Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Microsoft CodeQL GitHub repository offers two query suites to simplify Windows driver development and ensure compliance with the Windows Hardware Compatibility Program (WHCP). The windows_driver_recommended.qls suite includes all recommended queries for driver developers, while the windows_driver_mustfix.qls suite focuses on "Must-Fix" queries required for WHCP certification. Both suites are updated regularly.
Must-Fix queries for WCHP certification
The following subset of queries are Must-Fix for WHCP certification and are also included in the Recommended Fix suite.
This set of rules is included in windows_driver_mustfix.qls.
| ID | Location | Common Weakness Enumeration |
|---|---|---|
| cpp/bad-addition-overflow-check | codeql/cpp-queries/<Version>/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql |
CWE-190, CWE-192 |
| cpp/pointer-overflow-check | codeql/cpp-queries/<Version>/Likely Bugs/Memory Management/PointerOverflow.ql |
N/A |
| cpp/too-few-arguments | codeql/cpp-queries/<Version>/Likely Bugs/Underspecified Functions/TooFewArguments.ql |
N/A |
| cpp/comparison-with-wider-type | codeql/cpp-queries/<Version>/Security/CWE/CWE-190/ComparisonWithWiderType.ql |
CWE-190, CWE-197, CWE-835 |
| cpp/hresult-boolean-conversion | codeql/cpp-queries/<Version>/Security/CWE/CWE-253/HResultBooleanConversion.ql |
CWE-253 |
The windows_driver_mustfix.qls file includes the following Must-Fix code queries.
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT license.
- description: Security queries required to fix when certifying Windows Drivers
- queries: .
from: codeql/cpp-queries
version: 0.9.0
- include:
query path:
- Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
- Likely Bugs/Memory Management/PointerOverflow.ql
- Likely Bugs/Underspecified Functions/TooFewArguments.ql
- Security/CWE/CWE-190/ComparisonWithWiderType.ql
- Security/CWE/CWE-253/HResultBooleanConversion.ql
- import: windows-driver-suites/windows_mustfix_partial.qls
from: microsoft/windows-drivers
This set of rules is included in windows-driver-suites/windows_mustfix_partial.qls.
| ID | Location | Common Weakness Enumeration |
|---|---|---|
| cpp/windows/wdk/deprecated-api | /microsoft/windows-drivers/<Version>/drivers/general/queries/WdkDeprecatedApis/wdk-deprecated-api.ql |
N/A |
| microsoft/Security/CWE/CWE-704/WcharCharConversionLimited | /microsoft/windows-drivers/<Version>/microsoft/Security/CWE/CWE-704/WcharCharConversionLimited.ql |
CWE-704 |
The windows_mustfix_partial.qls file includes the following Must-Fix code queries.
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT license.
- description: Security queries required to fix when certifying Windows Drivers
- queries: .
from: microsoft/windows-drivers
- include:
query path:
- drivers/general/queries/WdkDeprecatedApis/wdk-deprecated-api.ql
- microsoft/Security/CWE/CWE-704/WcharCharConversionLimited.ql
Recommended Fix Queries
These queries are part of the windows_driver_recommended.qls query suite in the Microsoft GitHub CodeQL repository. The "Common Weakness Enumeration" (CWE) column identifies what kinds of security issues the given query searches for. See Mitre's page on CWE for more details about CWEs.
The "Common Weakness Enumeration" (CWE) column shows the types of security issues the query identifies.
Best Practices
| ID | Location | Common Weakness Enumeration |
|---|---|---|
| cpp/offset-use-before-range-check | codeql/cpp-queries/<Version>/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql |
N/A |
Likely Bugs
| ID | Location | Common Weakness Enumeration |
|---|---|---|
| cpp/bad-addition-overflow-check | codeql/cpp-queries/<Version>/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql |
CWE-190, CWE-192 |
| cpp/integer-multiplication-cast-to-long | codeql/cpp-queries/<Version>/Likely Bugs/Arithmetic/IntMultToLong.ql |
CWE-190, CWE-192, CWE-197, CWE-681 |
| cpp/signed-overflow-check | codeql/cpp-queries/<Version>/Likely Bugs/Arithmetic/SignedOverflowCheck.ql |
N/A |
| cpp/upcast-array-pointer-arithmetic | codeql/cpp-queries/<Version>/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql |
CWE-119, CWE-843 |
| cpp/pointer-overflow-check | codeql/cpp-queries/<Version>/Likely Bugs/Memory Management/PointerOverflow.ql |
N/A |
| cpp/too-few-arguments | codeql/cpp-queries/<Version>/Likely Bugs/Underspecified Functions/TooFewArguments.ql |
N/A |
| cpp/incorrect-not-operator-usage | codeql/cpp-queries/<Version>/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql |
CWE-480 |
| cpp/suspicious-add-sizeof | codeql/cpp-queries/<Version>/Likely Bugs/Memory Management/SuspiciousSizeof.ql |
CWE-468 |
| cpp/uninitialized-local | codeql/cpp-queries/<Version>/Likely Bugs/Memory Management/UninitializedLocal.ql |
CWE-457, CWE-665 |
Security
| ID | Location | Common Weakness Enumeration |
|---|---|---|
| cpp/conditionally-uninitialized-variable | codeql/cpp-queries/<Version>/Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql. |
CWE-457 |
| cpp/unterminated-variadic-call | codeql/cpp-queries/<Version>/Security/CWE/CWE-121/UnterminatedVarargsCall.ql |
CWE-121 |
| cpp/suspicious-pointer-scaling | codeql/cpp-queries/<Version>/Security/CWE/CWE-468/IncorrectPointerScaling.ql |
CWE-468 |
| cpp/suspicious-pointer-scaling-void | codeql/cpp-queries/<Version>/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql |
CWE-468 |
| cpp/potentially-dangerous-function | codeql/cpp-queries/<Version>/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql |
CWE-676 |
| cpp/incorrect-string-type-conversion | codeql/cpp-queries/<Version>/Security/CWE/CWE-704/WcharCharConversion.ql |
CWE-704 |
| cpp/comparison-with-wider-type | codeql/cpp-queries/<Version>/Security/CWE/CWE-190/ComparisonWithWiderType.ql |
CWE-190, CWE-197, CWE-835 |
| cpp/hresult-boolean-conversion | codeql/cpp-queries/<Version>/Security/CWE/CWE-253/HResultBooleanConversion.ql |
CWE-253 |
| cpp/suspicious-add-sizeof | codeql/cpp-queries/<Version>/Security/CWE/CWE-468/CWE-468/SuspiciousAddWithSizeof.ql |
CWE-468 |
The windows_driver_recommended.qls file includes the following recommended code queries.
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT license.
- description: Recommended and required queries for Windows Drivers.
- import: windows-driver-suites/windows_mustfix_partial.qls
from: microsoft/windows-drivers
- import: windows-driver-suites/windows_recommended_partial.qls
from: microsoft/windows-drivers
- queries: .
from: codeql/cpp-queries
version: 0.9.0
- include:
query path:
- Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql
- Likely Bugs/Arithmetic/IntMultToLong.ql
- Likely Bugs/Arithmetic/SignedOverflowCheck.ql
- Likely Bugs/Conversion/CastArrayPointerArithmetic.ql
- Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql
- Likely Bugs/Memory Management/SuspiciousSizeof.ql
- Likely Bugs/Memory Management/UninitializedLocal.ql
- Security/CWE/CWE-121/UnterminatedVarargsCall.ql
- Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql
- Security/CWE/CWE-468/IncorrectPointerScaling.ql
- Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql
- Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
- Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
- Security/CWE/CWE-704/WcharCharConversion.ql
- Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
- Likely Bugs/Memory Management/PointerOverflow.ql
- Likely Bugs/Underspecified Functions/TooFewArguments.ql
- Security/CWE/CWE-190/ComparisonWithWiderType.ql
- Security/CWE/CWE-253/HResultBooleanConversion.ql
These queries are part of the windows_recommended_partial.qls query suite.
Likely Bugs - windows_recommended_partial.qls
| ID | Location | Common Weakness Enumeration |
|---|---|---|
| cpp/paddingbyteinformationdisclosure | microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Boundary Violations/PaddingByteInformationDisclosure.ql |
N/A |
| cpp/badoverflowguard | microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql |
N/A |
| cpp/infiniteloop | microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Conversion/InfiniteLoop.ql |
N/A |
| cpp/uninitializedptrfield | microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/UninitializedPtrField.ql |
N/A |
| cpp/use-after-free | microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Memory Management/UseAfterFree/UseAfterFree.ql |
N/A |
Security - windows_recommended_partial.qls
| ID | Location | Code Analysis Warning |
|---|---|---|
| cpp/weak-crypto/cng/hardcoded-iv | /microsoft/windows-drivers/<Version>/microsoft/Security/Crytpography/HardcodedIVCNG.ql |
N/A |
Drivers - General
| ID | Location | Code Analysis Warning |
|---|---|---|
| cpp/drivers/ke-set-event-pageable | /microsoft/windows-drivers/<Version>/drivers/general/queries/KeSetEventPageable/KeSetEventPageable.ql |
No associated CA check |
| cpp/drivers/role-type-correctly-used | /microsoft/windows-drivers/<Version>/drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.ql |
No associated CA check |
| cpp/drivers/extended-deprecated-apis | /microsoft/windows-drivers/<Version>/drivers/general/queries/ExtendedDeprecatedApis.ql |
C28719 Warning, C28726 Warning, C28735 Warning, C28750 Warning |
| cpp/drivers/irql-not-saved | /microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlNotSaved/IrqlNotSaved.ql |
C28158 Warning |
| cpp/drivers/irql-not-used | /microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlNotUsed/IrqlNotUsed.ql |
C28157 Warning |
| cpp/drivers/irql-set-too-high | /microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlTooHigh/IrqlTooHigh.ql |
C28150 Warning |
| cpp/drivers/irql-too-low | /microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlTooLow/IrqlTooLow.ql |
C28120 Warning |
| cpp/drivers/irql-set-too-high | /microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlSetTooHigh/IrqlTooHigh.ql |
C28121 Warning |
| cpp/drivers/irql-set-too-low | /microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlSetTooLow/IrqlSetTooLow.ql |
C28124 Warning |
| cpp/drivers/pool-tag-integral | /microsoft/windows-drivers/<Version>/drivers/general/queries/PoolTagIntegral/PoolTagIntegral.ql |
C28134 Warning |
| cpp/drivers/str-safe | /microsoft/windows-drivers/<Version>/drivers/general/queries/StrSafe/StrSafe.ql |
C28146 Warning |
Drivers - WDM
| ID | Location | Code Analysis Warning |
|---|---|---|
| cpp/drivers/illegal-field-access | /microsoft/windows-drivers/<Version>/drivers/wdm/queries/IllegalFieldAccess/IllegalFieldAccess.ql |
C28128 Warning |
| cpp/drivers/illegal-field-access2 | /microsoft/windows-drivers/<Version>/drivers/wdm/queries/IllegalFieldAccess2/IllegalFieldAccess2.ql |
C28175 Warning |
| cpp/drivers/illegal-field-write | /microsoft/windows-drivers/<Version>/drivers/wdm/queries/IllegalFieldWrite/IllegalFieldWrite.ql |
C28176 Warning |
| cpp/drivers/opaque-mdl-use | /microsoft/windows-drivers/<Version>/drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlUse.ql |
(No associated CA check) |
| cpp/drivers/opaque-mdl-write | /microsoft/windows-drivers/<Version>/drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlWrite.ql |
C28145 Warning |
| cpp/drivers/pending-status-error | /microsoft/windows-drivers/<Version>/drivers/wdm/queries/PendingStatusError/PendingStatusError.ql |
C28143 Warning |
| cpp/drivers/wrong-dispatch-table-assignment | /microsoft/windows-drivers/<Version>/drivers/wdm/queries/WrongDispatchTableAssignment/WrongDispatchTableAssignment.ql |
C28169 Warning |
The windows-driver-suites/windows_recommended_partial.qls file includes the following recommended code queries.
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT license.
- description: Recommended and required queries for Windows Drivers.
- import: windows-driver-suites/windows_mustfix_partial.qls
- queries: .
from: microsoft/windows-drivers
- include:
query path:
- microsoft/Likely Bugs/Boundary Violations/PaddingByteInformationDisclosure.ql
- microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql
- microsoft/Likely Bugs/Conversion/InfiniteLoop.ql
- microsoft/Likely Bugs/Memory Management/UseAfterFree/UseAfterFree.ql
- microsoft/Likely Bugs/UninitializedPtrField.ql
- microsoft/Security/Crytpography/HardcodedIVCNG.ql
- drivers/general/queries/KeSetEventPageable/KeSetEventPageable.ql
- drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.ql
- drivers/general/queries/DefaultPoolTag/DefaultPoolTag.ql
- drivers/general/queries/ExaminedValue/ExaminedValue.ql
- drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql
- drivers/general/queries/IrqlNotSaved/IrqlNotSaved.ql
- drivers/general/queries/IrqlNotUsed/IrqlNotUsed.ql
- drivers/general/queries/IrqlTooHigh/IrqlTooHigh.ql
- drivers/general/queries/IrqlTooLow/IrqlTooLow.ql
- drivers/general/queries/IrqlSetTooHigh/IrqlTooHigh.ql
- drivers/general/queries/IrqlSetTooLow/IrqlSetTooLow.ql
- drivers/general/queries/PoolTagIntegral/PoolTagIntegral.ql
- drivers/general/queries/StrSafe/StrSafe.ql
- drivers/wdm/queries/IllegalFieldAccess/IllegalFieldAccess.ql
- drivers/wdm/queries/IllegalFieldAccess2/IllegalFieldAccess2.ql
- drivers/wdm/queries/IllegalFieldWrite/IllegalFieldWrite.ql
- drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlUse.ql
- drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlWrite.ql
- drivers/wdm/queries/PendingStatusError/PendingStatusError.ql
- drivers/wdm/queries/WrongDispatchTableAssignment/WrongDispatchTableAssignment.ql