用于 Windows 驱动程序测试的 CodeQL 查询和套件

Microsoft CodeQL GitHub 存储库提供三个查询套件来简化端到端驱动程序开发人员工作流。 这些套件包含在 microsoft/windows-drivers CodeQL 软件包中，并利用了该包独有的查询以及 microsoft/cpp-queries 软件包中的常规 C++ 查询。

• recommended.qls 包含一组全面的用于检测常见驱动程序和 C/C++ 错误的检查。 建议默认运行此套件并查看结果。
• mustrun.qls 包含 必须运行的 检查才能通过 Windows 硬件兼容性计划 （WHCP） 认证。 由于这些查询在某些情况下可能会生成误报，因此这些检查未通过不会导致静态工具徽标测试失败，但开发人员应查看结果并修复任何实际存在的问题。 如果为这些检查生成的 DVL 没有结果，则无法通过静态工具徽标测试。 对于 26H1，mustrun.qls 和 recommended.qls 相同。
• mustfix.qls 充当必须运行的查询的子集，并包含检查报告 必须修复 的问题才能通过 WHCP 认证。 在这些规则中生成失败的 DVL 不会通过静态工具徽标测试。

有关查询套件内容的详细信息，请参阅 CodeQL 查询和套件。

必须修复的 WHCP 认证查询

以下查询子集是 WHCP 认证的必修程序，也包含在建议的修复套件中。此规则集包含在 mustfix.qls 中。

以下许多规则对应于 常见弱点枚举（CWE） 或以前的 代码分析警告。

必须修复的查询来自 microsoft/windows-drivers 包

ID	位置	常见弱点枚举 / 代码分析警告
cpp/drivers/wdk-deprecated-api	/microsoft/windows-drivers/<Version>/drivers/general/queries/WdkDeprecatedApis/wdk-deprecated-api.ql	无
cpp/drivers/extended-deprecated-apis	/microsoft/windows-drivers/<Version>/drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql	C28719 警告、 C28726 警告、 C28735 警告、 C28750 警告
cpp/incorrect-string-type-conversion-ignore-puchar-casts	/microsoft/windows-drivers/<Version>/microsoft/Security/CWE/CWE-704/WcharCharConversionLimited.ql	CWE-704

必须解决的查询来自 microsoft/cpp-queries 包

ID	位置	常见弱点枚举
cpp/不良加法溢出检查	/microsoft/cpp-queries/<Version>/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql	CWE-190、 CWE-192
cpp/wrong-number-format-arguments	/microsoft/cpp-queries/<Version>/Likely Bugs/Format/WrongNumberOfFormatArguments.ql	CWE-234、 CWE-685
cpp/pointer-overflow-check	/microsoft/cpp-queries/<Version>/Likely Bugs/Memory Management/PointerOverflow.ql	CWE-758
cpp/unsafe-strncat	/microsoft/cpp-queries/<Version>/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql	CWE-119、 CWE-251、 CWE-676、 CWE-788
cpp/unsafe-use-of-this	/microsoft/cpp-queries/<Version>/Likely Bugs/OO/UnsafeUseOfThis.ql	CWE-670
cpp/boost/tls-settings-misconfiguration	/microsoft/cpp-queries/<Version>/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql	CWE-326
cpp/boost/使用过时的硬编码安全协议	/microsoft/cpp-queries/<Version>/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql	CWE-327
cpp/参数太少	/microsoft/cpp-queries/<Version>/Likely Bugs/Underspecified Functions/TooFewArguments.ql	CWE-234、 CWE-685
cpp/microsoft/public/badoverflowguard	/microsoft/cpp-queries/<Version>/Microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql	CWE-190、 CWE-191
cpp/microsoft/public/drivers/incorrect-usage-of-rtlcomparememory	/microsoft/cpp-queries/<Version>/Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql	无
cpp/microsoft/public/weak-crypto/banned-encryption-algorithms	/microsoft/cpp-queries/<Version>/Microsoft/Security/Cryptography/BannedEncryption.ql	CWE-327
cpp/microsoft/public/weak-crypto/capi/banned-modes	/microsoft/cpp-queries/<Version>/Microsoft/Security/Cryptography/BannedModesCAPI.ql	CWE-327
cpp/microsoft/public/weak-crypto/cng/banned-modes	/microsoft/cpp-queries/<Version>/Microsoft/Security/Cryptography/BannedModesCNG.ql	CWE-327
cpp/microsoft/public/weak-crypto/cng/hardcoded-iv	/microsoft/cpp-queries/<Version>/Microsoft/Security/Cryptography/HardcodedIVCNG.ql	CWE-327
cpp/microsoft/public/enum-index	/microsoft/cpp-queries/<Version>/Microsoft/Security/MemoryAccess/EnumIndex/UncheckedBoundsEnumAsIndex.ql	CWE-125
cpp/命令行注入	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-078/ExecTainted.ql	CWE-078、 CWE-088
cpp/不受控制的进程操作	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-114/UncontrolledProcessOperation.ql	CWE-114
cpp/badly-bounded-write	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-120/BadlyBoundedWrite.ql	CWE-120、 CWE-787、 CWE-805
cpp/overrunning-write	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-120/OverrunWrite.ql	CWE-120、 CWE-787、 CWE-805
cpp/没有终结符的空间	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql	CWE-120、 CWE-122、 CWE-131
用户控制的空终止符污点	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql	CWE-170
cpp/与更宽类型的比较	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-190/ComparisonWithWiderType.ql	CWE-190、 CWE-197、 CWE-835
cpp/hresult-boolean-conversion	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-253/HResultBooleanConversion.ql	CWE-253
cpp/openssl-heartbleed	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-327/OpenSslHeartbleed.ql	CWE-327、 CWE-788
cpp/危险函数溢出	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-676/DangerousFunctionOverflow.ql	CWE-242、 CWE-676
cpp/dangerous-cin	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-676/DangerousUseOfCin.ql	CWE-676
cpp/不正确的字符串类型转换	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-704/WcharCharConversion.ql	CWE-704
cpp/unsafe-dacl-security-descriptor	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql	CWE-732

建议的查询

recommended.qls 套件包括 mustfix.qls 套件中的所有查询，以及来自 microsoft/windows-drivers 和 microsoft/cpp-queries packs 的以下查询。

Microsoft/windows-drivers 包中的常规驱动程序查询

ID	位置	代码分析警告
cpp/drivers/annotation-syntax	/microsoft/windows-drivers/<Version>/drivers/general/queries/AnnotationSyntax/AnnotationSyntax.ql	C28266 警告
cpp/drivers/current-function-type-not-correct	/microsoft/windows-drivers/<Version>/drivers/general/queries/CurrentFunctionTypeNotCorrect/CurrentFunctionTypeNotCorrect.ql	C28101 警告
cpp/drivers/default-pool-tag	/microsoft/windows-drivers/<Version>/drivers/general/queries/DefaultPoolTag/DefaultPoolTag.ql	C28147 警告
cpp/drivers/driver-entry-save-buffer	/microsoft/windows-drivers/<Version>/drivers/general/queries/DriverEntrySaveBuffer/DriverEntrySaveBuffer.ql	C28131 警告
cpp/drivers/examined-value	/microsoft/windows-drivers/<Version>/drivers/general/queries/ExaminedValue/ExaminedValue.ql	C28193 警告
cpp/drivers/irp-stack-entry-copy	/microsoft/windows-drivers/<Version>/drivers/general/queries/IRPStackEntryCopy/IRPStackEntryCopy.ql	C28114 警告
cpp/drivers/important-function-call-optimized-out	/microsoft/windows-drivers/<Version>/drivers/general/queries/ImportantFunctionCallOptimizedOut/ImportantFunctionCallOptimizedOut.ql	C28625 警告
cpp/drivers/improper-not-operator-on-zero	/microsoft/windows-drivers/<Version>/drivers/general/queries/ImproperNotOperatorOnZero/ImproperNotOperatorOnZero.ql	C28650 警告
cpp/drivers/invalid-function-class-typedef	/microsoft/windows-drivers/<Version>/drivers/general/queries/InvalidFunctionClassTypedef/InvalidFunctionClassTypedef.ql	C28268 警告
cpp/drivers/invalid-function-pointer-annotation	/microsoft/windows-drivers/<Version>/drivers/general/queries/InvalidFunctionPointerAnnotation/InvalidFunctionPointerAnnotation.ql	C28165 警告
cpp/驱动程序/io-初始化-计时器调用	/microsoft/windows-drivers/<Version>/drivers/general/queries/IoInitializeTimerCall/IoInitializeTimerCall.ql	C28133 警告
cpp/drivers/irql-annotation-issue	/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlAnnotationIssue/IrqlAnnotationIssue.ql	C28153 警告
cpp/drivers/irql-cancel-routine	/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlCancelRoutine/IrqlCancelRoutine.ql	C28144 警告
cpp/drivers/irql-float-state-mismatch	/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlFloatStateMismatch/IrqlFloatStateMismatch.ql	C28111 警告
cpp/drivers/irql-not-saved	/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlNotSaved/IrqlNotSaved.ql	C28158 警告
cpp/驱动程序/irql-not-used	/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlNotUsed/IrqlNotUsed.ql	C28157 警告
cpp/驱动程序/irql设置过高	/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlSetTooHigh/IrqlSetTooHigh.ql	C28150 警告
cpp/drivers/irql-set-too-low	/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlSetTooLow/IrqlSetTooLow.ql	C28124 警告
cpp/drivers/irql-too-high	/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlTooHigh/IrqlTooHigh.ql	C28121 警告
cpp/drivers/irql-too-low	/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlTooLow/IrqlTooLow.ql	C28120 警告
cpp/drivers/ke-set-event-pageable	/microsoft/windows-drivers/<Version>/drivers/general/queries/KeSetEventPageable/KeSetEventPageable.ql	没有相关的 CA 检查
cpp/驱动程序/多线程-av-条件	/microsoft/windows-drivers/<Version>/drivers/general/queries/MultithreadedAVCondition/MultithreadedAVCondition.ql	C28616 警告
cpp/drivers/ntstatus-explicit-cast	/microsoft/windows-drivers/<Version>/drivers/general/queries/NtstatusExplicitCast/NtstatusExplicitCast.ql	C28714 警告
cpp/drivers/ntstatus-explicit-cast2	/microsoft/windows-drivers/<Version>/drivers/general/queries/NtstatusExplicitCast2/NtstatusExplicitCast2.ql	C28715 警告
cpp/drivers/ntstatus-explicit-cast3	/microsoft/windows-drivers/<Version>/drivers/general/queries/NtstatusExplicitCast3/NtstatusExplicitCast3.ql	C28716 警告
cpp/驱动程序/空字符指针赋值	/microsoft/windows-drivers/<Version>/drivers/general/queries/NullCharacterPointerAssignment/NullCharacterPointerAssignment.ql	C28730 警告
cpp/drivers/operand-assignment	/microsoft/windows-drivers/<Version>/drivers/general/queries/OperandAssignment/OperandAssignment.ql	C28129 警告
cpp/驱动程序/指针变量大小	/microsoft/windows-drivers/<Version>/drivers/general/queries/PointerVariableSize/PointerVariableSize.ql	C28132 警告
cpp/drivers/pool-tag-integral	/microsoft/windows-drivers/<Version>/drivers/general/queries/PoolTagIntegral/PoolTagIntegral.ql	C28134 警告
cpp/drivers/role-type-correctly-used	/microsoft/windows-drivers/<Version>/drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.ql	C28158 警告
cpp/drivers/routine-function-type-not-expected	/microsoft/windows-drivers/<Version>/drivers/general/queries/RoutineFunctionTypeNotExpected/RoutineFunctionTypeNotExpected.ql	C28127 警告
cpp/drivers/str-safe	/microsoft/windows-drivers/<Version>/drivers/general/queries/StrSafe/StrSafe.ql	C28146 警告
cpp/drivers/strict-type-match	/microsoft/windows-drivers/<Version>/drivers/general/queries/StrictTypeMatch/StrictTypeMatch.ql	C28139 警告

来自 microsoft/windows-drivers 包的 WDM 驱动程序查询

ID	位置	代码分析警告
cpp/驱动程序/非法字段访问	/microsoft/windows-drivers/<Version>/drivers/wdm/queries/IllegalFieldAccess/IllegalFieldAccess.ql	C28128 警告
cpp/drivers/illegal-field-access-2	/microsoft/windows-drivers/<Version>/drivers/wdm/queries/IllegalFieldAccess2/IllegalFieldAccess2.ql	C28175 警告
cpp/驱动程序/非法字段写入	/microsoft/windows-drivers/<Version>/drivers/wdm/queries/IllegalFieldWrite/IllegalFieldWrite.ql	C28176 警告
cpp/drivers/init-not-cleared	/microsoft/windows-drivers/<Version>/drivers/wdm/queries/InitNotCleared/InitNotCleared.ql	C28152 警告
cpp/drivers/kewaitlocal-requires-kernel-mode	/microsoft/windows-drivers/<Version>/drivers/wdm/queries/KeWaitLocal/KeWaitLocal.ql	C28135 警告
cpp/drivers/multiple-paged-code	/microsoft/windows-drivers/<Version>/drivers/wdm/queries/MultiplePagedCode/MultiplePagedCode.ql	C28171 警告
cpp/drivers/ob-reference-mode	/microsoft/windows-drivers/<Version>/drivers/wdm/queries/ObReferenceMode/ObReferenceMode.ql	C28126 警告
cpp/drivers/opaque-mdl-use	/microsoft/windows-drivers/<Version>/drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlUse.ql	没有相关的 CA 检查
cpp/drivers/opaque-mdl-write	/microsoft/windows-drivers/<Version>/drivers/wdm/queries/OpaqueMdlWrite/OpaqueMdlWrite.ql	C28145 警告
cpp/drivers/pending-status-error	/microsoft/windows-drivers/<Version>/drivers/wdm/queries/PendingStatusError/PendingStatusError.ql	C28143 警告
cpp/drivers/wrong-dispatch-table-assignment	/microsoft/windows-drivers/<Version>/drivers/wdm/queries/WrongDispatchTableAssignment/WrongDispatchTableAssignment.ql	C28168 警告、 C28169 警告

Microsoft/windows-drivers 包中的常规 C++ 查询

ID	位置	常见弱点枚举 /代码分析警告
`cpp/填充字节信息泄露`	/microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Boundary Violations/PaddingByteInformationDisclosure.ql	无
cpp/badoverflowguard	/microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql	无
cpp/infiniteloop	/microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Conversion/InfiniteLoop.ql	无
cpp/use-after-free	/microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Memory Management/UseAfterFree/UseAfterFree.ql	无
cpp/uninitializedptrfield	/microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/UninitializedPtrField.ql	无
cpp/weak-crypto/cng/hardcoded-iv	/microsoft/windows-drivers/<Version>/microsoft/Security/Cryptography/HardcodedIVCNG.ql	无

microsoft/cpp-queries pack 中的常规 C++ 查询

ID	位置	常见弱点枚举
cpp/offset-use-before-range-check	/microsoft/cpp-queries/<Version>/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql	CWE-120、 CWE-125
cpp/integer-multiplication-cast-to-long	/microsoft/cpp-queries/<Version>/Likely Bugs/Arithmetic/IntMultToLong.ql	CWE-190、CWE-192、CWE-197、CWE-681
cpp/signed-overflow-check	/microsoft/cpp-queries/<Version>/Likely Bugs/Arithmetic/SignedOverflowCheck.ql	CWE-128、 CWE-190
cpp/upcast-array-pointer-arithmetic	/microsoft/cpp-queries/<Version>/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql	CWE-119、 CWE-843
cpp/incorrect-not-operator-usage	/microsoft/cpp-queries/<Version>/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql	CWE-480
cpp/suspicious-sizeof	/microsoft/cpp-queries/<Version>/Likely Bugs/Memory Management/SuspiciousSizeof.ql	CWE-467
cpp/uninitialized-local	/microsoft/cpp-queries/<Version>/Likely Bugs/Memory Management/UninitializedLocal.ql	CWE-457、 CWE-665
cpp/未终止的可变参数调用	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-121/UnterminatedVarargsCall.ql	CWE-121
cpp/conditionally-uninitialized-variable	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql	CWE-457
cpp/suspicious-add-sizeof	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql	CWE-468
cpp/suspicious-pointer-scaling	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-468/IncorrectPointerScaling.ql	CWE-468
cpp/suspicious-pointer-scaling-void	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql	CWE-468
cpp/潜在危险函数	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql	CWE-676
cpp/overflow-buffer	/microsoft/cpp-queries/<Version>/Security/CWE/CWE-119/OverflowBuffer.ql	CWE-119、 CWE-121、 CWE-122、 CWE-126

必须运行查询

mustrun.qls 套件包含必须运行的查询才能通过 WHCP 认证。 由于潜在的误报，这些查询可能不需要立即修复，但应对其结果进行审核，并修复发现的任何实际的错误。 在没有结果的情况下为这些检查生成的 DVL 无法通过静态工具徽标测试。

对于 Windows 11 版本 26H1，mustrun.qls 和 recommended.qls 暴露的查询是一致的。

相关内容

• 对驱动程序代码运行 CodeQL 分析
• CodeQL 概述
• CodeQL 常见问题解答