Windows 드라이버 테스트를 위한 CodeQL 쿼리 및 제품군

Microsoft CodeQL GitHub 리포지토리는 엔드투엔드 드라이버 개발자 워크플로를 간소화하기 위한 세 가지 쿼리 도구 모음을 제공합니다. 이러한 제품군은 Microsoft/windows 드라이버 CodeQL 팩에 포함되어 있으며, 해당 팩에 고유한 쿼리와 microsoft/cpp-queries 팩의 일반 C++ 쿼리를 사용합니다.

• recommended.qls 에는 일반적인 드라이버 및 C/C++ 버그에 대한 광범위한 검사 집합이 포함되어 있습니다. 기본적으로 이 제품군을 실행하고 결과를 검토하는 것이 좋습니다.
• mustrun.qls 에는 Windows WHCP(하드웨어 호환성 프로그램) 인증을 통과하기 위해 실행해야 하는 검사가 포함되어 있습니다. 이러한 쿼리는 경우에 따라 거짓 긍정을 생성할 수 있으므로 이러한 검사에 실패해도 정적 도구 로고 테스트에 실패하지는 않지만 개발자는 결과와 수정 및 실제 버그를 검토해야 합니다. 이러한 검사에 대한 결과 없이 생성된 DVL은 정적 도구 로고 테스트에 실패합니다. 26H1의 경우 mustrun.qls 및 recommended.qls 는 동일합니다.
• mustfix.qls 는 반드시 실행해야 하는 쿼리의 하위 집합으로 사용되며 WHCP 인증을 통과하기 위해 수정해야 하는 문제를 보고하는 검사를 포함합니다. 이러한 규칙에서 오류가 발생하여 생성된 DVL은 정적 도구 로고 테스트를 통과하지 못합니다.

쿼리 도구 모음의 내용에 대한 자세한 내용은 CodeQL 쿼리 및 제품군을 참조하세요.

WHCP 인증에 대한 반드시 수정해야 할 쿼리

다음 쿼리 하위 집합은 WHCP 인증을 위한 Must-Fix이며 권장 수정 도구 모음에도 포함되어 있습니다. 이 규칙 집합은 mustfix.qls에 포함됩니다.

다음 규칙 중 대부분은 CWU(Common Weakness Enumeration) 또는 이전 코드 분석 경고에 해당합니다.

Must-Fix 쿼리 microsoft/windows 드라이버 팩에서

아이디	위치	일반적인 약점 열거형 / 코드 분석 경고
cpp/drivers/wdk-deprecated-api	/microsoft/windows-drivers/<Version>/drivers/general/queries/WdkDeprecatedApis/wdk-deprecated-api.ql	해당 없음(N/A)
cpp/drivers/extended-deprecated-api	/microsoft/windows-drivers//<Version>drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql	C28719 경고, C28726 경고, C28735 경고, C28750 경고
cpp/incorrect-string-type-conversion-ignore-puchar-casts	/microsoft/windows-drivers//<Version>microsoft/Security/CWE/CWE-704/WcharCharConversionLimited.ql	CWE-704

microsoft/cpp-queries 팩의 Must-Fix 쿼리

아이디	위치	일반적인 약점 열거형
cpp/bad-addition-overflow-check	/microsoft/cpp-queries/<Version>/가능성 있는 버그/산술/잘못된 덧셈 오버플로우 체크.ql	CWE-190, CWE-192
cpp/wrong-number-format-arguments	/microsoft/cpp-queries//<Version>Likely Bugs/Format/WrongNumberOfFormatArguments.ql	CWE-234, CWE-685
cpp/포인터-오버플로-체크	/microsoft/cpp-queries//<Version>Likely Bugs/Memory Management/PointerOverflow.ql	CWE-758
cpp/unsafe-strncat	/microsoft/cpp-queries//<Version>Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql	CWE-119, CWE-251, CWE-676, CWE-788
cpp/unsafe-use-of-this	/microsoft/cpp-queries//<Version>Likely Bugs/OO/UnsafeUseOfThis.ql	CWE-670
cpp/boost/TLS 설정 오류 구성	/microsoft/cpp-queries/<Version>Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql	CWE-326
cpp/boost/use-of-deprecated-hardcoded-security-protocol	/microsoft/cpp-queries//<Version>Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql	CWE-327
cpp/인수가 너무 적습니다	/microsoft/cpp-queries/<Version>가능성 있는 버그/명시되지 않은 함수/매개변수가 부족함.ql	CWE-234, CWE-685
cpp/microsoft/public/badoverflowguard	/microsoft/cpp-queries//<Version>Microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql	CWE-190, CWE-191
cpp/microsoft/public/drivers/incorrect-usage-of-rtlcomparememory	/microsoft/cpp-queries//<Version>Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql	해당 없음(N/A)
cpp/microsoft/public/weak-crypto/banned-encryption-algorithms	/microsoft/cpp-queries//<Version>Microsoft/Security/Cryptography/BannedEncryption.ql	CWE-327
cpp/microsoft/public/weak-crypto/capi/banned-modes	/microsoft/cpp-queries//<Version>Microsoft/Security/Cryptography/BannedModesCAPI.ql	CWE-327
cpp/microsoft/public/weak-crypto/cng/banned-modes	/microsoft/cpp-queries//<Version>Microsoft/Security/Cryptography/BannedModesCNG.ql	CWE-327
cpp/microsoft/public/weak-crypto/cng/hardcoded-iv	/microsoft/cpp-queries//<Version>Microsoft/Security/Cryptography/HardcodedIVCNG.ql	CWE-327
cpp/microsoft/public/enum-index	/microsoft/cpp-queries//<Version>Microsoft/Security/MemoryAccess/EnumIndex/UncheckedBoundsEnumAsIndex.ql	CWE-125
cpp/command-line-injection (명령줄 주입)	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-078/ExecTainted.ql	CWE-078, CWE-088
cpp/비제어 프로세스 운영	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-114/UncontrolledProcessOperation.ql	CWE-114
cpp/잘못 제한된 쓰기	/microsoft/cpp-queries//<Version>Security/CWE/CWE-120/BadlyBoundedWrite.ql	CWE-120, CWE-787, CWE-805
cpp/overrunning-write	/microsoft/cpp-queries//<Version>Security/CWE/CWE-120/OverrunWrite.ql	CWE-120, CWE-787, CWE-805
cpp/no-space-for-terminator	/microsoft/cpp-queries//<Version>Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql	CWE-120, CWE-122, CWE-131
cpp/사용자 제어 널 종료 - 감염됨	/microsoft/cpp-queries//<Version>Security/CWE/CWE-170/ImproperNullTerminationTainted.ql	CWE-170
cpp/더 넓은 유형과의 비교	/microsoft/cpp-queries//<Version>Security/CWE/CWE-190/ComparisonWithWiderType.ql	CWE-190, CWE-197, CWE-835
cpp/hresult-boolean-conversion	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-253/HResultBooleanConversion.ql	CWE-253
cpp/openssl-heartbleed	/microsoft/cpp-queries//<Version>Security/CWE/CWE-327/OpenSslHeartbleed.ql	CWE-327, CWE-788
cpp/위험한-함수-오버플로우	/microsoft/cpp-queries//<Version>Security/CWE/CWE-676/DangerousFunctionOverflow.ql	CWE-242, CWE-676
cpp/dangerous-cin	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-676/DangerousUseOfCin.ql	CWE-676
cpp/incorrect-string-type-conversion	/microsoft/cpp-queries//<Version>Security/CWE/CWE-704/WcharCharConversion.ql	CWE-704
cpp/unsafe-dacl-security-descriptor	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql	CWE-732

권장 쿼리

recommended.qls 제품군에는mustfix.qls 제품군의 모든 쿼리와 microsoft/windows-drivers 및 microsoft/cpp-queries 팩의 다음 쿼리가 포함됩니다.

Microsoft/windows 드라이버 팩의 일반 드라이버 쿼리

아이디	위치	코드 분석 경고
cpp/drivers/annotation-syntax	/microsoft/windows-drivers/<Version>/drivers/general/queries/AnnotationSyntax/AnnotationSyntax.ql	C28266 경고
cpp/drivers/current-function-type-not-correct	/microsoft/windows-drivers/<Version>/drivers/general/queries/CurrentFunctionTypeNotCorrect/CurrentFunctionTypeNotCorrect.ql	C28101 경고
cpp/drivers/default-pool-tag	/microsoft/windows-drivers//<Version>drivers/general/queries/DefaultPoolTag/DefaultPoolTag.ql	C28147 경고
cpp/drivers/driver-entry-save-buffer	/microsoft/windows-drivers//<Version>drivers/general/queries/DriverEntrySaveBuffer/DriverEntrySaveBuffer.ql	C28131 경고
cpp/drivers/examined-value	/microsoft/windows-drivers/<Version>/drivers/general/queries/ExaminedValue/ExaminedValue.ql	C28193 경고
cpp/drivers/irp-stack-entry-copy	/microsoft/windows-drivers/<Version>/drivers/general/queries/IRPStackEntryCopy/IRPStackEntryCopy.ql	C28114 경고
cpp/drivers/important-function-call-optimized-out	/microsoft/windows-drivers/<Version>/drivers/general/queries/ImportantFunctionCallOptimizedOut/ImportantFunctionCallOptimizedOut.ql	C28625 경고
cpp/drivers/improper-not-operator-on-zero	/microsoft/windows-drivers/<Version>/drivers/general/queries/ImproperNotOperatorOnZero/ImproperNotOperatorOnZero.ql	C28650 경고
cpp/drivers/invalid-function-class-typedef	/microsoft/windows-drivers/<Version>/drivers/general/queries/InvalidFunctionClassTypedef/InvalidFunctionClassTypedef.ql	C28268 경고
cpp/드라이버/잘못된-함수-포인터-주석	/microsoft/windows-drivers//<Version>drivers/general/queries/InvalidFunctionPointerAnnotation/InvalidFunctionPointerAnnotation.ql	C28165 경고
cpp/drivers/io-initialize-timer-call	/microsoft/windows-drivers//<Version>drivers/general/queries/IoInitializeTimerCall/IoInitializeTimerCall.ql	C28133 경고
cpp/drivers/irql-annotation-issue	/microsoft/windows-drivers//<Version>drivers/general/queries/IrqlAnnotationIssue/IrqlAnnotationIssue.ql	C28153 경고
cpp/drivers/irql-cancel-routine	/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlCancelRoutine/IrqlCancelRoutine.ql	C28144 경고
cpp/drivers/irql-float-state-mismatch	/microsoft/windows-drivers//<Version>drivers/general/queries/IrqlFloatStateMismatch/IrqlFloatStateMismatch.ql	C28111 경고
cpp/drivers/irql-not-saved	/microsoft/windows-drivers//<Version>drivers/general/queries/IrqlNotSaved/IrqlNotSaved.ql	C28158 경고
cpp/drivers/irql-not-used	/microsoft/windows-drivers//<Version>drivers/general/queries/IrqlNotUsed/IrqlNotUsed.ql	C28157 경고
cpp/drivers/irql-set-too-high	/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlSetTooHigh/IrqlSetTooHigh.ql	C28150 경고
cpp/drivers/irql-set-too-low	/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlSetTooLow/IrqlSetTooLow.ql	C28124 경고
cpp/drivers/irql-too-high	/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlTooHigh/IrqlTooHigh.ql	C28121 경고
cpp/drivers/irql-too-low	/microsoft/windows-drivers//<Version>drivers/general/queries/IrqlTooLow/IrqlTooLow.ql	C28120 경고
cpp/drivers/ke-set-event-pageable	/microsoft/windows-drivers/<Version>/drivers/general/queries/KeSetEventPageable/KeSetEventPageable.ql	연결된 CA 확인 없음
cpp/drivers/multithreaded-av-condition	/microsoft/windows-drivers/<Version>/drivers/general/queries/MultithreadedAVCondition/MultithreadedAVCondition.ql	C28616 경고
cpp/drivers/ntstatus-explicit-cast	/microsoft/windows-drivers/<Version>/drivers/general/queries/NtstatusExplicitCast/NtstatusExplicitCast.ql	C28714 경고
cpp/drivers/ntstatus-explicit-cast2	/microsoft/windows-drivers/<Version>/drivers/general/queries/NtstatusExplicitCast2/NtstatusExplicitCast2.ql	C28715 경고
cpp/drivers/ntstatus-explicit-cast3	/microsoft/windows-drivers/<Version>/drivers/general/queries/NtstatusExplicitCast3/NtstatusExplicitCast3.ql	C28716 경고
cpp/drivers/null-character-pointer-assignment	/microsoft/windows-drivers/<Version>/drivers/general/queries/NullCharacterPointerAssignment/NullCharacterPointerAssignment.ql	C28730 경고
cpp/drivers/operand-assignment	/microsoft/windows-drivers/<Version>/drivers/general/queries/OperandAssignment/OperandAssignment.ql	C28129 경고
cpp/drivers/pointer-variable-size	/microsoft/windows-drivers//<Version>drivers/general/queries/PointerVariableSize/PointerVariableSize.ql	C28132 경고
cpp/drivers/pool-tag-integral	/microsoft/windows-drivers//<Version>drivers/general/queries/PoolTagIntegral/PoolTagIntegral.ql	C28134 경고
cpp/drivers/role-type-correctly-used	/microsoft/windows-drivers//<Version>drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.ql	C28158 경고
cpp/drivers/routine-function-type-not-expected	/microsoft/windows-drivers/<Version>/drivers/general/queries/RoutineFunctionTypeNotExpected/RoutineFunctionTypeNotExpected.ql	C28127 경고
cpp/drivers/str-safe	/microsoft/windows-drivers/<Version>/drivers/general/queries/StrSafe/StrSafe.ql	C28146 경고
cpp/drivers/strict-type-match	/microsoft/windows-drivers//<Version>drivers/general/queries/StrictTypeMatch/StrictTypeMatch.ql	C28139 경고

microsoft/windows-drivers 팩의 WDM 드라이버 쿼리

아이디	위치	코드 분석 경고
cpp/drivers/illegal-field-access	/microsoft/windows-drivers//<Version>drivers/wdm/queries/IllegalFieldAccess/IllegalFieldAccess.ql	C28128 경고
cpp/drivers/illegal-field-access-2	/microsoft/windows-drivers//<Version>drivers/wdm/queries/IllegalFieldAccess2/IllegalFieldAccess2.ql	C28175 경고
cpp/drivers/illegal-field-write	/microsoft/windows-drivers//<Version>drivers/wdm/queries/IllegalFieldWrite/IllegalFieldWrite.ql	C28176 경고
cpp/drivers/init-not-cleared	/microsoft/windows-drivers//<Version>drivers/wdm/queries/InitNotCleared/InitNotCleared.ql	C28152 경고
cpp/drivers/kewaitlocal-커널 모드 필요	/microsoft/windows-drivers//<Version>drivers/wdm/queries/KeWaitLocal/KeWaitLocal.ql	C28135 경고
cpp/drivers/multiple-paged-code	/microsoft/windows-drivers//<Version>drivers/wdm/queries/MultiplePagedCode/MultiplePagedCode.ql	C28171 경고
cpp/drivers/ob-reference-mode	/microsoft/windows-drivers//<Version>drivers/wdm/queries/ObReferenceMode/ObReferenceMode.ql	C28126 경고
cpp/drivers/opaque-mdl-use	/microsoft/windows-drivers//<Version>drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlUse.ql	연결된 CA 확인 없음
cpp/drivers/opaque-mdl-write	/microsoft/windows-drivers//<Version>drivers/wdm/queries/OpaqueMdlWrite/OpaqueMdlWrite.ql	C28145 경고
cpp/drivers/pending-status-error	/microsoft/windows-drivers//<Version>drivers/wdm/queries/PendingStatusError/PendingStatusError.ql	C28143 경고
cpp/드라이버/잘못된 디스패치 테이블 할당	/microsoft/windows-drivers//<Version>drivers/wdm/queries/WrongDispatchTableAssignment/WrongDispatchTableAssignment.ql	C28168 경고, C28169 경고

Microsoft/windows 드라이버 팩의 일반 C++ 쿼리

아이디	위치	일반적인 약점 열거형 /코드 분석 경고
cpp/패딩 바이트 정보 공개	/microsoft/windows-drivers//<Version>microsoft/Likely Bugs/Boundary Violations/PaddingByteInformationDisclosure.ql	해당 없음(N/A)
cpp/badoverflowguard	/microsoft/windows-drivers//<Version>microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql	해당 없음(N/A)
cpp/infiniteloop	/microsoft/windows-drivers//<Version>microsoft/Likely Bugs/Conversion/InfiniteLoop.ql	해당 없음(N/A)
cpp/use-after-free	/microsoft/windows-drivers//<Version>microsoft/Likely Bugs/Memory Management/UseAfterFree/UseAfterFree.ql	해당 없음(N/A)
cpp/uninitializedptrfield	/microsoft/windows-drivers//<Version>microsoft/Likely Bugs/UninitializedPtrField.ql	해당 없음(N/A)
cpp/weak-crypto/cng/hardcoded-iv	/microsoft/windows-drivers//<Version>microsoft/Security/Crytpography/HardcodedIVCNG.ql	해당 없음(N/A)

microsoft/cpp-queries 팩의 일반 C++ 쿼리

아이디	위치	일반적인 약점 열거형
오프셋 범위 확인 전 사용	/microsoft/cpp-queries//<Version>Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql	CWE-120, CWE-125
cpp/정수-곱셈-long-형으로-캐스트	/microsoft/cpp-queries//<Version>Likely Bugs/Arithmetic/IntMultToLong.ql	CWE-190, CWE-192, CWE-197, CWE-681
cpp/서명된 오버플로 검사	/microsoft/cpp-queries//<Version>Likely Bugs/Arithmetic/SignedOverflowCheck.ql	CWE-128, CWE-190
cpp/upcast-array-pointer-arithmetic	/microsoft/cpp-queries/<Version>/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql	CWE-119, CWE-843
cpp/incorrect-not-operator-usage	/microsoft/cpp-queries//<Version>Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql	CWE-480
cpp/suspicious-sizeof	/microsoft/cpp-queries//<Version>Likely Bugs/Memory Management/SuspiciousSizeof.ql	CWE-467
cpp/uninitialized-local	/microsoft/cpp-queries//<Version>Likely Bugs/Memory Management/UninitializedLocal.ql	CWE-457, CWE-665
cpp/unterminated-variadic-call	/microsoft/cpp-queries//<Version>Security/CWE/CWE-121/UnterminatedVarargsCall.ql	CWE-121
cpp/조건부로 초기화되지 않은 변수	/microsoft/cpp-queries//<Version>Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql	CWE-457
cpp/의심스러운-추가-sizeof	/microsoft/cpp-queries//<Version>Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql	CWE-468
cpp/suspicious-pointer-scaling	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-468/IncorrectPointerScaling.ql	CWE-468
cpp/suspicious-pointer-scaling-void	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql	CWE-468
cpp/잠재적으로 위험한 함수	/microsoft/cpp-queries//<Version>Security/CWE/CWE-676/PotentiallyDangerousFunction.ql	CWE-676
cpp/오버플로 버퍼	/microsoft/cpp-queries//<Version>Security/CWE/CWE-119/OverflowBuffer.ql	CWE-119, CWE-121, CWE-122, CWE-126

반드시 실행해야 하는 쿼리

mustrun.qls 제품군에는 WHCP 인증을 통과하기 위해 실행해야 하는 쿼리가 포함되어 있습니다. 이러한 쿼리는 가양성이 생길 가능성 때문에 반드시 수정할 필요는 없지만, 결과를 검토하여 실제 버그가 발견될 경우 수정해야 합니다. 이러한 검사에 대한 결과 없이 생성된 DVL은 정적 도구 로고 테스트에 실패합니다.

Windows 11 버전 26H1의 경우 mustrun.qls 및 recommended.qls 에서 노출하는 쿼리는 동일합니다.

관련 내용

• 드라이버 코드에서 CodeQL 분석 실행
• CodeQL 개요
• CodeQL FAQ