Microsoft CodeQL GitHub 存储库提供两个查询套件来简化 Windows 驱动程序开发,并确保符合 Windows 硬件兼容性计划(WHCP)。 windows_driver_recommended.qls 套件包括驱动程序开发人员的所有建议查询,而 windows_driver_mustfix.qls 套件侧重于 WHCP 认证所需的“必须修复”查询。 这两个套件会定期更新。
Must-Fix WCHP 认证查询
以下查询子集是 WHCP 认证的 必须修复项目,也包含在建议解决方案套件中。
此规则集包含在 windows_driver_mustfix.qls 中。
| 身份证件 | 位置 | 常见弱点枚举 |
|---|---|---|
| cpp/不良加法溢出检查 |
codeql/cpp-queries/<Version>/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql |
CWE-190、 CWE-192 |
| cpp/pointer-overflow-check |
codeql/cpp-queries/<Version>/Likely Bugs/Memory Management/PointerOverflow.ql |
无 |
| cpp/参数太少 |
codeql/cpp-queries/<Version>/Likely Bugs/Underspecified Functions/TooFewArguments.ql |
无 |
| cpp/与更宽类型的比较 |
codeql/cpp-queries/<Version>/Security/CWE/CWE-190/ComparisonWithWiderType.ql |
CWE-190、 CWE-197、 CWE-835 |
| cpp/hresult-boolean-conversion |
codeql/cpp-queries/<Version>/Security/CWE/CWE-253/HResultBooleanConversion.ql |
CWE-253 |
windows_driver_mustfix.qls 文件包括以下 Must-Fix 代码查询。
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT license.
- description: Security queries required to fix when certifying Windows Drivers
- queries: .
from: codeql/cpp-queries
version: 0.9.0
- include:
query path:
- Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
- Likely Bugs/Memory Management/PointerOverflow.ql
- Likely Bugs/Underspecified Functions/TooFewArguments.ql
- Security/CWE/CWE-190/ComparisonWithWiderType.ql
- Security/CWE/CWE-253/HResultBooleanConversion.ql
- import: windows-driver-suites/windows_mustfix_partial.qls
from: microsoft/windows-drivers
此规则集包含在 windows-driver-suites/windows_mustfix_partial.qls 中。
| 身份证件 | 位置 | 常见弱点枚举 |
|---|---|---|
| cpp/windows/wdk/过时-api |
/microsoft/windows-drivers/<Version>/drivers/general/queries/WdkDeprecatedApis/wdk-deprecated-api.ql |
无 |
| microsoft/Security/CWE/CWE-704/WcharCharConversionLimited |
/microsoft/windows-drivers/<Version>/microsoft/Security/CWE/CWE-704/WcharCharConversionLimited.ql |
CWE-704 |
windows_mustfix_partial.qls 文件包含以下必须修复的代码查询。
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT license.
- description: Security queries required to fix when certifying Windows Drivers
- queries: .
from: microsoft/windows-drivers
- include:
query path:
- drivers/general/queries/WdkDeprecatedApis/wdk-deprecated-api.ql
- microsoft/Security/CWE/CWE-704/WcharCharConversionLimited.ql
建议的修复查询
这些查询是 Microsoft GitHub CodeQL 存储库中的 windows_driver_recommended.qls 查询套件的一部分。 “常见弱点枚举”(CWE)列标识给定查询所搜索的哪种安全问题类型。 有关 CWE 的更多详细信息,请参阅 CWE 上的 Mitre 页面 。
“常见弱点枚举”(CWE)列显示查询标识的安全问题类型。
最佳做法
| 身份证件 | 位置 | 常见弱点枚举 |
|---|---|---|
| cpp/offset-use-before-range-check |
codeql/cpp-queries/<Version>/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql |
无 |
可能的缺陷
| 身份证件 | 位置 | 常见弱点枚举 |
|---|---|---|
| cpp/bad-addition-overflow-check |
codeql/cpp-queries/<Version>/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql |
CWE-190、 CWE-192 |
| cpp/integer-multiplication-cast-to-long |
codeql/cpp-queries/<Version>/Likely Bugs/Arithmetic/IntMultToLong.ql |
CWE-190、CWE-192、CWE-197、CWE-681 |
| cpp/signed-overflow-check |
codeql/cpp-queries/<Version>/Likely Bugs/Arithmetic/SignedOverflowCheck.ql |
无 |
| cpp/upcast-array-pointer-arithmetic |
codeql/cpp-queries/<Version>/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql |
CWE-119、 CWE-843 |
| cpp/指针溢出检查 |
codeql/cpp-queries/<Version>/Likely Bugs/Memory Management/PointerOverflow.ql |
无 |
| cpp/参数过少 |
codeql/cpp-queries/<Version>/Likely Bugs/Underspecified Functions/TooFewArguments.ql |
无 |
| cpp/incorrect-not-operator-usage |
codeql/cpp-queries/<Version>/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql |
CWE-480 |
| cpp/suspicious-add-sizeof |
codeql/cpp-queries/<Version>/Likely Bugs/Memory Management/SuspiciousSizeof.ql |
CWE-468 |
| cpp/uninitialized-local |
codeql/cpp-queries/<Version>/Likely Bugs/Memory Management/UninitializedLocal.ql |
CWE-457、 CWE-665 |
安全
| 身份证件 | 位置 | 常见弱点枚举 |
|---|---|---|
| cpp/conditionally-uninitialized-variable |
codeql/cpp-queries/<Version>/Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql。 |
CWE-457 |
| cpp/未终止的可变参数调用 |
codeql/cpp-queries/<Version>/Security/CWE/CWE-121/UnterminatedVarargsCall.ql |
CWE-121 |
| cpp/suspicious-pointer-scaling |
codeql/cpp-queries/<Version>/Security/CWE/CWE-468/IncorrectPointerScaling.ql |
CWE-468 |
| cpp/suspicious-pointer-scaling-void |
codeql/cpp-queries/<Version>/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql |
CWE-468 |
| cpp/潜在危险函数 |
codeql/cpp-queries/<Version>/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql |
CWE-676 |
| cpp/不正确的字符串类型转换 |
codeql/cpp-queries/<Version>/Security/CWE/CWE-704/WcharCharConversion.ql |
CWE-704 |
| cpp/与更宽类型的比较 |
codeql/cpp-queries/<Version>/Security/CWE/CWE-190/ComparisonWithWiderType.ql |
CWE-190、 CWE-197、 CWE-835 |
| cpp/hresult-boolean-conversion |
codeql/cpp-queries/<Version>/Security/CWE/CWE-253/HResultBooleanConversion.ql |
CWE-253 |
| cpp/suspicious-add-sizeof |
codeql/cpp-queries/<Version>/Security/CWE/CWE-468/CWE-468/SuspiciousAddWithSizeof.ql |
CWE-468 |
windows_driver_recommended.qls 文件包括以下建议的代码查询。
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT license.
- description: Recommended and required queries for Windows Drivers.
- import: windows-driver-suites/windows_mustfix_partial.qls
from: microsoft/windows-drivers
- import: windows-driver-suites/windows_recommended_partial.qls
from: microsoft/windows-drivers
- queries: .
from: codeql/cpp-queries
version: 0.9.0
- include:
query path:
- Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql
- Likely Bugs/Arithmetic/IntMultToLong.ql
- Likely Bugs/Arithmetic/SignedOverflowCheck.ql
- Likely Bugs/Conversion/CastArrayPointerArithmetic.ql
- Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql
- Likely Bugs/Memory Management/SuspiciousSizeof.ql
- Likely Bugs/Memory Management/UninitializedLocal.ql
- Security/CWE/CWE-121/UnterminatedVarargsCall.ql
- Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql
- Security/CWE/CWE-468/IncorrectPointerScaling.ql
- Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql
- Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
- Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
- Security/CWE/CWE-704/WcharCharConversion.ql
- Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
- Likely Bugs/Memory Management/PointerOverflow.ql
- Likely Bugs/Underspecified Functions/TooFewArguments.ql
- Security/CWE/CWE-190/ComparisonWithWiderType.ql
- Security/CWE/CWE-253/HResultBooleanConversion.ql
这些查询是 windows_recommended_partial.qls 查询套件的一部分。
可能的故障 - windows_recommended_partial.qls
| 身份证件 | 位置 | 常见弱点枚举 |
|---|---|---|
| `cpp/填充字节信息泄露` |
microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Boundary Violations/PaddingByteInformationDisclosure.ql |
无 |
| cpp/badoverflowguard |
microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql |
无 |
| cpp/infiniteloop |
microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Conversion/InfiniteLoop.ql |
无 |
| cpp/uninitializedptrfield |
microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/UninitializedPtrField.ql |
无 |
| cpp/use-after-free |
microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Memory Management/UseAfterFree/UseAfterFree.ql |
无 |
安全性 - windows_recommended_partial.qls
| 身份证件 | 位置 | 代码分析警告 |
|---|---|---|
| cpp/weak-crypto/cng/hardcoded-iv |
/microsoft/windows-drivers/<Version>/microsoft/Security/Cryptography/HardcodedIVCNG.ql |
无 |
驱动程序 - 常规
| 身份证件 | 位置 | 代码分析警告 |
|---|---|---|
| cpp/drivers/ke-set-event-pageable |
/microsoft/windows-drivers/<Version>/drivers/general/queries/KeSetEventPageable/KeSetEventPageable.ql |
没有相关的 CA 检查 |
| cpp/drivers/role-type-correctly-used |
/microsoft/windows-drivers/<Version>/drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.ql |
没有关联的 CA 检查 |
| cpp/drivers/extended-deprecated-apis |
/microsoft/windows-drivers/<Version>/drivers/general/queries/ExtendedDeprecatedApis.ql |
C28719 警告、 C28726 警告、 C28735 警告、 C28750 警告 |
| cpp/drivers/irql-not-saved |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlNotSaved/IrqlNotSaved.ql |
C28158 警告 |
| cpp/驱动程序/irql-not-used |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlNotUsed/IrqlNotUsed.ql |
C28157 警告 |
| cpp/驱动程序/irql设置过高 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlTooHigh/IrqlTooHigh.ql |
C28150 警告 |
| cpp/drivers/irql-too-low |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlTooLow/IrqlTooLow.ql |
C28120 警告 |
| cpp/drivers/irql-set-too-high |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlSetTooHigh/IrqlTooHigh.ql |
C28121 警告 |
| cpp/drivers/irql-set-too-low |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlSetTooLow/IrqlSetTooLow.ql |
C28124 警告 |
| cpp/drivers/pool-tag-integral |
/microsoft/windows-drivers/<Version>/drivers/general/queries/PoolTagIntegral/PoolTagIntegral.ql |
C28134 警告 |
| cpp/drivers/str-safe |
/microsoft/windows-drivers/<Version>/drivers/general/queries/StrSafe/StrSafe.ql |
C28146 警告 |
驱动程序 - WDM
| 身份证件 | 位置 | 代码分析警告 |
|---|---|---|
| cpp/驱动程序/非法字段访问 |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/IllegalFieldAccess/IllegalFieldAccess.ql |
C28128 警告 |
| cpp/drivers/illegal-field-access2 |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/IllegalFieldAccess2/IllegalFieldAccess2.ql |
C28175 警告 |
| cpp/驱动程序/非法字段写入 |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/IllegalFieldWrite/IllegalFieldWrite.ql |
C28176 警告 |
| cpp/drivers/opaque-mdl-use |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlUse.ql |
(无关联的 CA 检查) |
| cpp/drivers/opaque-mdl-write |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlWrite.ql |
C28145 警告 |
| cpp/drivers/pending-status-error |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/PendingStatusError/PendingStatusError.ql |
C28143 警告 |
| cpp/drivers/wrong-dispatch-table-assignment |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/WrongDispatchTableAssignment/WrongDispatchTableAssignment.ql |
C28169 警告 |
windows-driver-suites/windows_recommended_partial.qls 文件包含以下建议的代码查询。
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT license.
- description: Recommended and required queries for Windows Drivers.
- import: windows-driver-suites/windows_mustfix_partial.qls
- queries: .
from: microsoft/windows-drivers
- include:
query path:
- microsoft/Likely Bugs/Boundary Violations/PaddingByteInformationDisclosure.ql
- microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql
- microsoft/Likely Bugs/Conversion/InfiniteLoop.ql
- microsoft/Likely Bugs/Memory Management/UseAfterFree/UseAfterFree.ql
- microsoft/Likely Bugs/UninitializedPtrField.ql
- microsoft/Security/Crytpography/HardcodedIVCNG.ql
- drivers/general/queries/KeSetEventPageable/KeSetEventPageable.ql
- drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.ql
- drivers/general/queries/DefaultPoolTag/DefaultPoolTag.ql
- drivers/general/queries/ExaminedValue/ExaminedValue.ql
- drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql
- drivers/general/queries/IrqlNotSaved/IrqlNotSaved.ql
- drivers/general/queries/IrqlNotUsed/IrqlNotUsed.ql
- drivers/general/queries/IrqlTooHigh/IrqlTooHigh.ql
- drivers/general/queries/IrqlTooLow/IrqlTooLow.ql
- drivers/general/queries/IrqlSetTooHigh/IrqlTooHigh.ql
- drivers/general/queries/IrqlSetTooLow/IrqlSetTooLow.ql
- drivers/general/queries/PoolTagIntegral/PoolTagIntegral.ql
- drivers/general/queries/StrSafe/StrSafe.ql
- drivers/wdm/queries/IllegalFieldAccess/IllegalFieldAccess.ql
- drivers/wdm/queries/IllegalFieldAccess2/IllegalFieldAccess2.ql
- drivers/wdm/queries/IllegalFieldWrite/IllegalFieldWrite.ql
- drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlUse.ql
- drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlWrite.ql
- drivers/wdm/queries/PendingStatusError/PendingStatusError.ql
- drivers/wdm/queries/WrongDispatchTableAssignment/WrongDispatchTableAssignment.ql