IrqlAnnotationIssue: CodeQL port of c28153 (#158)

* CodeQL port of C28153

* Remove TODO comment

* updates from review

Author: jacob-ronstadt

src/drivers/general/queries/IrqlAnnotationIssue/IrqlAnnotationIssue.qhelp

@@ -0,0 +1,42 @@
+<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
+<qhelp>
+	<overview>
+		<p>
+		The value for an IRQL from annotation could not be evaluated in this context.
+		</p>
+	</overview>
+	<recommendation>
+		<p>
+		This warning indicates that the Code Analysis tool cannot interpret the function annotation because the annotation is not
+		coded correctly. As a result, the Code Analysis tool cannot determine the specified IRQL value. This warning can occur with any of 
+		the driver-specific annotations that mention an IRQL when the Code Analysis tool cannot evaluate the expression for the IRQL.
+		</p>
+	</recommendation>
+	<example>
+		<p>
+			Incorrect IRQL annotation
+		</p>
+		<sample language="c"> <![CDATA[
+			_IRQL_requires_(65)
+		}]]>
+		</sample>
+		<p>
+			Incorrect IRQL annotation
+		</p>
+		<sample language="c"> <![CDATA[
+			_IRQL_always_function_max_(irql_variable)
+		}]]>
+		</sample>
+	</example>
+	<semmleNotes>
+		<p>
+		</p>
+	</semmleNotes>
+	<references>
+		<li>
+			<a href="https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/28153-irql-annotation-eval-context">
+				C28153
+			</a>
+		</li>
+	</references>
+</qhelp>

src/drivers/general/queries/IrqlAnnotationIssue/IrqlAnnotationIssue.ql

@@ -0,0 +1,28 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * @id cpp/drivers/irql-annotation-issue
+ * @kind problem
+ * @name Irql Annotation Issue
+ * @description The value for an IRQL from annotation could not be evaluated in this context.
+ * @platform Desktop
+ * @feature.area Multiple
+ * @impact Insecure Coding Practice
+ * @repro.text This warning indicates that the Code Analysis tool cannot interpret the function annotation because the annotation is not
+ *  coded correctly. As a result, the Code Analysis tool cannot determine the specified IRQL value. This warning can occur with any of
+ *  the driver-specific annotations that mention an IRQL when the Code Analysis tool cannot evaluate the expression for the IRQL.
+ * @owner.email: [email protected]
+ * @opaqueid CQLD-C28153
+ * @problem.severity warning
+ * @precision medium
+ * @tags correctness
+ * @scope domainspecific
+ * @query-version v1
+ */
+
+import cpp
+import drivers.libraries.Irql
+
+from IrqlFunctionAnnotation ifa
+where not ifa.getIrqlLevel() instanceof IrqlValue
+select ifa, "Invalid IRQL annotation: " + ifa.getIrqlLevel()