* Update suppression IDs [in-progress]
* Finish adding/updating suppression IDs.
* Fix opaque query IDs for a few queies.
* Clean up some accidental duplicates in Suppression.qll.
* add example to qhelp file
* update doc
* update query ID
* Update MultithreadedAVCondition.qhelp
Signed-off-by: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>
---------
Signed-off-by: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>
* initial setup for MultithreadedAVCondition query
* WIP: update test script to python
* improve script
* improve script. add multithreading
* add timer
* WIP multithread query. add cpp test driver
* WIP codeql port of C28616. Need to do more testing
* update test script
* update codeql library versions and qlhelp file
* update script. add support for useNTIFS option
* update test script output and warn about multithreaded mode not being final
* bug fix
* update multithreading to limit number of threads so codeql doesnt run out of memory
* add CppKMDFTestTemplate for testing cpp specific queries
* update cpp test template and multithreadedAVCondition query
* update query message
* fix names of functions in driver_snippet.cpp
* add query to ported ca checks suite
* update github action
* remove jobs from action for faster testing
* github action job updates
* github action job updates
* github action job updates
* test change of qls file without changing qlpack version
* bug fix
* test change of qls file without changing qlpack version
* test empty commit after fail of qlpack version test
* test update of qlpack version
* test update of qlpack and qls
* test gh action
* fix action file
* fix action file
* update github action
* test change of qls file without changing qlpack version
* test github action
* test github action
* test github action
* test github action
* test github action
* test github action
* update qls
* test
* test github action
* test github action
* test github action
* test github action
* test github action
* update qlpack. should pass test
* update qlpack but not version. should fail test
* update qls and update qlpack but not version. should fail test
* update qlpack version but decrement version. should fail test
* update qlpack version and add publish job to workflow file
* back to just one job
* bug fix
* bug fix
* bug fix
* bug fix
* bug fix
* add publish
* fix publish
* bug fix
* bug fix
* add token
* uncomment and change back version
* comment for testing
* increment version
* add permissions to workflow file
* uncomment and change back version
* Update build-codeql.yaml to remove extra trigger branch
Signed-off-by: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>
* Update windows_mustfix_partial.qls back to original
Signed-off-by: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>
* Update windows_recommended_partial.qls back to original
Signed-off-by: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>
---------
Signed-off-by: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>
* update qlpack version since new recommended queries were added
* update qlpack version since new recommended queries were added
* update readme
* Update README.md
Signed-off-by: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>
* Update README.md
Signed-off-by: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>
---------
Signed-off-by: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>
* Move .qlhelp files to .qhelp
The correct extension is .qhelp, not .qlhelp. Whoops.
* Fix InitNotCleared XML
* Cleanup for Recommended: DefaultPoolTag
* Cleanup for Recommended: IrqlNotSaved
* Cleanup for Recommended: IrqlNotUsed
* Fix behavior for RoleTypeCorrectlyUsed
* Cleanup for Recommended: RoleTypeCorrectlyUsed
* Cleanup for Recommended: PoolTagIntegral
* Cleanup for Recommended: StrSafe
Also move StrSafe to general rather than KMDF.
* Cleanup for Recommended: IrqlTooHigh
* Fix typo in IrqlTooHigh qhelp
* Cleanup for Recommended: IrqlTooLow
* Remove accidentally checked-in doc
* Cleanup for Recommended: IrqlSetTooLow
* Update windows_driver_recommended.qls
* Add missing IRQL reference links
* Cleanup for Recommended: IrqlSetTooHigh
* Cleanup for Recommended: ExaminedValue
* Revert a functionality change to ExaminedValue.
Not the right time to make this adjustment.
* Cleanup for Recommended: IllegalFieldAccess
* Cleanup for Recommended: IllegalFieldAccess2
* Fix wrong path in recommended query suite.
* Move ExaminedValue to general folder
* Cleanup for Recommended: IllegalFieldWrite
* Fix IllegalFieldAccess2 documentation.
* Cleanup for Recommended: OpaqueMdlUse, OpaqueMdlWrite
* Cleanup for Recommended: PendingStatusError
* Cleanup for Recommended: WrongDispatchTableAssignment
* Cleanup for Recommended: ExtendedDeprecatedApis
* Update StrSafe baseline to account for new language.
* Fix reference lists in docs
* Standardize language for CA references in docs
* Fix up query paths in ported CA driver suite
* Cleanup for Recommended: RoutineFunctionTypeNotExpected
* Add example to wdk-deprecated-api
* Tick query versions for two queries
* script updates
* update build script with option to run queries on existing database. Add requirements.txt for installing dependencies
* remove need to clean.cmd and add --no_clean flag to script. add comments
* WIP adding excel output functionality
* WIP test external driver projects with queries
* WIP
* WIP adding query health report
* WIP adding query health report
* comments
* output test run results to excel file
* update unit test excel output
* bug fix
* add counter
* cleanup
* add existing database option to external drivers option
* add query health results file as example
* add compare script
* fix bug
* Initial work at IRQL-checking
* Significant extra IRQL work.
* In-progress work
* More puttering around with IRQL
* Update to CodeQL 2.14.4
Update cpp-all to 0.9.2, cpp-queries to 0.7.4
* Commit more IRQL code. Needs cleanup.
* Some cleanup and minor fixes to entry IRQL evaluation.
* Replace old Irql high/low checks with new version and update library.
Still needs cleanup.
* Irql.qll cleanup
* Get rid of old prototype version of IrqlTooLow
* Update README.md
* Clean up file names
* Clean up queries.
* Update test script for IRQL queries.
* Update build-codeql.yaml
Signed-off-by: NateD-MSFT <34494373+NateD-MSFT@users.noreply.github.com>
* Update ported_driver_ca_checks.qls
* Add IrqlSetTooHigh/IrqlSetTooLow queries.
* Bugfix for IrqlTooHigh/IrqlTooLow
The changes to Irql.qll needed for IrqlSetTooHigh, etc. means we are more likely to see IRQL evaluations that return -1. Update queries to exclude those numbers.
* Fix test issues for several IRQL checks.
* WIP unit tests for IrqlSetTooHigh and IrqlSetTooLow queries
* WIP unit tests for IrqlSetTooHigh and IrqlSetTooLow queries
* WIP more tests and comments
* bug fixes
* WIP updates to tests
* WIP update tests
* remove bad tests. Fix run script to run all tests again. run script now cleans first automatically.
* update tests for IrqlSetTooHigh
* WIP IrqlSetTooLow tests
* Fix typo in Irql.qll
* irqlSetTooHigh tests remove calls to KeGetCurrentIRQL as they are not needed
* update IrqlSetTooLow tests
* update tests. line 90 should be a failling test but isnt
* fix IrqlLowerWithFunctionCall1 to call IrqlMinDispatchLowerIrql_fail1
* Revert"fix IrqlLowerWithFunctionCall1 to call IrqlMinDispatchLowerIrql_fail1"
This reverts commit fd9084b7f7.
* fix IrqlLowerWithFunctionCall1 to call IrqlMinDispatchLowerIrql_fail1
* add WDF function class and structure class
* add kmdf callback functions
* syntax updates
* add comments
* Expand WdmDrivers.qll. Add missing WDM Callback Routine types and Role Type class
* WIP query to check role types
* queries for implicit and explicit role types
* move implicit role type query to library as a class
* update wdmdrivers.qll
* RoleTypeCorrectlyUsed query
* WIP
* update query
* WIP updating wdmdrivers.qll to better define role type functions
* update query message
* adding KMDF support for role types
* updates to role type query for kmdf and wdm
* move wdm role type query to wdm folder
* WIP library for NDIS
* WIP NDIS role type query
* WIP storport library
* WIP storport query
* add irql level to wdm role types
* create generic RoleTypes library to include wdm, kmdf, ndis, and storport
* generic role type query
* add function annotation role types. Add extra role types from wdfroletypes.h
* ignore c++ functions for now until codeql issue figured out
* update role type query to remove double results
* update role type query
* update sarif results, diff, and test script
* fix conflict in WdmDrivers.qll
* remove irql level from role type library due to conflict
* fix WdmDrivers.qll
* fix wdmdrivers.qll
* remove irql library from wdmdrivers.qll
* remove old/unused role type queries
* Update src/drivers/storport/libraries/StorportDrivers.qll
Co-authored-by: NateD-MSFT <34494373+NateD-MSFT@users.noreply.github.com>
Signed-off-by: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>
* Update src/drivers/storport/libraries/StorportDrivers.qll
Co-authored-by: NateD-MSFT <34494373+NateD-MSFT@users.noreply.github.com>
Signed-off-by: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>
* Update src/drivers/storport/libraries/StorportDrivers.qll
Co-authored-by: NateD-MSFT <34494373+NateD-MSFT@users.noreply.github.com>
Signed-off-by: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>
* Update src/drivers/storport/libraries/StorportDrivers.qll
Co-authored-by: NateD-MSFT <34494373+NateD-MSFT@users.noreply.github.com>
Signed-off-by: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>
* Update src/drivers/storport/libraries/StorportDrivers.qll
Co-authored-by: NateD-MSFT <34494373+NateD-MSFT@users.noreply.github.com>
Signed-off-by: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>
* fix issue causing problems with diffs
* changes for pull request
---------
Signed-off-by: NateD-MSFT <34494373+NateD-MSFT@users.noreply.github.com>
Signed-off-by: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>
Co-authored-by: NateD-MSFT <34494373+NateD-MSFT@users.noreply.github.com>