IoInitializeTimerCall: CodeQL port of C28133 (#123)

* C28133

* add query to ported ca checks suite

---------

Signed-off-by: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>

src/drivers/general/queries/IoInitializeTimerCall/IoInitializeTimerCall.qhelp

@@ -0,0 +1,20 @@
+<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
+<qhelp>
+	<overview>
+		<p>
+			IoInitializeTimer is best called from AddDevice
+		</p>
+	</overview>
+	<recommendation>
+		<p>
+			IoInitializeTimer can only be called once per device object. Calling it from the AddDevice routine helps assure that it is not unexpectedly called more than once.
+		</p>
+	</recommendation>
+	<references>
+		<li>
+			<a href="https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/28133-ioinitializetimer-is-best-called-from-add-device">
+				C28133
+			</a>
+		</li>
+	</references>
+</qhelp>

src/drivers/general/queries/IoInitializeTimerCall/IoInitializeTimerCall.ql

@@ -0,0 +1,30 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * @id cpp/drivers/pool-tag-integral
+ * @kind problem
+ * @name IoInitializeTimer is best called from AddDevice
+ * @description IoInitializeTimer can only be called once per device object. Calling it from the AddDevice routine helps assure that it is not unexpectedly called more than once.
+ * @platform Desktop
+ * @security.severity Low
+ * @feature.area Multiple
+ * @impact 
+ * @repro.text 
+ * @owner.email sdat@microsoft.com
+ * @opaqueid CQLD-C28133
+ * @problem.severity warning
+ * @precision high
+ * @tags correctness
+ *       wddst
+ * @scope domainspecific
+ * @query-version v1
+ */
+
+import cpp
+import drivers.wdm.libraries.WdmDrivers
+
+from FunctionCall fc, WdmAddDevice wad
+where 
+  fc.getTarget().getName() = "IoInitializeTimer" and
+  not fc.getEnclosingFunction() = wad
+select fc, "IoInitializeTimer should be called from AddDevice"

src/drivers/general/queries/IoInitializeTimerCall/IoInitializeTimerCall.sarif

@@ -0,0 +1,201 @@
+{
+  "$schema" : "https://json.schemastore.org/sarif-2.1.0.json",
+  "version" : "2.1.0",
+  "runs" : [ {
+    "tool" : {
+      "driver" : {
+        "name" : "CodeQL",
+        "organization" : "GitHub",
+        "semanticVersion" : "2.15.4",
+        "notifications" : [ {
+          "id" : "cpp/baseline/expected-extracted-files",
+          "name" : "cpp/baseline/expected-extracted-files",
+          "shortDescription" : {
+            "text" : "Expected extracted files"
+          },
+          "fullDescription" : {
+            "text" : "Files appearing in the source archive that are expected to be extracted."
+          },
+          "defaultConfiguration" : {
+            "enabled" : true
+          },
+          "properties" : {
+            "tags" : [ "expected-extracted-files", "telemetry" ]
+          }
+        } ],
+        "rules" : [ {
+          "id" : "cpp/drivers/pool-tag-integral",
+          "name" : "cpp/drivers/pool-tag-integral",
+          "shortDescription" : {
+            "text" : "IoInitializeTimer is best called from AddDevice"
+          },
+          "fullDescription" : {
+            "text" : "IoInitializeTimer can only be called once per device object. Calling it from the AddDevice routine helps assure that it is not unexpectedly called more than once."
+          },
+          "defaultConfiguration" : {
+            "enabled" : true,
+            "level" : "warning"
+          },
+          "properties" : {
+            "tags" : [ "correctness", "wddst" ],
+            "description" : "IoInitializeTimer can only be called once per device object. Calling it from the AddDevice routine helps assure that it is not unexpectedly called more than once.",
+            "feature.area" : "Multiple",
+            "id" : "cpp/drivers/pool-tag-integral",
+            "impact" : "",
+            "kind" : "problem",
+            "name" : "IoInitializeTimer is best called from AddDevice",
+            "opaqueid" : "CQLD-C28133",
+            "owner.email" : "sdat@microsoft.com",
+            "platform" : "Desktop",
+            "precision" : "high",
+            "problem.severity" : "warning",
+            "query-version" : "v1",
+            "repro.text" : "",
+            "scope" : "domainspecific",
+            "security.severity" : "Low"
+          }
+        } ]
+      },
+      "extensions" : [ {
+        "name" : "microsoft/windows-drivers",
+        "semanticVersion" : "1.0.13+4cf80ade609037becb8999823de45e08bd818a20",
+        "locations" : [ {
+          "uri" : "file:///C:/codeql-home/WDDST/src/",
+          "description" : {
+            "text" : "The QL pack root directory."
+          }
+        }, {
+          "uri" : "file:///C:/codeql-home/WDDST/src/qlpack.yml",
+          "description" : {
+            "text" : "The QL pack definition file."
+          }
+        } ]
+      } ]
+    },
+    "invocations" : [ {
+      "toolExecutionNotifications" : [ {
+        "locations" : [ {
+          "physicalLocation" : {
+            "artifactLocation" : {
+              "uri" : "driver/driver_snippet.c",
+              "uriBaseId" : "%SRCROOT%",
+              "index" : 0
+            }
+          }
+        } ],
+        "message" : {
+          "text" : ""
+        },
+        "level" : "none",
+        "descriptor" : {
+          "id" : "cpp/baseline/expected-extracted-files",
+          "index" : 0
+        },
+        "properties" : {
+          "formattedMessage" : {
+            "text" : ""
+          }
+        }
+      }, {
+        "locations" : [ {
+          "physicalLocation" : {
+            "artifactLocation" : {
+              "uri" : "driver/fail_driver1.c",
+              "uriBaseId" : "%SRCROOT%",
+              "index" : 1
+            }
+          }
+        } ],
+        "message" : {
+          "text" : ""
+        },
+        "level" : "none",
+        "descriptor" : {
+          "id" : "cpp/baseline/expected-extracted-files",
+          "index" : 0
+        },
+        "properties" : {
+          "formattedMessage" : {
+            "text" : ""
+          }
+        }
+      }, {
+        "locations" : [ {
+          "physicalLocation" : {
+            "artifactLocation" : {
+              "uri" : "driver/fail_driver1.h",
+              "uriBaseId" : "%SRCROOT%",
+              "index" : 2
+            }
+          }
+        } ],
+        "message" : {
+          "text" : ""
+        },
+        "level" : "none",
+        "descriptor" : {
+          "id" : "cpp/baseline/expected-extracted-files",
+          "index" : 0
+        },
+        "properties" : {
+          "formattedMessage" : {
+            "text" : ""
+          }
+        }
+      } ],
+      "executionSuccessful" : true
+    } ],
+    "artifacts" : [ {
+      "location" : {
+        "uri" : "driver/driver_snippet.c",
+        "uriBaseId" : "%SRCROOT%",
+        "index" : 0
+      }
+    }, {
+      "location" : {
+        "uri" : "driver/fail_driver1.c",
+        "uriBaseId" : "%SRCROOT%",
+        "index" : 1
+      }
+    }, {
+      "location" : {
+        "uri" : "driver/fail_driver1.h",
+        "uriBaseId" : "%SRCROOT%",
+        "index" : 2
+      }
+    } ],
+    "results" : [ {
+      "ruleId" : "cpp/drivers/pool-tag-integral",
+      "ruleIndex" : 0,
+      "rule" : {
+        "id" : "cpp/drivers/pool-tag-integral",
+        "index" : 0
+      },
+      "message" : {
+        "text" : "IoInitializeTimer should be called from AddDevice"
+      },
+      "locations" : [ {
+        "physicalLocation" : {
+          "artifactLocation" : {
+            "uri" : "driver/driver_snippet.c",
+            "uriBaseId" : "%SRCROOT%",
+            "index" : 0
+          },
+          "region" : {
+            "startLine" : 16,
+            "startColumn" : 5,
+            "endColumn" : 22
+          }
+        }
+      } ],
+      "partialFingerprints" : {
+        "primaryLocationLineHash" : "dc91db8b202a7996:1",
+        "primaryLocationStartColumnFingerprint" : "0"
+      }
+    } ],
+    "columnKind" : "utf16CodeUnits",
+    "properties" : {
+      "semmle.formatSpecifier" : "sarifv2.1.0"
+    }
+  } ]
+}

src/drivers/general/queries/IoInitializeTimerCall/driver_snippet.c

@@ -0,0 +1,21 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+//
+// driver_snippet.c
+//
+#define SET_DISPATCH 1
+
+// Template. Not called in this test.
+void top_level_call() {}
+
+VOID functionThatsNotAddDevice()
+{
+    PDEVICE_OBJECT DeviceObject = NULL;
+    PIO_TIMER_ROUTINE TimerRoutine= NULL;
+    PVOID Context= NULL;
+    IoInitializeTimer(
+        DeviceObject,
+        TimerRoutine,
+        Context);
+}
+

src/drivers/test/diff/IoInitializeTimerCall.sarif

@@ -0,0 +1,21 @@
+{
+    "all": {
+        "+": 0,
+        "-": 0
+    },
+    "error": {
+        "+": 0,
+        "-": 0,
+        "codes": []
+    },
+    "warning": {
+        "+": 0,
+        "-": 0,
+        "codes": []
+    },
+    "note": {
+        "+": 0,
+        "-": 0,
+        "codes": []
+    }
+}

src/windows-driver-suites/ported_driver_ca_checks.qls

@@ -19,6 +19,7 @@
       - drivers/general/queries/IrqlTooLow/IrqlTooLow.ql
       - drivers/general/queries/IrqlSetTooHigh/IrqlSetTooHigh.ql
       - drivers/general/queries/IrqlSetTooLow/IrqlSetTooLow.ql
+      - drivers/general/queries/IoInitializeTimerCall/IoInitializeTimerCall.ql
       - drivers/general/queries/OperandAssignment/OperandAssignment.ql
       - drivers/general/queries/MultithreadedAVCondition/MultithreadedAVCondition.ql
       - drivers/wdm/queries/IllegalFieldAccess/IllegalFieldAccess.ql