Port of C28177

Author: jacob-ronstadt

src/drivers/general/queries/MultipleFunctionClassAnnotations/MultipleFunctionClassAnnotations.qhelp

@@ -0,0 +1,56 @@
+<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
+<qhelp>
+	<overview>
+		<p>
+		Function is annotated with more than one function class. All but one will be ignored.
+		</p>
+	</overview>
+	<recommendation>
+		<p>
+			This warning can be generated when there is a chain of typedefs. Only use one function class annotation.
+		</p>
+	</recommendation>
+	<example>
+		<p>
+			TODO example
+		</p>
+		<sample language="c"> <![CDATA[
+		__drv_functionClass(FAKE_DRIVER_ADD_DEVICE)
+		__drv_functionClass(FAKE_DRIVER_ADD_DEVICE2)
+		__drv_maxFunctionIRQL(PASSIVE_LEVEL)
+		__drv_requiresIRQL(PASSIVE_LEVEL)
+		__drv_sameIRQL
+		__drv_when(return >= 0, __drv_clearDoInit(yes)) typedef NTSTATUS
+		FAKE_DRIVER_ADD_DEVICE(
+			__in struct _DRIVER_OBJECT *DriverObject,
+			__in struct _DEVICE_OBJECT *PhysicalDeviceObject);
+
+		typedef FAKE_DRIVER_ADD_DEVICE *PDRIVER_ADD_DEVICE;
+
+		FAKE_DRIVER_ADD_DEVICE FakeDriverAddDevice;
+
+		_Use_decl_annotations_
+			NTSTATUS
+			FakeDriverAddDevice(
+				__in struct _DRIVER_OBJECT *DriverObject,
+				__in struct _DEVICE_OBJECT *PhysicalDeviceObject)
+		{
+			return STATUS_SUCCESS;
+		}
+		}]]>
+		</sample>
+		
+	</example>
+	<semmleNotes>
+		<p>
+			
+		</p>
+	</semmleNotes>
+	<references>
+		<li>
+			<a href="https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/28177-function-annotated-with-more-than-one-class">
+				C28177
+			</a>
+		</li>
+	</references>
+</qhelp>

src/drivers/general/queries/MultipleFunctionClassAnnotations/MultipleFunctionClassAnnotations.ql

@@ -0,0 +1,64 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * @id cpp/drivers/multiple-function-class-annotations
+ * @kind problem
+ * @name Multiple Function Class Annotations
+ * @description Function is annotated with more than one function class. All but one will be ignored.
+ * @platform Desktop
+ * @feature.area Multiple
+ * @impact Insecure Coding Practice
+ * @repro.text This warning can be generated when there is a chain of typedefs.
+ * @owner.email: [email protected]
+ * @opaqueid CQLD-c28177
+ * @problem.severity warning
+ * @precision medium
+ * @tags correctness
+ * @scope domainspecific
+ * @query-version v1
+ */
+
+import cpp
+import drivers.libraries.SAL
+
+class FunctionClassAnnotatedTypedef extends TypedefType {
+  FunctionClassAnnotation funcAnnotation;
+
+  FunctionClassAnnotatedTypedef() { funcAnnotation.getTypedefDeclarations() = this }
+
+  FunctionClassAnnotation getFuncClassAnnotation() { result = funcAnnotation }
+}
+
+class FunctionClassAnnotation extends SALAnnotation {
+  string annotationName;
+
+  FunctionClassAnnotation() {
+    this.getMacroName() = ["__drv_functionClass", "_Function_class_"] and
+    annotationName = this.getMacroName()
+  }
+}
+
+class AnnotatedFunction extends Function {
+  FunctionClassAnnotation funcClassAnnotation;
+
+  AnnotatedFunction() {
+    funcClassAnnotation.getMacroName() = ["__drv_functionClass", "_Function_class_"] and
+    exists(FunctionDeclarationEntry fde |
+      fde = this.getADeclarationEntry() and
+      funcClassAnnotation.getDeclarationEntry() = fde
+    )
+    or
+    exists(FunctionDeclarationEntry fde |
+      fde.getFunction() = this and
+      fde.getTypedefType().(FunctionClassAnnotatedTypedef).getFuncClassAnnotation() =
+        funcClassAnnotation
+    )
+  }
+
+  FunctionClassAnnotation getFuncClassAnnotation() { result = funcClassAnnotation }
+}
+
+from AnnotatedFunction f
+where 
+count(f.getFuncClassAnnotation() ) > 1
+select f, "Function is annotated with more than one function class. All but one will be ignored."