diff --git a/.github/workflows/build-codeql.yaml b/.github/workflows/build-codeql.yaml index 2c9a8b36..7554df4c 100644 --- a/.github/workflows/build-codeql.yaml +++ b/.github/workflows/build-codeql.yaml @@ -14,7 +14,7 @@ on: workflow_dispatch: env: - CODEQL_VERSION: 2.20.1 + CODEQL_VERSION: 2.20.4 jobs: build: @@ -52,11 +52,11 @@ jobs: - name: Build must-fix driver suite shell: cmd - run: .\codeql-cli\codeql.cmd query compile --check-only windows_mustfix_partial.qls + run: .\codeql-cli\codeql.cmd query compile --check-only mustfix.qls - name: Build recommended driver suite shell: cmd - run: .\codeql-cli\codeql.cmd query compile --check-only windows_recommended_partial.qls + run: .\codeql-cli\codeql.cmd query compile --check-only recommended.qls - name: Build CA ported queries shell: cmd @@ -196,15 +196,15 @@ jobs: shell: pwsh run: $qlpack_diff = git diff HEAD~1:src/qlpack.yml src/qlpack.yml; - $rec_diff = git diff HEAD~1:src/windows-driver-suites/windows_recommended_partial.qls src/windows-driver-suites/windows_recommended_partial.qls; - $mf_diff = git diff HEAD~1:src/windows-driver-suites/windows_mustfix_partial.qls src/windows-driver-suites/windows_mustfix_partial.qls; + $rec_diff = git diff HEAD~1:src/windows-driver-suites/recommended.qls src/windows-driver-suites/recommended.qls; + $mf_diff = git diff HEAD~1:src/windows-driver-suites/mustfix.qls src/windows-driver-suites/mustfix.qls; if (!$qlpack_diff -and ($rec_diff -or $mf_diff)) { "Query suite file updated without updating qlpack version"; exit 1 } $last_qlpack_commit = git log -n 1 --pretty=format:%H -- src/qlpack.yml; $qlpack_changes =git show $last_qlpack_commit -- .\src\qlpack.yml; - $last_mf_commit = git log -n 1 --pretty=format:%H -- src/windows-driver-suites/windows_mustfix_partial.qls; - $last_rec_commit = git log -n 1 --pretty=format:%H -- src/windows-driver-suites/windows_recommended_partial.qls; + $last_mf_commit = git log -n 1 --pretty=format:%H -- src/windows-driver-suites/mustfix.qls; + $last_rec_commit = git log -n 1 --pretty=format:%H -- src/windows-driver-suites/recommended.qls; $commits_since_qlpack_change = [int](git rev-list --count HEAD...$last_qlpack_commit); $commits_since_mf_change = [int](git rev-list --count HEAD...$last_mf_commit); $commits_since_rec_change = [int](git rev-list --count HEAD...$last_rec_commit); @@ -214,7 +214,7 @@ jobs: try{$old_qlpack_version = [version]($qlpack_changes -match "-version").Substring(10);} catch {"Changed qlpack.yml without updating version"; exit 1 } try{$new_qlpack_version = [version]($qlpack_changes -match "\+version").Substring(10);} catch {"Changed qlpack.yml without updating version"; exit 1 } - if ($new_qlpack_version -gt $old_qlpack_version) { exit 0 } else { "qlpack.yml version not incremented"; exit 1 } + if ($new_qlpack_version -gt $old_qlpack_version) { exit 0 } else { "qlpack.yml version not incremented. Previously updated to version $old_qlpack_version, current version $new_qlpack_version"; exit 1 } test-create-dvl: runs-on: windows-latest diff --git a/README.md b/README.md index f1576298..38a5633b 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ This repository contains open-source components for supplemental use in developi | CodeQL CLI version | microsoft/windows-drivers qlpack version | codeql/cpp-queries version |Associated Repo Branch| |--------------------------|-------------------------------------------|------------------------|------------------------| -| 2.15.4 | latest | latest |main | +| latest | latest | latest |main | ### For Windows Hardware Compatibility Program Use diff --git a/src/codeql-pack.lock.yml b/src/codeql-pack.lock.yml index 2251772c..36cff06d 100644 --- a/src/codeql-pack.lock.yml +++ b/src/codeql-pack.lock.yml @@ -11,6 +11,8 @@ dependencies: version: 1.0.16 codeql/ssa: version: 1.0.16 + codeql/suite-helpers: + version: 1.0.16 codeql/tutorial: version: 1.0.16 codeql/typeflow: @@ -21,4 +23,6 @@ dependencies: version: 2.0.3 codeql/xml: version: 1.0.16 + microsoft/cpp-queries: + version: 0.0.2 compiled: false diff --git a/src/drivers/general/queries/PointerVariableSize/PointerVariableSize.ql b/src/drivers/general/queries/PointerVariableSize/PointerVariableSize.ql index 7cfa953e..9310a832 100644 --- a/src/drivers/general/queries/PointerVariableSize/PointerVariableSize.ql +++ b/src/drivers/general/queries/PointerVariableSize/PointerVariableSize.ql @@ -21,7 +21,7 @@ import cpp -from SizeofExprOperator e, VariableAccess va, AddressOfExpr a +from SizeofExprOperator e, VariableAccess va where va = e.getExprOperand() and va.getTarget().getUnspecifiedType() instanceof PointerType diff --git a/src/drivers/kmdf/queries/experimental/DeviceInitApi/DeviceInitApi.ql b/src/drivers/kmdf/queries/experimental/DeviceInitApi/DeviceInitApi.ql index 1f98f816..6c8fae84 100644 --- a/src/drivers/kmdf/queries/experimental/DeviceInitApi/DeviceInitApi.ql +++ b/src/drivers/kmdf/queries/experimental/DeviceInitApi/DeviceInitApi.ql @@ -7,7 +7,7 @@ * @kind path-problem * @problem.severity error * @precision medium - * @id cpp/windows/wdk/kmdf/DeviceInitApi + * @id cpp/windows/wdk/kmdf/device-init-api * @tags correctness * @query-version v1 */ diff --git a/src/drivers/test/build_create_analyze_test.py b/src/drivers/test/build_create_analyze_test.py index 1fddd838..97abfff1 100644 --- a/src/drivers/test/build_create_analyze_test.py +++ b/src/drivers/test/build_create_analyze_test.py @@ -189,7 +189,7 @@ def upload_results_to_azure(file_to_upload, file_name, file_directory): file_service = FileService(connection_string=args.connection_string) file_service.create_file_from_path(share_name=args.share_name, file_name=file_name, directory_name=file_directory, local_file_path=file_to_upload, content_settings=ContentSettings(content_type='application/vnd.openxmlformats-officedocument.spreadsheetml.sheet')) -def download_file_from_azure(file_to_download, file_name, file_directory): +def download_file_from_azure(out_file_path, file_name, file_directory): """ Downloads a file from Azure. @@ -200,7 +200,7 @@ def download_file_from_azure(file_to_download, file_name, file_directory): None """ file_service = FileService(connection_string=args.connection_string) - file = file_service.get_file_to_path(share_name=args.share_name, file_name=file_name, directory_name=file_directory, file_path=file_to_download) + file = file_service.get_file_to_path(share_name=args.share_name, file_name=file_name, directory_name=file_directory, file_path=out_file_path) return file.name def get_git_root(): @@ -250,7 +250,7 @@ def find_ql_test_paths(directory, extension): # exclude wfp folder until correct test template is added ignore_paths = ["wfp", "QueryTemplate", "TestTemplate", ".vs"] root = root.replace("\\", "/") - if any(path in ignore_paths for x in root.split("/")): + if any(path in ignore_paths for path in root.split("/")): print_conditionally("Skipping: " + root) continue if "TestTemplate" in root: @@ -265,6 +265,7 @@ def find_ql_test_paths(directory, extension): ql_obj = ql_test_attributes(use_ntifs=use_ntifs, use_cpp=use_cpp) ql_obj.set_use_cpp(use_cpp) ql_files_map[os.path.join(root, file)] = ql_obj + print_conditionally("Found: " + os.path.join(root, file)) return ql_files_map @@ -780,14 +781,14 @@ def run_tests_external_drivers(ql_tests_dict): result_file = "external_drivers_results.xlsx" with pd.ExcelWriter(result_file) as writer: health_df.to_excel(writer, sheet_name="Results") - codeql_version_df.to_excel(writer, sheet_name="CodeQL Version") - codeql_packs_df.to_excel(writer, sheet_name="CodeQL Packs") - system_info_df.to_excel(writer, sheet_name="System Info") + local_codeql_version_df.to_excel(writer, sheet_name="Local CodeQL Version") + local_codeql_packs_df.to_excel(writer, sheet_name="Local CodeQL Packs") + local_system_info_df.to_excel(writer, sheet_name="Local System Info") with pd.ExcelWriter("detailed" + result_file) as writer: detailed_health_df.to_excel(writer, sheet_name="Results") - codeql_version_df.to_excel(writer, sheet_name="CodeQL Version") - codeql_packs_df.to_excel(writer, sheet_name="CodeQL Packs") - system_info_df.to_excel(writer, sheet_name="System Info") + local_codeql_version_df.to_excel(writer, sheet_name="Local CodeQL Version") + local_codeql_packs_df.to_excel(writer, sheet_name="Local CodeQL Packs") + local_system_info_df.to_excel(writer, sheet_name="Local System Info") if args.compare_results: compare_health_results("detailed"+result_file) compare_health_results(result_file) @@ -838,9 +839,8 @@ def compare_health_results(curr_results_path): try: prev_results = 'azure-'+curr_results_path print_conditionally("Downloading previous results from Azure: " + prev_results) - temp_file = download_file_from_azure(file_to_download=prev_results, + _ = download_file_from_azure(out_file_path=prev_results, file_name=curr_results_path, file_directory="") - print_conditionally("Downloaded previous results: " + temp_file) except Exception as e: if "ResourceNotFound" in str(e): @@ -853,7 +853,7 @@ def compare_health_results(curr_results_path): prev_results_df = pd.read_excel(prev_results, index_col=0, sheet_name=0) prev_results_codeql_version_df = pd.read_excel(prev_results, index_col=0, sheet_name=1) prev_results_codeql_packs_df = pd.read_excel(prev_results, index_col=0, sheet_name=2) - prev_results_system_info_df = pd.read_excel(prev_results, index_col=0, sheet_name=3) + prev_results_local_system_info_df = pd.read_excel(prev_results, index_col=0, sheet_name=3) curr_results_df = pd.read_excel(curr_results_path, index_col=0, sheet_name=0) print_conditionally("Comparing results...") print_conditionally("Previous results: ", prev_results) @@ -879,16 +879,29 @@ def compare_health_results(curr_results_path): with pd.ExcelWriter("diff" + curr_results_path) as writer: diff_results.to_excel(writer, sheet_name="Diff") - codeql_version_df.to_excel(writer, sheet_name="Current CodeQL Version") - codeql_packs_df.to_excel(writer, sheet_name="Current CodeQL Packs") - system_info_df.to_excel(writer, sheet_name="Current System Info") - prev_results_codeql_version_df.to_excel(writer, sheet_name="Previous CodeQL Version") - prev_results_codeql_packs_df.to_excel(writer, sheet_name="Previous CodeQL Packs") - prev_results_system_info_df.to_excel(writer, sheet_name="Previous System Info") + local_codeql_version_df.to_excel(writer, sheet_name="Local CodeQL Version") + local_codeql_packs_df.to_excel(writer, sheet_name="Local CodeQL Packs") + local_system_info_df.to_excel(writer, sheet_name="Local System Info") + prev_results_codeql_version_df.to_excel(writer, sheet_name="Last Stored CodeQL Version") + prev_results_codeql_packs_df.to_excel(writer, sheet_name="Last Stored CodeQL Packs") + prev_results_local_system_info_df.to_excel(writer, sheet_name="Last Stored System Info") print_conditionally("Saved diff results") if not args.local_result_storage: # upload new results to Azure + if args.overwrite_azure_results: + print("!! Overwriting Azure results !!") + print("Type 'yes' to confirm") + confirm = input() + if confirm != "yes": + print("Exiting") + exit(1) + else: + double_confirm = input("Are you sure?") + if double_confirm != "yes": + print("Exiting") + exit(1) + if args.overwrite_azure_results: print_conditionally("Uploading results") upload_results_to_azure(file_to_upload=curr_results_path, @@ -934,14 +947,14 @@ def run_tests(ql_tests_dict): result_file = "functiontestresults.xlsx" with pd.ExcelWriter(result_file) as writer: health_df.to_excel(writer, sheet_name="Results") - codeql_version_df.to_excel(writer, sheet_name="CodeQL Version") - codeql_packs_df.to_excel(writer, sheet_name="CodeQL Packs") - system_info_df.to_excel(writer, sheet_name="System Info") + local_codeql_version_df.to_excel(writer, sheet_name="Local CodeQL Version") + local_codeql_packs_df.to_excel(writer, sheet_name="Local CodeQL Packs") + local_system_info_df.to_excel(writer, sheet_name="Local System Info") with pd.ExcelWriter("detailed"+result_file) as writer: detailed_health_df.to_excel(writer, sheet_name="Results") - codeql_version_df.to_excel(writer, sheet_name="CodeQL Version") - codeql_packs_df.to_excel(writer, sheet_name="CodeQL Packs") - system_info_df.to_excel(writer, sheet_name="System Info") + local_codeql_version_df.to_excel(writer, sheet_name="Local CodeQL Version") + local_codeql_packs_df.to_excel(writer, sheet_name="Local CodeQL Packs") + local_system_info_df.to_excel(writer, sheet_name="Local System Info") if args.compare_results: compare_health_results("detailed"+result_file) compare_health_results(result_file) @@ -1008,26 +1021,18 @@ def find_sln_file(path): parser.add_argument('--overwrite_azure_results', help='Overwrite Azure results',action='store_true',required=False,) parser.add_argument('--build_database_only', help='Build database only',action='store_true',required=False,) args = parser.parse_args() - - if args.overwrite_azure_results: - print("Overwriting Azure results") - print("Type 'yes' to confirm") - confirm = input() - if confirm != "yes": - print("Exiting") - exit(1) - + if args.codeql_path: codeql_path = args.codeql_path else: codeql_path = "codeql" codeql_version = subprocess.run([codeql_path, "version"], capture_output=True) # test codeql is working - codeql_version_df = pd.DataFrame([x for x in codeql_version.stdout.decode().split('\n')]) + local_codeql_version_df = pd.DataFrame([x for x in codeql_version.stdout.decode().split('\n')]) codeql_packs = subprocess.run([codeql_path, "resolve", "qlpacks"], capture_output=True) - codeql_packs_df = pd.DataFrame([x for x in codeql_packs.stdout.decode().split('\n')]) + local_codeql_packs_df = pd.DataFrame([x for x in codeql_packs.stdout.decode().split('\n')]) system_info = subprocess.run(["systeminfo"], capture_output=True) - system_info_df = pd.DataFrame([x for x in system_info.stdout.decode().split('\n')]) + local_system_info_df = pd.DataFrame([x for x in system_info.stdout.decode().split('\n')]) if args.compare_results_no_build: diff --git a/src/microsoft/Likely Bugs/Boundary Violations/PaddingByteInformationDisclosure.ql b/src/microsoft/Likely Bugs/Boundary Violations/PaddingByteInformationDisclosure.ql index 54cfb442..3d801d19 100644 --- a/src/microsoft/Likely Bugs/Boundary Violations/PaddingByteInformationDisclosure.ql +++ b/src/microsoft/Likely Bugs/Boundary Violations/PaddingByteInformationDisclosure.ql @@ -2,6 +2,7 @@ // Licensed under the MIT license. /** + * @id cpp/paddingbyteinformationdisclosure * @name Possible information leakage from uninitialized padding bytes. * @description A newly allocated struct or class that is initialized member-by-member may * leak information if it includes padding bytes. @@ -9,9 +10,8 @@ * @problem.severity warning * @tags security * external/cwe/cwe-200 - * @opaque-id SM02320 + * @opaqueid SM02320 * @microsoft.severity Important - * @id cpp/paddingbyteinformationdisclosure */ import cpp diff --git a/src/microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql b/src/microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql index 48d537b4..5aa06e46 100644 --- a/src/microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql +++ b/src/microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql @@ -2,6 +2,7 @@ // Licensed under the MIT license. /** + * @id cpp/badoverflowguard * @name Bad overflow check * @description Checking for overflow of an addition by comparing against one * of the arguments of the addition fails if the size of all the @@ -12,9 +13,9 @@ * @tags security * external/cwe/cwe-190 * external/cwe/cwe-191 - * @opaque-id SM02324 * @microsoft.severity Important - * @id cpp/badoverflowguard + * @opaqueid SM02324 + * */ import cpp diff --git a/src/microsoft/Likely Bugs/Conversion/InfiniteLoop.ql b/src/microsoft/Likely Bugs/Conversion/InfiniteLoop.ql index db176bfb..2ff8b160 100644 --- a/src/microsoft/Likely Bugs/Conversion/InfiniteLoop.ql +++ b/src/microsoft/Likely Bugs/Conversion/InfiniteLoop.ql @@ -2,6 +2,7 @@ // Licensed under the MIT license. /** + * @id cpp/infiniteloop * @name Comparison of narrow type with wide type in loop condition * @description Comparisons between types of different widths in a loop * condition can cause the loop to fail to terminate. @@ -11,9 +12,8 @@ * security * external/cwe/cwe-190 * external/cwe/cwe-197 - * @opaque-id SM02323 + * @opaqueid SM02323 * @microsoft.severity Important - * @id cpp/infiniteloop */ import cpp diff --git a/src/microsoft/Likely Bugs/UninitializedPtrField.ql b/src/microsoft/Likely Bugs/UninitializedPtrField.ql index eb319f6a..af48b37d 100644 --- a/src/microsoft/Likely Bugs/UninitializedPtrField.ql +++ b/src/microsoft/Likely Bugs/UninitializedPtrField.ql @@ -2,6 +2,7 @@ // Licensed under the MIT license. /** + * @id cpp/uninitializedptrfield * @name Dereference of potentially uninitialized pointer field * @description A pointer field which was not initialized during or since class * construction will cause a null pointer dereference. @@ -9,9 +10,8 @@ * @problem.severity warning * @tags security * external/cwe/cwe-476 - * @opaque-id SM02310 + * @opaqueid SM02310 * @microsoft.severity Important - * @id cpp/uninitializedptrfield */ import cpp diff --git a/src/qlpack.yml b/src/qlpack.yml index a46cf93a..de72cb89 100644 --- a/src/qlpack.yml +++ b/src/qlpack.yml @@ -2,11 +2,12 @@ # Licensed under the MIT license. name: microsoft/windows-drivers -version: 1.3.1 +version: 1.5.0 dependencies: codeql/cpp-all: 4.0.0 + microsoft/cpp-queries: 0.0.2 suites: windows-driver-suites -defaultSuiteFile: windows-driver-suites/windows_recommended_partial.qls +defaultSuiteFile: windows-driver-suites/recommended.qls extractor: cpp licenses: MIT description: CodeQL queries designed for Windows device driver development. \ No newline at end of file diff --git a/src/windows-driver-suites/mustfix.qls b/src/windows-driver-suites/mustfix.qls new file mode 100644 index 00000000..85b45541 --- /dev/null +++ b/src/windows-driver-suites/mustfix.qls @@ -0,0 +1,43 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT license. + +- description: Security queries required to fix when certifying Windows Drivers +- queries: . + from: microsoft/windows-drivers +- include: + query path: + - drivers/general/queries/WdkDeprecatedApis/wdk-deprecated-api.ql + - microsoft/Security/CWE/CWE-704/WcharCharConversionLimited.ql +- queries: . + from: microsoft/cpp-queries + version: 0.0.2 +- include: + query path: + - Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql + - Likely Bugs/Format/WrongNumberOfFormatArguments.ql + - Likely Bugs/Memory Management/PointerOverflow.ql + - Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql + - Likely Bugs/OO/UnsafeUseOfThis.ql + - Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql + - Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql + - Likely Bugs/Underspecified Functions/TooFewArguments.ql + - Microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql + - Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql + - Microsoft/Security/Cryptography/BannedEncryption.ql + - Microsoft/Security/Cryptography/BannedModesCAPI.ql + - Microsoft/Security/Cryptography/BannedModesCNG.ql + - Microsoft/Security/Cryptography/HardcodedIVCNG.ql + - Microsoft/Security/MemoryAccess/EnumIndex/UncheckedBoundsEnumAsIndex.ql + - Security/CWE/CWE-078/ExecTainted.ql + - Security/CWE/CWE-114/UncontrolledProcessOperation.ql + - Security/CWE/CWE-120/BadlyBoundedWrite.ql + - Security/CWE/CWE-120/OverrunWrite.ql + - Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql + - Security/CWE/CWE-170/ImproperNullTerminationTainted.ql + - Security/CWE/CWE-190/ComparisonWithWiderType.ql + - Security/CWE/CWE-253/HResultBooleanConversion.ql + - Security/CWE/CWE-327/OpenSslHeartbleed.ql + - Security/CWE/CWE-676/DangerousFunctionOverflow.ql + - Security/CWE/CWE-676/DangerousUseOfCin.ql + - Security/CWE/CWE-704/WcharCharConversion.ql + - Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql \ No newline at end of file diff --git a/src/windows-driver-suites/recommended.qls b/src/windows-driver-suites/recommended.qls new file mode 100644 index 00000000..ad0bf9b8 --- /dev/null +++ b/src/windows-driver-suites/recommended.qls @@ -0,0 +1,79 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT license. + +- description: Recommended and required queries for Windows Drivers. +- import: windows-driver-suites/mustfix.qls +- queries: . + from: microsoft/windows-drivers +- include: + query path: + - drivers/general/queries/AnnotationSyntax/AnnotationSyntax.ql + - drivers/general/queries/CurrentFunctionTypeNotCorrect/CurrentFunctionTypeNotCorrect.ql + - drivers/general/queries/DefaultPoolTag/DefaultPoolTag.ql + - drivers/general/queries/DriverEntrySaveBuffer/DriverEntrySaveBuffer.ql + - drivers/general/queries/ExaminedValue/ExaminedValue.ql + - drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql + - drivers/general/queries/IRPStackEntryCopy/IRPStackEntryCopy.ql + - drivers/general/queries/ImportantFunctionCallOptimizedOut/ImportantFunctionCallOptimizedOut.ql + - drivers/general/queries/ImproperNotOperatorOnZero/ImproperNotOperatorOnZero.ql + - drivers/general/queries/InvalidFunctionClassTypedef/InvalidFunctionClassTypedef.ql + - drivers/general/queries/InvalidFunctionPointerAnnotation/InvalidFunctionPointerAnnotation.ql + - drivers/general/queries/IoInitializeTimerCall/IoInitializeTimerCall.ql + - drivers/general/queries/IrqlAnnotationIssue/IrqlAnnotationIssue.ql + - drivers/general/queries/IrqlCancelRoutine/IrqlCancelRoutine.ql + - drivers/general/queries/IrqlFloatStateMismatch/IrqlFloatStateMismatch.ql + - drivers/general/queries/IrqlNotSaved/IrqlNotSaved.ql + - drivers/general/queries/IrqlNotUsed/IrqlNotUsed.ql + - drivers/general/queries/IrqlSetTooHigh/IrqlSetTooHigh.ql + - drivers/general/queries/IrqlSetTooLow/IrqlSetTooLow.ql + - drivers/general/queries/IrqlTooHigh/IrqlTooHigh.ql + - drivers/general/queries/IrqlTooLow/IrqlTooLow.ql + - drivers/general/queries/KeSetEventPageable/KeSetEventPageable.ql + - drivers/general/queries/MultithreadedAVCondition/MultithreadedAVCondition.ql + - drivers/general/queries/NtstatusExplicitCast/NtstatusExplicitCast.ql + - drivers/general/queries/NtstatusExplicitCast2/NtstatusExplicitCast2.ql + - drivers/general/queries/NtstatusExplicitCast3/NtstatusExplicitCast3.ql + - drivers/general/queries/NullCharacterPointerAssignment/NullCharacterPointerAssignment.ql + - drivers/general/queries/OperandAssignment/OperandAssignment.ql + - drivers/general/queries/PointerVariableSize/PointerVariableSize.ql + - drivers/general/queries/PoolTagIntegral/PoolTagIntegral.ql + - drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.ql + - drivers/general/queries/RoutineFunctionTypeNotExpected/RoutineFunctionTypeNotExpected.ql + - drivers/general/queries/StrSafe/StrSafe.ql + - drivers/general/queries/StrictTypeMatch/StrictTypeMatch.ql + - drivers/wdm/queries/IllegalFieldAccess/IllegalFieldAccess.ql + - drivers/wdm/queries/IllegalFieldAccess2/IllegalFieldAccess2.ql + - drivers/wdm/queries/IllegalFieldWrite/IllegalFieldWrite.ql + - drivers/wdm/queries/InitNotCleared/InitNotCleared.ql + - drivers/wdm/queries/KeWaitLocal/KeWaitLocal.ql + - drivers/wdm/queries/MultiplePagedCode/MultiplePagedCode.ql + - drivers/wdm/queries/ObReferenceMode/ObReferenceMode.ql + - drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlUse.ql + - drivers/wdm/queries/OpaqueMdlWrite/OpaqueMdlWrite.ql + - drivers/wdm/queries/PendingStatusError/PendingStatusError.ql + - drivers/wdm/queries/WrongDispatchTableAssignment/WrongDispatchTableAssignment.ql + - microsoft/Likely Bugs/Boundary Violations/PaddingByteInformationDisclosure.ql + - microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql + - microsoft/Likely Bugs/Conversion/InfiniteLoop.ql + - microsoft/Likely Bugs/Memory Management/UseAfterFree/UseAfterFree.ql + - microsoft/Likely Bugs/UninitializedPtrField.ql + - microsoft/Security/Crytpography/HardcodedIVCNG.ql +- queries: . + from: microsoft/cpp-queries + version: 0.0.2 +- include: + query path: + - Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql + - Likely Bugs/Arithmetic/IntMultToLong.ql + - Likely Bugs/Arithmetic/SignedOverflowCheck.ql + - Likely Bugs/Conversion/CastArrayPointerArithmetic.ql + - Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql + - Likely Bugs/Memory Management/SuspiciousSizeof.ql + - Likely Bugs/Memory Management/UninitializedLocal.ql + - Security/CWE/CWE-121/UnterminatedVarargsCall.ql + - Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql + - Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql + - Security/CWE/CWE-468/IncorrectPointerScaling.ql + - Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql + - Security/CWE/CWE-676/PotentiallyDangerousFunction.ql + - Security/CWE/CWE-119/OverflowBuffer.ql diff --git a/src/windows-driver-suites/windows_mustfix_partial.qls b/src/windows-driver-suites/windows_mustfix_partial.qls deleted file mode 100644 index c6914621..00000000 --- a/src/windows-driver-suites/windows_mustfix_partial.qls +++ /dev/null @@ -1,10 +0,0 @@ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT license. - -- description: Security queries required to fix when certifying Windows Drivers -- queries: . - from: microsoft/windows-drivers -- include: - query path: - - drivers/general/queries/WdkDeprecatedApis/wdk-deprecated-api.ql - - microsoft/Security/CWE/CWE-704/WcharCharConversionLimited.ql diff --git a/src/windows-driver-suites/windows_recommended_partial.qls b/src/windows-driver-suites/windows_recommended_partial.qls deleted file mode 100644 index 6d339e04..00000000 --- a/src/windows-driver-suites/windows_recommended_partial.qls +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright (c) Microsoft Corporation. -# Licensed under the MIT license. - -- description: Recommended and required queries for Windows Drivers. -- import: windows-driver-suites/windows_mustfix_partial.qls -- queries: . - from: microsoft/windows-drivers -- include: - query path: - - microsoft/Likely Bugs/Boundary Violations/PaddingByteInformationDisclosure.ql - - microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql - - microsoft/Likely Bugs/Conversion/InfiniteLoop.ql - - microsoft/Likely Bugs/Memory Management/UseAfterFree/UseAfterFree.ql - - microsoft/Likely Bugs/UninitializedPtrField.ql - - microsoft/Security/Crytpography/HardcodedIVCNG.ql - - drivers/general/queries/KeSetEventPageable/KeSetEventPageable.ql - - drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.ql - - drivers/general/queries/DefaultPoolTag/DefaultPoolTag.ql - - drivers/general/queries/ExaminedValue/ExaminedValue.ql - - drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql - - drivers/general/queries/IrqlNotSaved/IrqlNotSaved.ql - - drivers/general/queries/IrqlNotUsed/IrqlNotUsed.ql - - drivers/general/queries/IrqlTooHigh/IrqlTooHigh.ql - - drivers/general/queries/IrqlTooLow/IrqlTooLow.ql - - drivers/general/queries/IrqlSetTooHigh/IrqlTooHigh.ql - - drivers/general/queries/IrqlSetTooLow/IrqlSetTooLow.ql - - drivers/general/queries/PoolTagIntegral/PoolTagIntegral.ql - - drivers/general/queries/StrSafe/StrSafe.ql - - drivers/wdm/queries/IllegalFieldAccess/IllegalFieldAccess.ql - - drivers/wdm/queries/IllegalFieldAccess2/IllegalFieldAccess2.ql - - drivers/wdm/queries/IllegalFieldWrite/IllegalFieldWrite.ql - - drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlUse.ql - - drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlWrite.ql - - drivers/wdm/queries/PendingStatusError/PendingStatusError.ql - - drivers/wdm/queries/WrongDispatchTableAssignment/WrongDispatchTableAssignment.ql - diff --git a/suites/windows_driver_mustfix.qls b/suites/windows_driver_mustfix.qls index fa217729..1495ea5e 100644 --- a/suites/windows_driver_mustfix.qls +++ b/suites/windows_driver_mustfix.qls @@ -2,15 +2,6 @@ # Licensed under the MIT license. - description: Security queries required to fix when certifying Windows Drivers -- queries: . - from: codeql/cpp-queries - version: 0.9.0 -- include: - query path: - - Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql - - Likely Bugs/Memory Management/PointerOverflow.ql - - Likely Bugs/Underspecified Functions/TooFewArguments.ql - - Security/CWE/CWE-190/ComparisonWithWiderType.ql - - Security/CWE/CWE-253/HResultBooleanConversion.ql -- import: windows-driver-suites/windows_mustfix_partial.qls + +- import: windows-driver-suites/mustfix.qls from: microsoft/windows-drivers diff --git a/suites/windows_driver_recommended.qls b/suites/windows_driver_recommended.qls index d92098ce..56c5d31d 100644 --- a/suites/windows_driver_recommended.qls +++ b/suites/windows_driver_recommended.qls @@ -2,31 +2,7 @@ # Licensed under the MIT license. - description: Recommended and required queries for Windows Drivers. -- import: windows-driver-suites/windows_mustfix_partial.qls +- import: windows-driver-suites/mustfix.qls from: microsoft/windows-drivers -- import: windows-driver-suites/windows_recommended_partial.qls +- import: windows-driver-suites/recommended.qls from: microsoft/windows-drivers -- queries: . - from: codeql/cpp-queries - version: 0.9.0 -- include: - query path: - - Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql - - Likely Bugs/Arithmetic/IntMultToLong.ql - - Likely Bugs/Arithmetic/SignedOverflowCheck.ql - - Likely Bugs/Conversion/CastArrayPointerArithmetic.ql - - Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql - - Likely Bugs/Memory Management/SuspiciousSizeof.ql - - Likely Bugs/Memory Management/UninitializedLocal.ql - - Security/CWE/CWE-121/UnterminatedVarargsCall.ql - - Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql - - Security/CWE/CWE-468/IncorrectPointerScaling.ql - - Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql - - Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql - - Security/CWE/CWE-676/PotentiallyDangerousFunction.ql - - Security/CWE/CWE-704/WcharCharConversion.ql - - Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql - - Likely Bugs/Memory Management/PointerOverflow.ql - - Likely Bugs/Underspecified Functions/TooFewArguments.ql - - Security/CWE/CWE-190/ComparisonWithWiderType.ql - - Security/CWE/CWE-253/HResultBooleanConversion.ql \ No newline at end of file