CodeQL port of C28266

Author: jacob-ronstadt

src/drivers/general/queries/AnnotationSyntax/AnnotationSyntax.qhelp

@@ -0,0 +1,59 @@
+<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
+<qhelp>
+	<overview>
+		<p>
+		A syntax error in the annotations was found for the property in the function.
+		</p>
+	</overview>
+	<recommendation>
+		<p>
+			This warning indicates an error in the annotations, not in the code that is being analyzed.
+		</p>
+	</recommendation>
+	<example>
+		<p>
+			_IRQL_saves_global_ not applied to entire function
+		</p>
+		<sample language="c"> <![CDATA[
+		// FAIL 
+		VOID test1(
+			_IRQL_saves_global_(OldIrql, *Irql) PKIRQL Irql)
+		{
+			// ...
+			;
+		}
+		}]]>
+		</sample>
+		<p>
+		_Kernel_clear_do_init_ not used with either "yes" or "no"
+		</p>
+		<sample language="c"> <![CDATA[
+		// FAIL
+		_Function_class_(DRIVER_ADD_DEVICE)
+			_IRQL_requires_(PASSIVE_LEVEL)
+				_IRQL_requires_same_
+			_Kernel_clear_do_init_(IRP_MJ_CREATE)
+		NTSTATUS
+		test4(
+			_In_ PDRIVER_OBJECT DriverObject,
+			_In_ PDEVICE_OBJECT PhysicalDeviceObject)
+
+		{
+			; // do nothing
+		}
+		}]]>
+		</sample>
+	</example>
+	<semmleNotes>
+		<p>
+			TODO notes
+		</p>
+	</semmleNotes>
+	<references>
+		<li>
+			<a href="https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/28266-function-property-syntax-error">
+				C28266
+			</a>
+		</li>
+	</references>
+</qhelp>

src/drivers/general/queries/AnnotationSyntax/AnnotationSyntax.ql

@@ -0,0 +1,63 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * @id cpp/drivers/annotation-syntax
+ * @kind problem
+ * @name Annotation syntax error
+ * @description A syntax error in the annotations was found for the property in the function.
+ * @platform Desktop
+ * @feature.area Multiple
+ * @impact Annotations
+ * @repro.text
+ * @owner.email: [email protected]
+ * @opaqueid CQLD-C28266
+ * @problem.severity warning
+ * @precision medium
+ * @tags correctness
+ * @scope domainspecific
+ * @query-version v1
+ */
+
+import cpp
+import drivers.libraries.SAL
+
+from SALAnnotation sa, SALParameter sp
+where
+  // restoreIRQLGlobal was not on the whole function
+  // saveIRQLGlobalL was not on the whole function
+  (
+    sa.toString().matches("%restoresIRQLGlobal%") or //restoreIRQLGlobal //__drv_restoresIRQLGlobal //_IRQL_restores_global_
+    sa.toString().matches("%_IRQL_saves_global_%") or //restoreIRQLGlobal //__drv_restoresIRQLGlobal //_IRQL_restores_global_
+    sa.toString().matches("%savesIRQLGlobal%") or //saveIRQLGlobal //__drv_savesIRQLGlobal //_IRQL_saves_global_
+    sa.toString().matches("%_IRQL_restores_global_%")
+  ) and
+  sp.getAnnotation() = sa
+  or
+  (
+    sa.toString().matches("%_When_%") or
+    sa.toString().matches("%drv_when%")
+  ) and
+  (
+    //_Kernel_clear_do_init_ was not \"yes\" or \"no\"")
+    exists(int i |
+      sa.getUnexpandedArgument(i).toString().matches("%_Kernel_clear_do_init_%") and
+      not sa.getUnexpandedArgument(i).toString().matches("_Kernel_clear_do_init_(%yes%)") and
+      not sa.getUnexpandedArgument(i).toString().matches("_Kernel_clear_do_init_(%no%)")
+    )
+    or
+    //__drv_dispatchType cannot be used with __drv_when
+    exists(int i | sa.getUnexpandedArgument(i).toString().matches("%__drv_dispatchType%"))
+  )
+  or
+  sa.toString().matches("%_Kernel_clear_do_init_%") and
+  not sa.getUnexpandedArgument(0).toString().toLowerCase().matches("\"yes\"") and
+  not sa.getUnexpandedArgument(0).toString().toLowerCase().matches("\"no\"")
+  or
+  //   f.toString().matches("%drv_dispatchType%") or
+  //__drv_dispatch value out of range val > 63 || val < -1
+  sa.toString().matches("%drv_dispatch%") and
+  (
+    sa.getUnexpandedArgument(0).toInt() > 63 or
+    sa.getUnexpandedArgument(0).toInt() < -1
+  )
+select sa, "Possible annotation syntax error"