suites` directory and contain the Must-Fix and Recommended-Fix suites used by the WHCP Program.
137+
Query suites are located in the `suites` directory and contain the Must-Fix and Recommended-Fix suites used by the WHCP Program.
138+
139+
115140
116141
## Contributing
117142
This project welcomes contributions, feedback, and suggestions!
@@ -146,3 +171,35 @@ trademarks or logos is subject to and must follow
146171
[Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general).
147172
Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.
148173
Any use of third-party trademarks or logos are subject to those third-party's policies.
174+
175+
176+
## Special instructions for WHCP_21H2 and WHCP_22H2 using VS17.7 or below
177+
These instructions only apply when using both Visual Studio 17.7 or below along with CodeQL 2.6.3 or 2.4.6
178+
179+
180+
1. Install CodeQL version as indicated in above steps.
181+
182+
1.
183+
Clone and install the Windows Driver Developer Supplemental Tools repository which contains the CodeQL queries specific for drivers:
184+
185+
```
186+
git clone https://github.com/microsoft/Windows-Driver-Developer-Supplemental-Tools.git --recurse-submodules
187+
```
188+
189+
Now you should have:
190+
191+
D:/codeql-home
192+
|--- codeql
193+
|--- Windows-Driver-Developer-Supplemental-Tools
194+
1. Analyze your CodeQL database
195+
```
196+
codeql database analyze <path to database> --format=sarifv2.1.0 --output=<"path to output file".sarif> <path to query/suite to run>
197+
```
198+
Example: `codeql database analyze D:\DriverDatabase --format=sarifv2.1.0 --output=D:\DriverAnalysis1.sarif D:\codeql-home\Windows-driver-developer-supplemental-tools\src\suites\windows_driver_mustfix.qls`
199+
200+
(Parameters: path to new database, format, output sarif file, path to CodeQL query or query suite to use in analysis.)
201+
202+
**Note:** Be sure to check the path to the suite or query you want to run, not every branch has the same file structure.
203+
204+
205+

src/codeql-pack.lock.yml

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,16 +3,12 @@ lockVersion: 1.0.0
33
dependencies:
44
codeql/cpp-all:
55
version: 0.12.1
6-
codeql/cpp-queries:
7-
version: 0.9.0
86
codeql/dataflow:
97
version: 0.1.4
108
codeql/rangeanalysis:
119
version: 0.0.3
1210
codeql/ssa:
1311
version: 0.2.4
14-
codeql/suite-helpers:
15-
version: 0.7.4
1612
codeql/tutorial:
1713
version: 0.2.4
1814
codeql/typetracking:
Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
// Copyright (c) Microsoft Corporation.
2+
// Licensed under the MIT license.
3+
/**
4+
* @id cpp/drivers/role-type-correctly-used
5+
* @kind problem
6+
* @name Incorrect Role Type Use
7+
* @description A function is declared with a role type but used as an argument in a function that expects a different role type for that argument.
8+
* @platform Desktop
9+
* @feature.area Multiple
10+
* @impact Insecure Coding Practice
11+
* @repro.text
12+
* @owner.email: sdat@microsoft.com
13+
* @opaqueid CQLD-C28147e
14+
* @problem.severity warning
15+
* @precision medium
16+
* @tags correctness
17+
* @scope domainspecific
18+
* @query-version v1
19+
*/
20+
21+
import cpp
22+
import drivers.libraries.RoleTypes
23+
import semmle.code.cpp.TypedefType
24+
25+
from ImplicitRoleTypeFunction irtf, Function f, string rtActual, string rtExpected
26+
where
27+
irtf.getActualRoleTypeString() != irtf.getExpectedRoleTypeString() and
28+
f = irtf.getFunctionUse().getTarget() and
29+
(
30+
if f instanceof RoleTypeFunction
31+
then rtActual = f.(RoleTypeFunction).getRoleTypeString()
32+
else rtActual = "<NO_ROLE_TYPE>"
33+
) and
34+
rtExpected = irtf.getExpectedRoleTypeString() and
35+
not isEqualRoleTypes(rtExpected, rtActual)
36+
select irtf.getFunctionUse(),
37+
"Function " + f.toString() + " declared with role type " + rtActual + " but role type " + rtExpected +
38+
" is expected."
39+
Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
2+
<qhelp>
3+
<overview>
4+
<p>
5+
Driver entry point functions should be declared with a function role type.
6+
</p>
7+
</overview>
8+
<recommendation>
9+
<p>
10+
Make sure the role type of the function being used matches the expected role type.
11+
</p>
12+
</recommendation>
13+
<example>
14+
<sample src="driver_snippet.c" />
15+
</example>
16+
<semmleNotes>
17+
<p>
18+
C++ functions not currently supported. See https://github.com/github/codeql/issues/14869
19+
</p>
20+
</semmleNotes>
21+
<references>
22+
<li>
23+
<a href="https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/declaring-functions-using-function-role-types-for-wdm-drivers">
24+
C28158 warning - Windows Drivers
25+
</a>
26+
</li>
27+
</references>
28+
</qhelp>

0 commit comments

Comments
 (0)