Catatan
Akses ke halaman ini memerlukan otorisasi. Anda dapat mencoba masuk atau mengubah direktori.
Akses ke halaman ini memerlukan otorisasi. Anda dapat mencoba mengubah direktori.
Repositori GitHub Microsoft CodeQL menyediakan tiga suite kueri untuk menyederhanakan alur kerja pengembang driver end-to-end. Suite ini disertakan dalam paket CodeQL microsoft/windows-drivers, dan menggunakan kueri yang unik untuk paket tersebut dan kueri C++ umum dari paket microsoft/cpp-queries.
- recommended.qls berisi serangkaian pemeriksaan komprehensif untuk driver umum dan bug C/C++. Sebaiknya jalankan suite ini secara default dan meninjau hasil.
- mustrun.qls berisi pemeriksaan yang harus dijalankan untuk melewati sertifikasi Windows Hardware Compatibility Program (WHCP). Karena kueri ini dapat menghasilkan positif palsu dalam beberapa kasus, kegagalan dalam pemeriksaan ini tidak akan menyebabkan kegagalan dalam pengujian Logo Alat Statis, tetapi pengembang harus meninjau hasil dan memperbaiki bug yang nyata. DVL yang dihasilkan tanpa hasil dari pemeriksaan ini akan gagal dalam tes Logo Alat Statis. Untuk 26H1, mustrun.qls dan recommended.qls identik.
- mustfix.qls berfungsi sebagai subset dari kueri yang harus dijalankan dan berisi pemeriksaan yang melaporkan masalah yang harus diperbaiki agar lulus sertifikasi WHCP. DVL yang dihasilkan dengan kegagalan dalam aturan ini tidak lulus uji Logo Alat Statis.
Untuk detail konten suite kueri, lihat Kueri dan Suite CodeQL.
Kueri yang Harus Diperbaiki untuk Sertifikasi WHCP
Subset kueri berikut adalah Harus Diperbaiki untuk sertifikasi WHCP dan juga disertakan dalam rangkaian Perbaikan yang Direkomendasikan . Seperangkat aturan ini disertakan dalam mustfix.qls.
Banyak aturan berikut sesuai dengan Enumerasi Kelemahan Umum (CWEs) atau Peringatan Analisis Kode sebelumnya.
Harus Diperbaiki Kueri dari Paket microsoft/windows-drivers
| ID | Lokasi | Enumerasi / Kelemahan UmumPeringatan Analisis Kode |
|---|---|---|
| cpp/drivers/wdk-deprecated-api |
/microsoft/windows-drivers/<Version>/drivers/general/queries/WdkDeprecatedApis/wdk-deprecated-api.ql |
Tidak tersedia |
| cpp/drivers/extended-deprecated-apis |
/microsoft/windows-drivers/<Version>/drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql |
C28719 Peringatan, C28726 Peringatan, C28735 Peringatan, C28750 Peringatan |
| cpp/incorrect-string-type-conversion-ignore-puchar-casts |
/microsoft/windows-drivers/<Version>/microsoft/Security/CWE/CWE-704/WcharCharConversionLimited.ql |
CWE-704 |
Kueri Harus Diperbaiki dari paket microsoft/cpp-queries
| ID | Lokasi | Enumerasi Kelemahan Umum |
|---|---|---|
| cpp/pemeriksaan-kelebihan-penambahan-yang-buruk |
/microsoft/cpp-queries/<Version>/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql |
CWE-190, CWE-192 |
| cpp/wrong-number-format-arguments |
/microsoft/cpp-queries/<Version>/Likely Bugs/Format/WrongNumberOfFormatArguments.ql |
CWE-234, CWE-685 |
| cpp/pointer-overflow-check |
/microsoft/cpp-queries/<Version>/Likely Bugs/Memory Management/PointerOverflow.ql |
CWE-758 |
| cpp/unsafe-strncat |
/microsoft/cpp-queries/<Version>/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql |
CWE-119, CWE-251, CWE-676, CWE-788 |
| cpp/penggunaan-unsafe-dari-this |
/microsoft/cpp-queries/<Version>/Likely Bugs/OO/UnsafeUseOfThis.ql |
CWE-670 |
| cpp/boost/tls-settings-misconfiguration |
/microsoft/cpp-queries/<Version>/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql |
CWE-326 |
| cpp/boost/use-of-deprecated-hardcoded-security-protocol |
/microsoft/cpp-queries/<Version>/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql |
CWE-327 |
| cpp/terlalu-sedikit-argumen |
/microsoft/cpp-queries/<Version>/Likely Bugs/Underspecified Functions/TooFewArguments.ql |
CWE-234, CWE-685 |
| cpp/microsoft/public/badoverflowguard |
/microsoft/cpp-queries/<Version>/Microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql |
CWE-190, CWE-191 |
| cpp/microsoft/public/drivers/incorrect-usage-of-rtlcomparememory |
/microsoft/cpp-queries/<Version>/Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql |
Tidak tersedia |
| cpp/microsoft/public/weak-crypto/banned-encryption-algorithms |
/microsoft/cpp-queries/<Version>/Microsoft/Security/Cryptography/BannedEncryption.ql |
CWE-327 |
| cpp/microsoft/public/weak-crypto/capi/banned-modes |
/microsoft/cpp-queries/<Version>/Microsoft/Security/Cryptography/BannedModesCAPI.ql |
CWE-327 |
| cpp/microsoft/public/weak-crypto/cng/banned-modes |
/microsoft/cpp-queries/<Version>/Microsoft/Security/Cryptography/BannedModesCNG.ql |
CWE-327 |
| cpp/microsoft/public/weak-crypto/cng/hardcoded-iv |
/microsoft/cpp-queries/<Version>/Microsoft/Security/Cryptography/HardcodedIVCNG.ql |
CWE-327 |
| cpp/microsoft/public/enum-index |
/microsoft/cpp-queries/<Version>/Microsoft/Security/MemoryAccess/EnumIndex/UncheckedBoundsEnumAsIndex.ql |
CWE-125 |
| cpp/command-line-injection |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-078/ExecTainted.ql |
CWE-078, CWE-088 |
| cpp/uncontrolled-process-operation |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-114/UncontrolledProcessOperation.ql |
CWE-114 |
| cpp/badly-bounded-write |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-120/BadlyBoundedWrite.ql |
CWE-120, CWE-787, CWE-805 |
| cpp/overrunning-write |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-120/OverrunWrite.ql |
CWE-120, CWE-787, CWE-805 |
| cpp/tidak-ada-ruang-untuk-terminator |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql |
CWE-120, CWE-122, CWE-131 |
| cpp/terminasi-nol-kendali-pengguna-tercemar |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql |
CWE-170 |
| cpp/comparison-with-wider-type |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-190/ComparisonWithWiderType.ql |
CWE-190, CWE-197, CWE-835 |
| cpp/hresult-boolean-conversion |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-253/HResultBooleanConversion.ql |
CWE-253 |
| cpp/openssl-heartbleed |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-327/OpenSslHeartbleed.ql |
CWE-327, CWE-788 |
| cpp/dangerous-function-overflow |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-676/DangerousFunctionOverflow.ql |
CWE-242, CWE-676 |
| cpp/dangerous-cin |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-676/DangerousUseOfCin.ql |
CWE-676 |
| cpp/incorrect-string-type-conversion |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-704/WcharCharConversion.ql |
CWE-704 |
| cpp/deskriptor-keamanan-dacl-tidak-aman |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql |
CWE-732 |
Kueri yang Direkomendasikan
Rangkaian recommended.qls mencakup semua kueri dari rangkaian mustfix.qls ditambah kueri berikut dari paket microsoft/windows-drivers dan microsoft/cpp-queries.
Kueri driver umum dari paket microsoft/windows-drivers
| ID | Lokasi | Peringatan Analisis Kode |
|---|---|---|
| cpp/drivers/anotasi-sintaks |
/microsoft/windows-drivers/<Version>/drivers/general/queries/AnotationSyntax/AnnotationSyntax.ql |
Peringatan C28266 |
| cpp/drivers/jenis-fungsi-saat-ini-tidak-benar |
/microsoft/windows-drivers/<Version>/drivers/general/queries/CurrentFunctionTypeNotCorrect/CurrentFunctionTypeNotCorrect.ql |
Peringatan C28101 |
| cpp/drivers/default-pool-tag |
/microsoft/windows-drivers/<Version>/drivers/general/queries/DefaultPoolTag/DefaultPoolTag.ql |
Peringatan C28147 |
| cpp/drivers/driver-entry-save-buffer |
/microsoft/windows-drivers/<Version>/drivers/general/queries/DriverEntrySaveBuffer/DriverEntrySaveBuffer.ql |
Peringatan C28131 |
| cpp/drivers/examined-value |
/microsoft/windows-drivers/<Version>/drivers/general/queries/ExaminedValue/ExaminedValue.ql |
Peringatan C28193 |
| cpp/drivers/irp-stack-entry-copy |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IRPStackEntryCopy/IRPStackEntryCopy.ql |
Peringatan C28114 |
| cpp/drivers/important-function-call-optimized-out |
/microsoft/windows-drivers/<Version>/drivers/general/queries/ImportantFunctionCallOptimizedOut/ImportantFunctionCallOptimizedOut.ql |
Peringatan C28625 |
| cpp/drivers/improper-not-operator-on-zero |
/microsoft/windows-drivers/<Version>/drivers/general/queries/ImproperNotOperatorOnZero/ImproperNotOperatorOnZero.ql |
Peringatan C28650 |
| cpp/drivers/invalid-function-class-typedef |
/microsoft/windows-drivers/<Version>/drivers/general/queries/InvalidFunctionClassTypedef/InvalidFunctionClassTypedef.ql |
Peringatan C28268 |
| cpp/drivers/invalid-function-pointer-annotation |
/microsoft/windows-drivers/<Version>/drivers/general/queries/InvalidFunctionPointerAnnotation/InvalidFunctionPointerAnnotation.ql |
Peringatan C28165 |
| cpp/drivers/io-initialize-timer-call |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IoInitializeTimerCall/IoInitializeTimerCall.ql |
Peringatan C28133 |
| cpp/drivers/irql-annotation-issue |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlAnnotationIssue/IrqlAnnotationIssue.ql |
Peringatan C28153 |
| cpp/drivers/irql-cancel-routine |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlCancelRoutine/IrqlCancelRoutine.ql |
Peringatan C28144 |
| cpp/drivers/irql-float-state-mismatch |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlFloatStateMismatch/IrqlFloatStateMismatch.ql |
Peringatan C28111 |
| cpp/drivers/irql-not-saved |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlNotSaved/IrqlNotSaved.ql |
Peringatan C28158 |
| cpp/drivers/irql-not-used |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlNotUsed/IrqlNotUsed.ql |
Peringatan C28157 |
| cpp/drivers/irql-set-too-high |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlSetTooHigh/IrqlSetTooHigh.ql |
Peringatan C28150 |
| cpp/drivers/irql-set-too-low |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlSetTooLow/IrqlSetTooLow.ql |
Peringatan C28124 |
| cpp/drivers/irql-too-high |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlTooHigh/IrqlTooHigh.ql |
Peringatan C28121 |
| cpp/drivers/irql-too-low |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlTooLow/IrqlTooLow.ql |
Peringatan C28120 |
| cpp/drivers/ke-set-event-pageable |
/microsoft/windows-drivers/<Version>/drivers/general/queries/KeSetEventPageable/KeSetEventPageable.ql |
Tidak ada pemeriksaan CA terkait |
| cpp/drivers/multithreaded-av-condition |
/microsoft/windows-drivers/<Version>/drivers/general/queries/MultithreadedAVCondition/MultithreadedAVCondition.ql |
Peringatan C28616 |
| cpp/drivers/ntstatus-explicit-cast |
/microsoft/windows-drivers/<Version>/drivers/general/queries/NtstatusExplicitCast/NtstatusExplicitCast.ql |
Peringatan C28714 |
| cpp/drivers/ntstatus-explicit-cast2 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/NtstatusExplicitCast2/NtstatusExplicitCast2.ql |
Peringatan C28715 |
| cpp/drivers/ntstatus-explicit-cast3 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/NtstatusExplicitCast3/NtstatusExplicitCast3.ql |
Peringatan C28716 |
| cpp/drivers/null-character-pointer-assignment |
/microsoft/windows-drivers/<Version>/drivers/general/queries/NullCharacterPointerAssignment/NullCharacterPointerAssignment.ql |
Peringatan C28730 |
| cpp/drivers/penugasan-operan |
/microsoft/windows-drivers/<Version>/drivers/general/queries/OperandAssignment/OperandAssignment.ql |
Peringatan C28129 |
| cpp/drivers/pointer-variable-size |
/microsoft/windows-drivers/<Version>/drivers/general/queries/PointerVariableSize/PointerVariableSize.ql |
Peringatan C28132 |
| cpp/drivers/pool-tag-integral |
/microsoft/windows-drivers/<Version>/drivers/general/queries/PoolTagIntegral/PoolTagIntegral.ql |
Peringatan C28134 |
| cpp/drivers/role-type-correctly-used |
/microsoft/windows-drivers/<Version>/drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.ql |
Peringatan C28158 |
| cpp/drivers/routine-function-type-not-expected |
/microsoft/windows-drivers/<Version>/drivers/general/queries/RoutineFunctionTypeNotExpected/RoutineFunctionTypeNotExpected.ql |
Peringatan C28127 |
| cpp/drivers/str-safe |
/microsoft/windows-drivers/<Version>/drivers/general/queries/StrSafe/StrSafe.ql |
Peringatan C28146 |
| cpp/drivers/strict-type-match |
/microsoft/windows-drivers/<Version>/drivers/general/queries/StrictTypeMatch/StrictTypeMatch.ql |
Peringatan C28139 |
Kueri driver WDM dari paket Microsoft/Windows-Drivers
| ID | Lokasi | Peringatan Analisis Kode |
|---|---|---|
| cpp/drivers/akses-lapangan-ilegal |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/IllegalFieldAccess/IllegalFieldAccess.ql |
Peringatan C28128 |
| cpp/drivers/illegal-field-access-2 |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/IllegalFieldAccess2/IllegalFieldAccess2.ql |
Peringatan C28175 |
| cpp/pengandar/penulisan-bidang-ilegal |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/IllegalFieldWrite/IllegalFieldWrite.ql |
Peringatan C28176 |
| cpp/drivers/init-not-cleared |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/InitNotCleared/InitNotCleared.ql |
Peringatan C28152 |
| cpp/drivers/kewaitlocal-requires-kernel-mode |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/KeWaitLocal/KeWaitLocal.ql |
Peringatan C28135 |
| cpp/drivers/multiple-paged-code |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/MultiplePagedCode/MultiplePagedCode.ql |
Peringatan C28171 |
| cpp/drivers/ob-reference-mode |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/ObReferenceMode/ObReferenceMode.ql |
Peringatan C28126 |
| cpp/drivers/opaque-mdl-use |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlUse.ql |
Tidak ada pemeriksaan CA terkait |
| cpp/drivers/opaque-mdl-write |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/OpaqueMdlWrite/OpaqueMdlWrite.ql |
Peringatan C28145 |
| cpp/drivers/pending-status-error (kesalahan-status-masa-tunggu) |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/PendingStatusError/PendingStatusError.ql |
Peringatan C28143 |
| cpp/drivers/penugasan-tabel-dispatch-yang-salah |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/WrongDispatchTableAssignment/WrongDispatchTableAssignment.ql |
Peringatan C28168, Peringatan C28169 |
Kueri umum C++ dari paket Microsoft/Windows Drivers
| ID | Lokasi | Enumerasi Kelemahan Umum / Peringatan Analisis Kode |
|---|---|---|
| cpp/paddingbyteinformationdisclosure |
/microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Boundary Violations/PaddingByteInformationDisclosure.ql |
Tidak tersedia |
| cpp/badoverflowguard |
/microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql |
Tidak tersedia |
| cpp/infiniteloop |
/microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Conversion/InfiniteLoop.ql |
Tidak tersedia |
| cpp/use-after-free |
/microsoft/windows-drivers/<Version>/microsoft/Bug yang Kemungkinan Terjadi/Memory Management/UseAfterFree/UseAfterFree.ql |
Tidak tersedia |
| cpp/uninitializedptrfield |
/microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/UninitializedPtrField.ql |
Tidak tersedia |
| cpp/weak-crypto/cng/hardcoded-iv |
/microsoft/windows-drivers/<Version>/microsoft/Security/Cryptography/HardcodedIVCNG.ql |
Tidak tersedia |
Kueri C++ umum dari paket microsoft/cpp-queries
| ID | Lokasi | Enumerasi Kelemahan Umum |
|---|---|---|
| cpp/offset-penggunaan-sebelum-pemeriksaan-jangkauan |
/microsoft/cpp-queries/<Version>/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql |
CWE-120, CWE-125 |
| cpp/integer-multiplication-cast-to-long |
/microsoft/cpp-queries/<Version>/Likely Bugs/Arithmetic/IntMultToLong.ql |
CWE-190, CWE-192, CWE-197, CWE-681 |
| cpp/signed-overflow-check |
/microsoft/cpp-queries/<Version>/Likely Bugs/Arithmetic/SignedOverflowCheck.ql |
CWE-128, CWE-190 |
| cpp/upcast-array-pointer-arithmetic |
/microsoft/cpp-queries/<Version>/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql |
CWE-119, CWE-843 |
| cpp/incorrect-not-operator-usage |
/microsoft/cpp-queries/<Version>/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql |
CWE-480 |
| cpp/suspicious-sizeof |
/microsoft/cpp-queries/<Version>/Likely Bugs/Memory Management/SuspiciousSizeof.ql |
CWE-467 |
| cpp/uninitialized-local |
/microsoft/cpp-queries/<Version>/Likely Bugs/Memory Management/UninitializedLocal.ql |
CWE-457, CWE-665 |
| cpp/panggilan-varian-tidak-berakhir |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-121/UnterminatedVarargsCall.ql |
CWE-121 |
| cpp/conditionally-uninitialized-variable |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql |
CWE-457 |
| cpp/suspicious-add-sizeof |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql |
CWE-468 |
| cpp/suspicious-pointer-scaling |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-468/IncorrectPointerScaling.ql |
CWE-468 |
| cpp/suspicious-pointer-scaling-void |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql |
CWE-468 |
| cpp/potentially-dangerous-function |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql |
CWE-676 |
| cpp/overflow-buffer |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-119/OverflowBuffer.ql |
CWE-119, CWE-121, CWE-122, CWE-126 |
Kueri Wajib Dijalankan
Rangkaian mustrun.qls berisi kueri yang harus dijalankan untuk lulus sertifikasi WHCP. Kueri ini mungkin tidak perlu diperbaiki karena adanya kemungkinan positif palsu, namun hasilnya harus ditinjau dan setiap bug nyata yang ditemukan harus diperbaiki. DVL yang dihasilkan tanpa hasil untuk pemeriksaan ini gagal dalam pengujian Logo Alat Statis.
Untuk Windows 11, versi 26H1, kueri yang ditampilkan oleh mustrun.qls dan recommended.qls sama.