adding msft open source tests

Author: Dilan Bhalla

cpp/ql/test/query-tests/Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.expected

@@ -0,0 +1,15 @@
+| test.c:29:6:29:46 | ... && ... | This $@ is being handled $@ instead of the number of matching bytes. Please review the usage of this function and consider replacing it with `RtlEqualMemory`. | test.c:29:15:29:30 | call to RtlCompareMemory | call to `RtlCompareMemory` | test.c:29:6:29:46 | ... && ... | as an operand in a binary logical operation |
+| test.c:34:6:34:38 | ! ... | This $@ is being handled $@ instead of the number of matching bytes. Please review the usage of this function and consider replacing it with `RtlEqualMemory`. | test.c:34:7:34:22 | call to RtlCompareMemory | call to `RtlCompareMemory` | test.c:34:6:34:38 | ! ... | as an operand in an unary logical operation |
+| test.c:39:6:39:21 | call to RtlCompareMemory | This $@ is being handled $@ instead of the number of matching bytes. Please review the usage of this function and consider replacing it with `RtlEqualMemory`. | test.c:39:6:39:21 | call to RtlCompareMemory | call to `RtlCompareMemory` | test.c:39:6:39:21 | call to RtlCompareMemory | as the controlling expression in an If statement |
+| test.c:49:6:49:42 | ... == ... | This $@ is being handled $@ instead of the number of matching bytes. Please review the usage of this function and consider replacing it with `RtlEqualMemory`. | test.c:49:11:49:26 | call to RtlCompareMemory | call to `RtlCompareMemory` | test.c:49:6:49:42 | ... == ... | as an operand in an equality operation where the other operand is likely a boolean value (lower precision result, needs to be reviewed) |
+| test.c:75:6:75:37 | (bool)... | This $@ is being handled $@ instead of the number of matching bytes. Please review the usage of this function and consider replacing it with `RtlEqualMemory`. | test.c:75:6:75:21 | call to RtlCompareMemory | call to `RtlCompareMemory` | test.c:75:6:75:37 | (bool)... | as a boolean |
+| test.c:77:6:77:46 | ... == ... | This $@ is being handled $@ instead of the number of matching bytes. Please review the usage of this function and consider replacing it with `RtlEqualMemory`. | test.c:77:15:77:30 | call to RtlCompareMemory | call to `RtlCompareMemory` | test.c:77:6:77:46 | ... == ... | as an operand in an equality operation where the other operand is a boolean value (high precision result) |
+| test.c:84:6:84:37 | (BOOLEAN)... | This $@ is being handled $@ instead of the number of matching bytes. Please review the usage of this function and consider replacing it with `RtlEqualMemory`. | test.c:84:6:84:21 | call to RtlCompareMemory | call to `RtlCompareMemory` | test.c:84:6:84:37 | (BOOLEAN)... | as a boolean |
+| test.c:86:6:86:45 | ... == ... | This $@ is being handled $@ instead of the number of matching bytes. Please review the usage of this function and consider replacing it with `RtlEqualMemory`. | test.c:86:14:86:29 | call to RtlCompareMemory | call to `RtlCompareMemory` | test.c:86:6:86:45 | ... == ... | as an operand in an equality operation where the other operand is a boolean value (high precision result) |
+| test.c:91:9:91:52 | ... && ... | This $@ is being handled $@ instead of the number of matching bytes. Please review the usage of this function and consider replacing it with `RtlEqualMemory`. | test.c:91:21:91:36 | call to RtlCompareMemory | call to `RtlCompareMemory` | test.c:91:9:91:52 | ... && ... | as an operand in a binary logical operation |
+| test.cpp:18:6:18:46 | ... && ... | This $@ is being handled $@ instead of the number of matching bytes. Please review the usage of this function and consider replacing it with `RtlEqualMemory`. | test.cpp:18:15:18:30 | call to RtlCompareMemory | call to `RtlCompareMemory` | test.cpp:18:6:18:46 | ... && ... | as an operand in a binary logical operation |
+| test.cpp:18:15:18:46 | (bool)... | This $@ is being handled $@ instead of the number of matching bytes. Please review the usage of this function and consider replacing it with `RtlEqualMemory`. | test.cpp:18:15:18:30 | call to RtlCompareMemory | call to `RtlCompareMemory` | test.cpp:18:15:18:46 | (bool)... | as a boolean |
+| test.cpp:23:6:23:38 | ! ... | This $@ is being handled $@ instead of the number of matching bytes. Please review the usage of this function and consider replacing it with `RtlEqualMemory`. | test.cpp:23:7:23:22 | call to RtlCompareMemory | call to `RtlCompareMemory` | test.cpp:23:6:23:38 | ! ... | as an operand in an unary logical operation |
+| test.cpp:23:7:23:38 | (bool)... | This $@ is being handled $@ instead of the number of matching bytes. Please review the usage of this function and consider replacing it with `RtlEqualMemory`. | test.cpp:23:7:23:22 | call to RtlCompareMemory | call to `RtlCompareMemory` | test.cpp:23:7:23:38 | (bool)... | as a boolean |
+| test.cpp:28:9:28:52 | ... && ... | This $@ is being handled $@ instead of the number of matching bytes. Please review the usage of this function and consider replacing it with `RtlEqualMemory`. | test.cpp:28:21:28:36 | call to RtlCompareMemory | call to `RtlCompareMemory` | test.cpp:28:9:28:52 | ... && ... | as an operand in a binary logical operation |
+| test.cpp:28:21:28:52 | (bool)... | This $@ is being handled $@ instead of the number of matching bytes. Please review the usage of this function and consider replacing it with `RtlEqualMemory`. | test.cpp:28:21:28:36 | call to RtlCompareMemory | call to `RtlCompareMemory` | test.cpp:28:21:28:52 | (bool)... | as a boolean |

cpp/ql/test/query-tests/Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.qlref

@@ -0,0 +1 @@
+Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql

cpp/ql/test/query-tests/Microsoft/Likely Bugs/Drivers/test.c

@@ -0,0 +1,92 @@
+// semmle-extractor-options: --microsoft
+typedef unsigned __int64 size_t;
+
+size_t RtlCompareMemory(
+	const void* Source1,
+	const void* Source2,
+	size_t Length
+)
+{
+	return Length;
+}
+
+
+#define bool	_Bool
+#define false	0
+#define true	1
+
+typedef unsigned char UCHAR;
+typedef UCHAR BOOLEAN;           // winnt
+#define FALSE   0
+#define TRUE    1
+
+int Test(const void* ptr)
+{
+	size_t t = RtlCompareMemory("test", ptr, 5); //OK
+	bool x;
+	BOOLEAN y;
+
+	if (t > 0 && RtlCompareMemory("test", ptr, 5)) //bug
+	{
+		t++;
+	}
+
+	if (!RtlCompareMemory("test", ptr, 4)) //bug
+	{
+		t--;
+	}
+
+	if (RtlCompareMemory("test", ptr, 4)) //bug
+	{
+		t--;
+	}
+
+	if (6 == RtlCompareMemory("test", ptr, 4)) //OK
+	{
+		t++;
+	}
+
+	if (0 == RtlCompareMemory("test", ptr, 4)) // potentially a bug (lower precision)
+	{
+		t++;
+	}
+
+	if (6 == RtlCompareMemory("test", ptr, 4) + 1) //OK
+	{
+		t++;
+	}
+
+	if (0 == RtlCompareMemory("test", ptr, 4) + 1) // OK
+	{
+		t++;
+	}
+
+	switch (RtlCompareMemory("test", ptr, 4))
+	{
+	case 1:
+		t--;
+		break;
+	default:
+		t++;
+	}
+
+	/// _Bool
+
+	x = RtlCompareMemory("test", ptr, 4); // bug
+
+	if (false == RtlCompareMemory("test", ptr, 4)) // bug
+	{
+		t++;
+	}
+
+	// BOOLEAN
+
+	y = RtlCompareMemory("test", ptr, 4); // bug
+
+	if (TRUE == RtlCompareMemory("test", ptr, 4)) // bug
+	{
+		t++;
+	}
+
+	return (t == 5) && RtlCompareMemory("test", ptr, 5); //bug
+}

cpp/ql/test/query-tests/Microsoft/Likely Bugs/Drivers/test.cpp

@@ -0,0 +1,29 @@
+// semmle-extractor-options: --microsoft
+typedef unsigned __int64 size_t;
+
+size_t RtlCompareMemory(
+	const void* Source1,
+	const void* Source2,
+	size_t Length
+)
+{
+	return Length;
+}
+
+
+bool Test(const void* ptr)
+{
+	size_t t = RtlCompareMemory("test", ptr, 5); //OK
+
+	if (t > 0 && RtlCompareMemory("test", ptr, 5)) //bug
+	{
+		t++;
+	}
+
+	if (!RtlCompareMemory("test", ptr, 4)) //bug
+	{
+		t--;
+	}
+
+	return (t == 5) && RtlCompareMemory("test", ptr, 5); //bug
+}

cpp/ql/test/query-tests/Microsoft/Likely Bugs/SizeOfMisuse/ArgumentIsSizeofOrOperation.expected

@@ -0,0 +1,12 @@
+| test.c:86:6:86:29 | sizeof(<expr>) | $@: $@ of $@ inside sizeof. | test.c:86:6:86:29 | sizeof(<expr>) | binary operator | test.c:64:6:64:11 | Test01 | Usage | test.c:86:13:86:28 | ... / ... | binary operator |
+| test.c:93:6:93:30 | sizeof(<expr>) | $@: $@ of $@ inside sizeof. | test.c:93:6:93:30 | sizeof(<expr>) | binary operator | test.c:64:6:64:11 | Test01 | Usage | test.c:93:13:93:29 | ... * ... | binary operator |
+| test.c:95:6:95:35 | sizeof(<expr>) | $@: $@ of $@ inside sizeof. | test.c:95:6:95:35 | sizeof(<expr>) | binary operator | test.c:64:6:64:11 | Test01 | Usage | test.c:95:13:95:34 | ... * ... | binary operator |
+| test.c:98:6:98:31 | sizeof(<expr>) | $@: $@ of $@ inside sizeof. | test.c:98:6:98:31 | sizeof(<expr>) | sizeof | test.c:64:6:64:11 | Test01 | Usage | test.c:98:13:98:30 | sizeof(int) | sizeof |
+| test.c:116:6:116:24 | sizeof(<expr>) | $@: $@ of $@ inside sizeof. | test.c:116:6:116:24 | sizeof(<expr>) | sizeof | test.c:64:6:64:11 | Test01 | Usage | test.c:116:13:116:23 | sizeof(int) | sizeof |
+| test.c:117:6:117:18 | sizeof(<expr>) | $@: $@ of $@ inside sizeof. | test.c:117:6:117:18 | sizeof(<expr>) | binary operator | test.c:64:6:64:11 | Test01 | Usage | test.c:117:13:117:17 | ... + ... | binary operator |
+| test.cpp:89:6:89:29 | sizeof(<expr>) | $@: $@ of $@ inside sizeof. | test.cpp:89:6:89:29 | sizeof(<expr>) | binary operator | test.cpp:66:6:66:11 | Test01 | Usage | test.cpp:89:13:89:28 | ... / ... | binary operator |
+| test.cpp:96:6:96:30 | sizeof(<expr>) | $@: $@ of $@ inside sizeof. | test.cpp:96:6:96:30 | sizeof(<expr>) | binary operator | test.cpp:66:6:66:11 | Test01 | Usage | test.cpp:96:13:96:29 | ... * ... | binary operator |
+| test.cpp:98:6:98:35 | sizeof(<expr>) | $@: $@ of $@ inside sizeof. | test.cpp:98:6:98:35 | sizeof(<expr>) | binary operator | test.cpp:66:6:66:11 | Test01 | Usage | test.cpp:98:13:98:34 | ... * ... | binary operator |
+| test.cpp:101:6:101:31 | sizeof(<expr>) | $@: $@ of $@ inside sizeof. | test.cpp:101:6:101:31 | sizeof(<expr>) | sizeof | test.cpp:66:6:66:11 | Test01 | Usage | test.cpp:101:13:101:30 | sizeof(int) | sizeof |
+| test.cpp:120:6:120:24 | sizeof(<expr>) | $@: $@ of $@ inside sizeof. | test.cpp:120:6:120:24 | sizeof(<expr>) | sizeof | test.cpp:66:6:66:11 | Test01 | Usage | test.cpp:120:13:120:23 | sizeof(int) | sizeof |
+| test.cpp:121:6:121:18 | sizeof(<expr>) | $@: $@ of $@ inside sizeof. | test.cpp:121:6:121:18 | sizeof(<expr>) | binary operator | test.cpp:66:6:66:11 | Test01 | Usage | test.cpp:121:13:121:17 | ... + ... | binary operator |

cpp/ql/test/query-tests/Microsoft/Likely Bugs/SizeOfMisuse/ArgumentIsSizeofOrOperation.qlref

@@ -0,0 +1 @@
+Microsoft/Likely Bugs/SizeOfMisuse/ArgumentIsSizeofOrOperation.ql

cpp/ql/test/query-tests/Microsoft/Likely Bugs/SizeOfMisuse/SizeOfConstIntMacro.expected

@@ -0,0 +1,12 @@
+| test2.c:72:6:72:42 | sizeof(<expr>) | $@: sizeof of integer macro $@ will always return the size of the underlying integer type. | test2.c:72:6:72:42 | sizeof(<expr>) | Test01 | test2.c:46:1:46:48 | #define SOMESTRUCT_ERRNO_THAT_MATTERS 0x8000000d | SOMESTRUCT_ERRNO_THAT_MATTERS |
+| test2.c:80:10:80:32 | sizeof(<expr>) | $@: sizeof of integer macro $@ will always return the size of the underlying integer type. | test2.c:80:10:80:32 | sizeof(<expr>) | Test01 | test2.c:2:1:2:26 | #define BAD_MACRO_CONST 5l | BAD_MACRO_CONST |
+| test2.c:81:6:81:29 | sizeof(<expr>) | $@: sizeof of integer macro $@ will always return the size of the underlying integer type. | test2.c:81:6:81:29 | sizeof(<expr>) | Test01 | test2.c:3:1:3:35 | #define BAD_MACRO_CONST2 0x80005001 | BAD_MACRO_CONST2 |
+| test2.c:89:7:89:35 | sizeof(<expr>) | $@: sizeof of integer macro $@ will always return the size of the underlying integer type. | test2.c:89:7:89:35 | sizeof(<expr>) | Test01 | test2.c:1:1:1:19 | #define PAGESIZE 64 | PAGESIZE |
+| test2.c:98:6:98:31 | sizeof(<expr>) | $@: sizeof of integer macro $@ will always return the size of the underlying integer type. | test2.c:98:6:98:31 | sizeof(<expr>) | Test01 | test2.c:17:1:17:40 | #define SOME_SIZEOF_MACRO2 (sizeof(int)) | SOME_SIZEOF_MACRO2 |
+| test2.c:112:6:112:37 | sizeof(<expr>) | $@: sizeof of integer macro $@ will always return the size of the underlying integer type. | test2.c:112:6:112:37 | sizeof(<expr>) | Test01 | test2.c:31:1:31:45 | #define ACE_CONDITION_SIGNATURE2 'xt' | ACE_CONDITION_SIGNATURE2 |
+| test2.cpp:75:6:75:42 | sizeof(<expr>) | $@: sizeof of integer macro $@ will always return the size of the underlying integer type. | test2.cpp:75:6:75:42 | sizeof(<expr>) | Test01 | test2.cpp:48:1:48:48 | #define SOMESTRUCT_ERRNO_THAT_MATTERS 0x8000000d | SOMESTRUCT_ERRNO_THAT_MATTERS |
+| test2.cpp:83:10:83:32 | sizeof(<expr>) | $@: sizeof of integer macro $@ will always return the size of the underlying integer type. | test2.cpp:83:10:83:32 | sizeof(<expr>) | Test01 | test2.cpp:2:1:2:26 | #define BAD_MACRO_CONST 5l | BAD_MACRO_CONST |
+| test2.cpp:84:6:84:29 | sizeof(<expr>) | $@: sizeof of integer macro $@ will always return the size of the underlying integer type. | test2.cpp:84:6:84:29 | sizeof(<expr>) | Test01 | test2.cpp:3:1:3:35 | #define BAD_MACRO_CONST2 0x80005001 | BAD_MACRO_CONST2 |
+| test2.cpp:92:7:92:35 | sizeof(<expr>) | $@: sizeof of integer macro $@ will always return the size of the underlying integer type. | test2.cpp:92:7:92:35 | sizeof(<expr>) | Test01 | test2.cpp:1:1:1:19 | #define PAGESIZE 64 | PAGESIZE |
+| test2.cpp:101:6:101:31 | sizeof(<expr>) | $@: sizeof of integer macro $@ will always return the size of the underlying integer type. | test2.cpp:101:6:101:31 | sizeof(<expr>) | Test01 | test2.cpp:17:1:17:40 | #define SOME_SIZEOF_MACRO2 (sizeof(int)) | SOME_SIZEOF_MACRO2 |
+| test2.cpp:116:6:116:37 | sizeof(<expr>) | $@: sizeof of integer macro $@ will always return the size of the underlying integer type. | test2.cpp:116:6:116:37 | sizeof(<expr>) | Test01 | test2.cpp:32:1:32:45 | #define ACE_CONDITION_SIGNATURE2 'xt' | ACE_CONDITION_SIGNATURE2 |

cpp/ql/test/query-tests/Microsoft/Likely Bugs/SizeOfMisuse/SizeOfConstIntMacro.qlref

@@ -0,0 +1 @@
+Microsoft/Likely Bugs/SizeOfMisuse/SizeOfConstIntMacro.ql

cpp/ql/test/query-tests/Microsoft/Likely Bugs/SizeOfMisuse/test.c

@@ -0,0 +1,118 @@
+#define PAGESIZE 64
+#define BAD_MACRO_CONST 5l
+#define BAD_MACRO_CONST2 0x80005001
+#define BAD_MACRO_OP1(VAR) strlen(#VAR)
+#define BAD_MACRO_OP2(VAR) sizeof(VAR)/sizeof(int)
+
+long strlen(const char* x) { return 5; }
+
+#define ALIGN_UP_BY(length, sizeofType) length * sizeofType
+#define ALIGN_UP(length, type) \
+	ALIGN_UP_BY(length, sizeof(type))
+
+#define SOME_SIZEOF_MACRO (sizeof(int) * 3)
+#define SOME_SIZEOF_MACRO_CAST ((char)(sizeof(int) * 3))
+
+
+#define SOME_SIZEOF_MACRO2 (sizeof(int))
+
+typedef unsigned short WCHAR;    // wc,   16-bit UNICODE character
+
+#define UNICODE_NULL1 ((WCHAR)0)
+
+#define ASCII_NULL ((char)0)
+
+#define UNICODE_STRING_SIG         L"xtra"
+#define ASCII_STRING_SIG         "xtra"
+
+#define UNICODE_SIG         L'x'
+
+#define ACE_CONDITION_SIGNATURE1         'xtra'
+#define ACE_CONDITION_SIGNATURE2         'xt'
+
+#define ACE_CONDITION_SIGNATURE3(VAL)    #VAL
+
+#define NULL (void *)0
+
+#define EFI_FILEPATH_SEPARATOR_UNICODE L'\\'
+
+const char* Test()
+{
+	return "foobar";
+}
+
+#define FUNCTION_MACRO_OP1 Test()
+
+#define SOMESTRUCT_ERRNO_THAT_MATTERS 0x8000000d
+
+
+char _RTL_CONSTANT_STRING_type_check(const void* s) {
+	return ((char*)(s))[0];
+}
+
+#define RTL_CONSTANT_STRING(s) \
+{ \
+    sizeof( s ) - sizeof( (s)[0] ); \
+    sizeof( s ) / sizeof(_RTL_CONSTANT_STRING_type_check(s)); \
+}
+
+typedef struct {
+	int a;
+	char b;
+} SOMESTRUCT_THAT_MATTERS;
+
+void Test01() {
+
+	RTL_CONSTANT_STRING("hello");
+
+	sizeof(NULL);
+	sizeof(EFI_FILEPATH_SEPARATOR_UNICODE);
+
+	int y = sizeof(SOMESTRUCT_THAT_MATTERS);
+	y = sizeof(SOMESTRUCT_ERRNO_THAT_MATTERS); // BUG: SizeOfConstIntMacro
+
+	const unsigned short* p = UNICODE_STRING_SIG;
+	const char* p2 = ASCII_STRING_SIG;
+	char p3 = 'xtra';
+	unsigned short p4 = L'xtra';
+
+	int a[10];
+	int x = sizeof(BAD_MACRO_CONST); //BUG: SizeOfConstIntMacro
+	x = sizeof(BAD_MACRO_CONST2); //BUG: SizeOfConstIntMacro
+
+	x = sizeof(FUNCTION_MACRO_OP1); // GOOD
+
+	x = sizeof(BAD_MACRO_OP1(a)); //BUG: ArgumentIsFunctionCall (Low Prec)
+	x = sizeof(BAD_MACRO_OP2(a)); //BUG: ArgumentIsSizeofOrOperation
+
+	x = 0;
+	x += ALIGN_UP(sizeof(a), PAGESIZE); //BUG: SizeOfConstIntMacro
+	x += ALIGN_UP_BY(sizeof(a), PAGESIZE); // GOOD
+
+	x = SOME_SIZEOF_MACRO * 3; // GOOD
+	x = sizeof(SOME_SIZEOF_MACRO) * 3; //BUG: ArgumentIsSizeofOrOperation
+
+	x = sizeof(SOME_SIZEOF_MACRO_CAST) * 3; //BUG: ArgumentIsSizeofOrOperation
+
+	x = SOME_SIZEOF_MACRO2; // GOOD
+	x = sizeof(SOME_SIZEOF_MACRO2); //BUG: SizeOfConstIntMacro, ArgumentIsSizeofOrOperation
+
+	x = sizeof(a) / sizeof(int); // GOOD
+
+	x = sizeof(UNICODE_NULL1);
+
+	x = sizeof(ASCII_NULL);
+
+	x = sizeof(UNICODE_STRING_SIG);
+	x = sizeof(ASCII_STRING_SIG);
+
+	x = sizeof(UNICODE_SIG);
+
+	x = sizeof(ACE_CONDITION_SIGNATURE1); // GOOD (special case)
+	x = sizeof(ACE_CONDITION_SIGNATURE2); // BUG: SizeOfConstIntMacro
+
+	x = sizeof(ACE_CONDITION_SIGNATURE3(xtra));
+
+	x = sizeof(sizeof(int)); // BUG: ArgumentIsSizeofOrOperation
+	x = sizeof(3 + 2); // BUg: ArgumentIsSizeofOrOperation
+}