Delen via

CodeQL-query's en -suites voor testen van Windows-stuurprogramma's

De GitHub-opslagplaats van Microsoft CodeQL biedt twee querysuites om de ontwikkeling van Windows-stuurprogramma's te vereenvoudigen en ervoor te zorgen dat het Windows Hardware Compatibility Program (WHCP) wordt nageleefd. De suite recommended.qls bevat alle aanbevolen query's voor stuurprogrammaontwikkelaars, terwijl de mustfix.qls-suite zich richt op 'Must-Fix'-query's die vereist zijn voor WHCP-certificering. Beide suites worden regelmatig bijgewerkt.

Must-Fix vragen voor WCHP-certificering

De volgende subset van query's zijn Must-Fix voor de WHCP-certificering en zijn ook opgenomen in de Aanbevolen oplossingen-suite.

Deze set regels is opgenomen in mustfix.qls.

ID-kaart Locatie Veelvoorkomende opsomming van zwakke punten
cpp/bad-addition-overflow-check codeql/cpp-queries/<Version>/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql CWE-190, CWE-192
cpp/pointer-overflow-check codeql/cpp-queries/<Version>/Likely Bugs/Memory Management/PointerOverflow.ql Niet van toepassing.
cpp/te weinig argumenten codeql/cpp-queries/<Version>/Likely Bugs/Underspecified Functions/TooFewArguments.ql Niet van toepassing.
cpp/comparison-with-wider-type codeql/cpp-query's/<Version>/Security/CWE/CWE-190/ComparisonWithWiderType.ql CWE-190, CWE-197, CWE-835
cpp/hresult-boolean-conversion codeql/cpp-query's/<Version>/Security/CWE/CWE-253/HResultBooleanConversion.ql CWE-253

Het bestand mustfix.qls bevat de volgende Must-Fix-codequery's .

# Copyright (c) Microsoft Corporation.
# Licensed under the MIT license.

- description: Security queries required to fix when certifying Windows Drivers
- queries: .
  from: codeql/cpp-queries
  version: 0.9.0
- include:
    query path:
      - Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
      - Likely Bugs/Memory Management/PointerOverflow.ql
      - Likely Bugs/Underspecified Functions/TooFewArguments.ql
      - Security/CWE/CWE-190/ComparisonWithWiderType.ql
      - Security/CWE/CWE-253/HResultBooleanConversion.ql
- import: windows-driver-suites/windows_mustfix_partial.qls
  from: microsoft/windows-drivers

Deze set regels is opgenomen in windows-driver-suites/windows_mustfix_partial.qls.

ID-kaart Locatie Veelvoorkomende opsomming van zwakke punten
cpp/windows/wdk/verouderde-api /microsoft/windows-drivers/<Version>/drivers/general/query's/WdkDeprecatedApis/wdk-deprecated-api.ql Niet van toepassing.
microsoft/Security/CWE/CWE-704/WcharCharConversionLimited /microsoft/windows-drivers/<Version>/microsoft/Security/CWE/CWE-704/WcharCharConversionLimited.ql CWE-704

Het bestand windows_mustfix_partial.qls bevat de volgende Must-Fix-codequeries.

# Copyright (c) Microsoft Corporation.
# Licensed under the MIT license.

- description: Security queries required to fix when certifying Windows Drivers
- queries: .
  from: microsoft/windows-drivers
- include:
    query path:
      - drivers/general/queries/WdkDeprecatedApis/wdk-deprecated-api.ql
      - microsoft/Security/CWE/CWE-704/WcharCharConversionLimited.ql

Deze query's maken deel uit van de aanbevolen.qls-querysuite in de Microsoft GitHub CodeQL-opslagplaats. De kolom 'Common Weakness Enumeration' (CWE) identificeert naar welke soorten beveiligingsproblemen de opgegeven query zoekt. Zie de pagina van Mitre over CWE voor meer informatie over CWEs.

In de kolom Common Weakness Enumeration (CWE) ziet u de typen beveiligingsproblemen die de query identificeert.

Beste praktijken

ID-kaart Locatie Veelvoorkomende opsomming van zwakke punten
cpp/offset-use-before-range-check codeql/cpp-queries/<Version>/Best Practices/Waarschijnlijke fouten/OffsetUseBeforeRangeCheck.ql Niet van toepassing.

Waarschijnlijke bugs

ID-kaart Locatie Veelvoorkomende opsomming van zwakke punten
cpp/bad-addition-overflow-check codeql/cpp-queries/<Version>/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql CWE-190, CWE-192
cpp/integer-vermenigvuldiging-omzetten-naar-long codeql/cpp-queries/<Version>/Likely Bugs/Arithmetic/IntMultToLong.ql CWE-190, CWE-192, CWE-197, CWE-681
cpp/signed-overflow-check codeql/cpp-queries/<Version>/Likely Bugs/Arithmetic/SignedOverflowCheck.ql Niet van toepassing.
cpp/upcast-array-pointer-arithmetic codeql/cpp-queries/<Version>/Waarschijnlijke Bugs/Conversie/CastArrayPointerArithmetic.ql CWE-119, CWE-843
cpp/pointer-overflow-check codeql/cpp-queries/<Version>/Likely Bugs/Memory Management/PointerOverflow.ql Niet van toepassing.
cpp/te weinig argumenten codeql/cpp-queries/<Version>/Likely Bugs/Underspecified Functions/TooFewArguments.ql Niet van toepassing.
cpp/onjuist-gebruik-van-niet-operator codeql/cpp-queries/<Version>/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql CWE-480
cpp/suspicious-add-sizeof codeql/cpp-queries/<Version>/Likely Bugs/Memory Management/SuspiciousSizeof.ql CWE-468
cpp/niet-geïnitialiseerd-local codeql/cpp-queries/<Version>/Likely Bugs/Memory Management/UninitializedLocal.ql CWE-457, CWE-665

Veiligheid

ID-kaart Locatie Veelvoorkomende opsomming van zwakke punten
cpp/voorwaardelijk-niet-geïnitialiseerde-variabele codeql/cpp-query's/<Version>/Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql. CWE-457
cpp/unterminated-variadic-call codeql/cpp-query's/<Version>/Security/CWE/CWE-121/UnterminatedVarargsCall.ql CWE-121
cpp/suspicious-pointer-scaling codeql/cpp-query's/<Version>/Security/CWE/CWE-468/IncorrectPointerScaling.ql CWE-468
cpp/suspicious-pointer-scaling-void codeql/cpp-query's/<Version>/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql CWE-468
cpp/potentially-dangerous-function codeql/cpp-query's/<Version>/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql CWE-676
cpp/incorrect-string-type-conversie codeql/cpp-query's/<Version>/Security/CWE/CWE-704/WcharCharConversion.ql CWE-704
cpp/comparison-with-wider-type codeql/cpp-query's/<Version>/Security/CWE/CWE-190/ComparisonWithWiderType.ql CWE-190, CWE-197, CWE-835
cpp/hresult-boolean-conversion codeql/cpp-query's/<Version>/Security/CWE/CWE-253/HResultBooleanConversion.ql CWE-253
cpp/suspicious-add-sizeof codeql/cpp-query's/<Version>/Security/CWE/CWE-468/CWE-468/SuspiciousAddWithSizeof.ql CWE-468

Het bestand recommended.qls bevat de volgende aanbevolen codequery's.

# Copyright (c) Microsoft Corporation.
# Licensed under the MIT license.

- description: Recommended and required queries for Windows Drivers.
- import: windows-driver-suites/windows_mustfix_partial.qls
  from: microsoft/windows-drivers
- import: windows-driver-suites/windows_recommended_partial.qls
  from: microsoft/windows-drivers
- queries: .
  from: codeql/cpp-queries
  version: 0.9.0
- include:
    query path:
      - Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql
      - Likely Bugs/Arithmetic/IntMultToLong.ql
      - Likely Bugs/Arithmetic/SignedOverflowCheck.ql
      - Likely Bugs/Conversion/CastArrayPointerArithmetic.ql
      - Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql
      - Likely Bugs/Memory Management/SuspiciousSizeof.ql
      - Likely Bugs/Memory Management/UninitializedLocal.ql
      - Security/CWE/CWE-121/UnterminatedVarargsCall.ql
      - Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql
      - Security/CWE/CWE-468/IncorrectPointerScaling.ql
      - Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql
      - Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
      - Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
      - Security/CWE/CWE-704/WcharCharConversion.ql
      - Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
      - Likely Bugs/Memory Management/PointerOverflow.ql
      - Likely Bugs/Underspecified Functions/TooFewArguments.ql
      - Security/CWE/CWE-190/ComparisonWithWiderType.ql
      - Security/CWE/CWE-253/HResultBooleanConversion.ql

Deze query's maken deel uit van de windows_recommended_partial.qls-querysuite .

Waarschijnlijke bugs - windows_recommended_partial.qls

ID-kaart Locatie Veelvoorkomende opsomming van zwakke punten
cpp/paddingbyteinformationdisclosure microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Boundary Violations/PaddingByteInformationDisclosure.ql Niet van toepassing.
cpp/badoverflowguard microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql Niet van toepassing.
cpp/infiniteloop microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Conversion/InfiniteLoop.ql Niet van toepassing.
cpp/uninitializedptrfield microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/UninitializedPtrField.ql Niet van toepassing.
cpp/use-after-free microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Memory Management/UseAfterFree/UseAfterFree.ql Niet van toepassing.

Beveiliging - windows_recommended_partial.qls

ID-kaart Locatie Waarschuwing voor codeanalyse
cpp/weak-crypto/cng/hardcoded-iv /microsoft/windows-drivers/<Version>/microsoft/Security/Crytpography/HardcodedIVCNG.ql Niet van toepassing.

Stuurprogramma's - Algemeen

ID-kaart Locatie Waarschuwing voor codeanalyse
cpp/drivers/ke-set-event-pageable /microsoft/windows-drivers/<Version>/drivers/general/query's/KeSetEventPageable/KeSetEventPageable.ql Geen gekoppelde CA-controle
cpp/drivers/role-type-correct-used /microsoft/windows-drivers/<Version>/drivers/general/query's/RoleType IncorrectUsed/RoleType IncorrectUsed.ql Geen gekoppelde CA-controle
cpp/drivers/extended-deprecated-apis /microsoft/windows-drivers/<Version>/drivers/general/query's/ExtendedDeprecatedApis.ql C28719 Waarschuwing, C28726 Waarschuwing, C28735 Waarschuwing, C28750 Waarschuwing
cpp/drivers/irql-not-saved /microsoft/windows-drivers/<Version>/drivers/general/query's/IrqlNotSaved/IrqlNotSaved.ql C28158-waarschuwing
cpp/drivers/irql-not-used /microsoft/windows-drivers/<Version>/drivers/general/query's/IrqlNotUsed/IrqlNotUsed.ql C28157-waarschuwing
cpp/drivers/irql-set-too-high /microsoft/windows-drivers/<Version>/drivers/general/query's/IrqlTooHigh/IrqlTooHigh.ql C28150-waarschuwing
cpp/drivers/irql-too-low /microsoft/windows-drivers/<Version>/drivers/general/query's/IrqlTooLow/IrqlTooLow.ql C28120-waarschuwing
cpp/drivers/irql-set-too-high /microsoft/windows-drivers/<Version>/drivers/general/query's/IrqlSetTooHigh/IrqlTooHigh.ql C28121-waarschuwing
cpp/drivers/irql-te-laag-ingesteld /microsoft/windows-drivers/<Version>/drivers/general/query's/IrqlSetTooLow/IrqlSetTooLow.ql C28124-waarschuwing
cpp/drivers/pool-tag-integral /microsoft/windows-drivers/<Version>/drivers/general/query's/PoolTagIntegral/PoolTagIntegral.ql C28134-waarschuwing
cpp/drivers/str-safe /microsoft/windows-drivers/<Version>/drivers/general/query's/StrSafe/StrSafe.ql C28146-waarschuwing

Stuurprogramma's - WDM

ID-kaart Locatie Waarschuwing voor codeanalyse
cpp/drivers/illegal-field-access /microsoft/windows-drivers/<Version>/drivers/wdm/query's/IllegalFieldAccess/IllegalFieldAccess.ql C28128-waarschuwing
cpp/drivers/illegal-field-access2 /microsoft/windows-drivers/<Version>/drivers/wdm/query's/IllegalFieldAccess2/IllegalFieldAccess2.ql C28175-waarschuwing
cpp/drivers/illegal-field-write /microsoft/windows-drivers/<Version>/drivers/wdm/query's/IllegalFieldWrite/IllegalFieldWrite.ql C28176-waarschuwing
cpp/drivers/ondoorzichtig-mdl-gebruik /microsoft/windows-drivers/<Version>/drivers/wdm/query's/OpaqueMdlUse/OpaqueMdlUse.ql (Geen gekoppelde CA-controle)
cpp/drivers/ondoorzichtig-mdl-write /microsoft/windows-drivers/<Version>/drivers/wdm/query's/OpaqueMdlUse/OpaqueMdlWrite.ql C28145-waarschuwing
cpp/drivers/pending-status-error /microsoft/windows-drivers/<Version>/drivers/wdm/query's/PendingStatusError/PendingStatusError.ql C28143-waarschuwing
cpp/drivers/wrong-dispatch-table-assignment /microsoft/windows-drivers/<Version>/drivers/wdm/query's/WrongDispatchTableAssignment/WrongDispatchTableAssignment.ql C28169-waarschuwing

Het bestand windows-driver-suites/windows_recommended_partial.qls bevat de volgende aanbevolen codequery's.

# Copyright (c) Microsoft Corporation.
# Licensed under the MIT license.

- description: Recommended and required queries for Windows Drivers.
- import: windows-driver-suites/windows_mustfix_partial.qls
- queries: .
  from: microsoft/windows-drivers
- include:
    query path:
      - microsoft/Likely Bugs/Boundary Violations/PaddingByteInformationDisclosure.ql
      - microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql
      - microsoft/Likely Bugs/Conversion/InfiniteLoop.ql
      - microsoft/Likely Bugs/Memory Management/UseAfterFree/UseAfterFree.ql
      - microsoft/Likely Bugs/UninitializedPtrField.ql
      - microsoft/Security/Crytpography/HardcodedIVCNG.ql
      - drivers/general/queries/KeSetEventPageable/KeSetEventPageable.ql
      - drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.ql
      - drivers/general/queries/DefaultPoolTag/DefaultPoolTag.ql
      - drivers/general/queries/ExaminedValue/ExaminedValue.ql
      - drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql
      - drivers/general/queries/IrqlNotSaved/IrqlNotSaved.ql
      - drivers/general/queries/IrqlNotUsed/IrqlNotUsed.ql
      - drivers/general/queries/IrqlTooHigh/IrqlTooHigh.ql
      - drivers/general/queries/IrqlTooLow/IrqlTooLow.ql
      - drivers/general/queries/IrqlSetTooHigh/IrqlTooHigh.ql
      - drivers/general/queries/IrqlSetTooLow/IrqlSetTooLow.ql
      - drivers/general/queries/PoolTagIntegral/PoolTagIntegral.ql
      - drivers/general/queries/StrSafe/StrSafe.ql
      - drivers/wdm/queries/IllegalFieldAccess/IllegalFieldAccess.ql
      - drivers/wdm/queries/IllegalFieldAccess2/IllegalFieldAccess2.ql
      - drivers/wdm/queries/IllegalFieldWrite/IllegalFieldWrite.ql
      - drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlUse.ql
      - drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlWrite.ql
      - drivers/wdm/queries/PendingStatusError/PendingStatusError.ql
      - drivers/wdm/queries/WrongDispatchTableAssignment/WrongDispatchTableAssignment.ql

Verwante inhoud

  • Last updated on