Merge branch 'elhouha-WFPContractQueries' of https://github.com/houha…

…2/Windows-Driver-Developer-Supplemental-Tools into elhouha-WFPContractQueries

README.md

@@ -119,7 +119,7 @@ This repository contains open-source components for supplemental use in developi
     Specific versions, queries, or suites can be specified using the format `codeql database analyze <database> <scope>/<pack>@x.x.x:<path>`. For futher information, see the [CodeQL documentation](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/publishing-and-using-codeql-packs#using-a-codeql-pack-to-analyze-a-codeql-database).
 
         
-    Example: `codeql database analyze --download D:\DriverDatabase suites/windows-all-recommended.qls --format=sarifv2.1.0 --output=D:\DriverAnalysis1.sarif `
+    Example: `codeql database analyze --download D:\DriverDatabase suites/windows_driver_recommended.qls --format=sarifv2.1.0 --output=D:\DriverAnalysis1.sarif `
 
     _(Parameters: path to new database, query pack, format, output sarif file)_
 

src/drivers/general/queries/IrqlTooHigh/IrqlTooHigh.ql

@@ -2,15 +2,15 @@
 // Licensed under the MIT license.
 /**
  * @id cpp/drivers/irql-too-high
- * @name IRQL too high (C28120)
+ * @name IRQL too high (C28121)
  * @description A function annotated with IRQL requirements was called at an IRQL too high for the requirements.
  * @platform Desktop
  * @security.severity Low
  * @feature.area Multiple
  * @impact Exploitable Design
  * @repro.text The following function call is taking place at an IRQL too high for what the call target is annotated as.
  * @owner.email sdat@microsoft.com
- * @opaqueid CQLD-C28120
+ * @opaqueid CQLD-C28121
  * @kind problem
  * @problem.severity warning
  * @precision medium

src/drivers/general/queries/IrqlTooHigh/IrqlTooHigh.sarif

@@ -6,7 +6,7 @@
       "driver" : {
         "name" : "CodeQL",
         "organization" : "GitHub",
-        "semanticVersion" : "2.14.4",
+        "semanticVersion" : "2.15.4",
         "notifications" : [ {
           "id" : "cpp/baseline/expected-extracted-files",
           "name" : "cpp/baseline/expected-extracted-files",
@@ -27,7 +27,7 @@
           "id" : "cpp/drivers/irql-too-high",
           "name" : "cpp/drivers/irql-too-high",
           "shortDescription" : {
-            "text" : "IRQL too high (C28120)"
+            "text" : "IRQL too high (C28121)"
           },
           "fullDescription" : {
             "text" : "A function annotated with IRQL requirements was called at an IRQL too high for the requirements."
@@ -43,8 +43,8 @@
             "id" : "cpp/drivers/irql-too-high",
             "impact" : "Exploitable Design",
             "kind" : "problem",
-            "name" : "IRQL too high (C28120)",
-            "opaqueid" : "CQLD-C28120",
+            "name" : "IRQL too high (C28121)",
+            "opaqueid" : "CQLD-C28121",
             "owner.email" : "sdat@microsoft.com",
             "platform" : "Desktop",
             "precision" : "medium",
@@ -58,7 +58,7 @@
       },
       "extensions" : [ {
         "name" : "microsoft/windows-drivers",
-        "semanticVersion" : "0.2.0+4842fd4116871d3b47eede85c2c4497b43c34d57",
+        "semanticVersion" : "1.1.0+2affc3c634804dac7504a483a378cc9ba22a0f0b",
         "locations" : [ {
           "uri" : "file:///C:/codeql-home/Windows-Driver-Developer-Supplemental-Tools/src/",
           "description" : {

src/drivers/general/queries/IrqlTooLow/IrqlTooLow.ql

@@ -2,15 +2,15 @@
 // Licensed under the MIT license.
 /**
  * @id cpp/drivers/irql-too-low
- * @name IRQL too low (C28121)
+ * @name IRQL too low (C28120)
  * @description A function annotated with IRQL requirements was called at an IRQL too low for the requirements.
  * @platform Desktop
  * @security.severity Low
  * @feature.area Multiple
  * @impact Exploitable Design
  * @repro.text The following function call is taking place at an IRQL too low for what the call target is annotated as.
  * @owner.email sdat@microsoft.com
- * @opaqueid CQLD-C28121
+ * @opaqueid CQLD-C28120
  * @kind problem
  * @problem.severity warning
  * @precision medium

src/drivers/general/queries/IrqlTooLow/IrqlTooLow.sarif

@@ -6,7 +6,7 @@
       "driver" : {
         "name" : "CodeQL",
         "organization" : "GitHub",
-        "semanticVersion" : "2.14.4",
+        "semanticVersion" : "2.15.4",
         "notifications" : [ {
           "id" : "cpp/baseline/expected-extracted-files",
           "name" : "cpp/baseline/expected-extracted-files",
@@ -27,7 +27,7 @@
           "id" : "cpp/drivers/irql-too-low",
           "name" : "cpp/drivers/irql-too-low",
           "shortDescription" : {
-            "text" : "IRQL too low (C28121)"
+            "text" : "IRQL too low (C28120)"
           },
           "fullDescription" : {
             "text" : "A function annotated with IRQL requirements was called at an IRQL too low for the requirements."
@@ -43,8 +43,8 @@
             "id" : "cpp/drivers/irql-too-low",
             "impact" : "Exploitable Design",
             "kind" : "problem",
-            "name" : "IRQL too low (C28121)",
-            "opaqueid" : "CQLD-C28121",
+            "name" : "IRQL too low (C28120)",
+            "opaqueid" : "CQLD-C28120",
             "owner.email" : "sdat@microsoft.com",
             "platform" : "Desktop",
             "precision" : "medium",
@@ -58,7 +58,7 @@
       },
       "extensions" : [ {
         "name" : "microsoft/windows-drivers",
-        "semanticVersion" : "0.2.0+4842fd4116871d3b47eede85c2c4497b43c34d57",
+        "semanticVersion" : "1.1.0+2affc3c634804dac7504a483a378cc9ba22a0f0b",
         "locations" : [ {
           "uri" : "file:///C:/codeql-home/Windows-Driver-Developer-Supplemental-Tools/src/",
           "description" : {

src/drivers/general/queries/MultithreadedAVCondition/MultithreadedAVCondition.qhelp

@@ -0,0 +1,55 @@
+<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
+<qhelp>
+	<overview>
+		<p>
+			This warning indicates that a thread has potential to access deleted objects if preempted. Unlike the Code Analysis version of this query, this query does not currently verify the use of any synchronization mechanisms, so it may produce false positives.
+		</p>
+	</overview>
+	<recommendation>
+		<p>
+			There should be no access to a reference-counted object after the reference count is at zero
+		</p>
+	</recommendation>
+	<example>
+		<p>
+			In this example, m_cRef is a member of this. A thread T1 executes the if condition, decrements m_cRef to 1, and is then preempted. Another thread T2 executes the if condition, decrements m_cRef to 0, executes the if body (where this is deleted), and returns NULL.		
+		</p>
+			<sample language="c"><![CDATA[
+			ULONG Release_bad()
+			{
+				if (0 == InterlockedDecrement(&m_cRef))
+				{
+					delete this;
+					return NULL;
+				}
+				/* this.m_cRef isn't thread safe */
+				return m_cRef;
+			}
+			]]>
+		</sample>
+		<p>
+			The following code does not reference any heap memory after the object is deleted.
+		</p>
+		<sample language="c"><![CDATA[
+		ULONG CObject::Release()
+		{
+			ASSERT(0 != m_cRef);
+			ULONG cRef = InterlockedDecrement(&m_cRef);
+			if (0 == cRef)
+			{
+				delete this;
+				return NULL;
+			}
+			return cRef;
+		}
+		]]>
+		</sample>
+	</example>
+	<references>
+		<li>
+			<a href="https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/28616-multithreaded-av-condition">
+				Warning C28616
+			</a>
+		</li>
+	</references>
+</qhelp>

src/drivers/general/queries/MultithreadedAVCondition/MultithreadedAVCondition.ql

@@ -10,7 +10,7 @@
  * @impact Exploitable Design
  * @repro.text There should be no access to a reference-counted object after the reference count is at zero
  * @owner.email sdat@microsoft.com
- * @opaqueid CQLD-D0006
+ * @opaqueid CQLD-C28616
  * @kind problem
  * @problem.severity warning
  * @precision medium

src/drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.ql

@@ -10,7 +10,7 @@
  * @impact Insecure Coding Practice
  * @repro.text
  * @owner.email: sdat@microsoft.com
- * @opaqueid CQLD-C28158
+ * @opaqueid CQLD-D0007
  * @problem.severity warning
  * @precision medium
  * @tags correctness

src/drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.sarif

@@ -44,27 +44,27 @@
             "impact" : "Insecure Coding Practice",
             "kind" : "problem",
             "name" : "Incorrect Role Type Use",
-            "opaqueid" : "CQLD-C28158",
+            "opaqueid" : "CQLD-D0007",
             "owner.email:" : "sdat@microsoft.com",
             "platform" : "Desktop",
             "precision" : "medium",
             "problem.severity" : "warning",
-            "query-version" : "v1",
+            "query-version" : "v2",
             "repro.text" : "",
             "scope" : "domainspecific"
           }
         } ]
       },
       "extensions" : [ {
         "name" : "microsoft/windows-drivers",
-        "semanticVersion" : "1.0.12+54db165bcee31f7827c56bf2bb9a408d8a4db4fe",
+        "semanticVersion" : "1.1.0+2affc3c634804dac7504a483a378cc9ba22a0f0b",
         "locations" : [ {
-          "uri" : "file:///C:/codeql-home/WDDST/src/",
+          "uri" : "file:///C:/codeql-home/Windows-Driver-Developer-Supplemental-Tools/src/",
           "description" : {
             "text" : "The QL pack root directory."
           }
         }, {
-          "uri" : "file:///C:/codeql-home/WDDST/src/qlpack.yml",
+          "uri" : "file:///C:/codeql-home/Windows-Driver-Developer-Supplemental-Tools/src/qlpack.yml",
           "description" : {
             "text" : "The QL pack definition file."
           }
@@ -76,9 +76,9 @@
         "locations" : [ {
           "physicalLocation" : {
             "artifactLocation" : {
-              "uri" : "driver/driver_snippet.c",
+              "uri" : "driver/fail_driver1.c",
               "uriBaseId" : "%SRCROOT%",
-              "index" : 0
+              "index" : 1
             }
           }
         } ],
@@ -99,9 +99,9 @@
         "locations" : [ {
           "physicalLocation" : {
             "artifactLocation" : {
-              "uri" : "driver/fail_driver1.c",
+              "uri" : "driver/driver_snippet.c",
               "uriBaseId" : "%SRCROOT%",
-              "index" : 1
+              "index" : 0
             }
           }
         } ],