Obuka
Modul
Identify security vulnerabilities in your codebase by using CodeQL - Training
Learn how to use CodeQL to analyze the code in your GitHub repository and identify security vulnerabilities.
Supplemental Windows Driver CodeQL Queries
This section lists and describes a handful of CodeQL queries that are included as part of the Microsoft GitHub CodeQL repository that are specific to driver development for the Windows platform.
| Query Name | Description |
|---|---|
Finds instances of deprecated pool-allocation APIs |
|
Finds select instances of UseAfterFree defects in driver source code (high-precision) |
|
Finds almost all instances of UseAfterFree defects in driver source code (low-precision) |
|
Checks for newly allocated structs or classes that are initialized member-by-member as they may leak information if they include padding bytes. |
|
Checking for overflow of an addition by comparing against one of the arguments of the addition. Fails if the size of all the argument types are smaller than 4 bytes. |
|
Finds comparisons between types of different widths in a loop condition which can cause the loop to fail to terminate. |
|
Looks for a pointer field which was not initialized during or since class construction will cause a null pointer dereference. |
|
Finds incorrect usage of initialization vectors. |
Dodatni resursi
Dokumentacija
-
How to Select and Configure the Device Fundamentals Tests - Windows drivers
The WDK for Windows 8 provides a driver testing framework that includes a set of tests called the Device Fundamentals tests.
-
Breaking into a Debugger from KMDF Drivers - Windows drivers
Breaking into a Debugger from KMDF Drivers
-
CodeQL and the Static Tools Logo Test - Windows drivers
Using Static tools and CodeQL on Windows driver source code to discover and repair any issues that are deemed Must-Fix