Microsoft CodeQL GitHub 倉庫提供三個查詢套件,以簡化端對端驅動程式開發者的工作流程。 這些套件包含在 microsoft/windows-drivers CodeQL 套件中,並利用該套件獨有的查詢以及 microsoft/cpp-queries 套件中的一般 C++ 查詢。
- recommended.qls 包含一套針對常見驅動程式及 C/C++ 錯誤的廣泛檢查。 我們建議預設使用此套件並檢視結果。
- mustrun.qls 包含 必須執行 的檢查,才能通過 Windows 硬體相容性程式(WHCP)認證。 由於這些查詢在某些情況下可能會產生誤報,未通過這些檢查不會讓靜態工具標誌測試失敗,但開發者應檢視結果並修正真正的錯誤。 若產生的 DVL 在這些檢查中沒有結果,則無法通過靜態工具標誌測試。 對於 26H1,mustrun.qls 和 recommended.qls 是相同的。
- mustfix.qls 作為必執行查詢的子集,包含報告 必須修正 的問題以通過 WHCP 認證的檢查。 若產生的 DVL 在這些規則中出現失效,則無法通過靜態工具標誌測試。
關於查詢套件內容的詳細資訊,請參見 CodeQL 查詢與套件。
必須修正的 WHCP 認證查詢
以下查詢子集是 WHCP 認證所需的 Must-Fix,也包含在 推薦修正 套件中。這些規則包含在 mustfix.qls 中。
以下許多規則對應於 共通弱點列舉(CWE) 或先前的 程式碼分析警告。
必須修正來自 Microsoft/Windows 驅動程式套件的查詢
| ID | 地點 | 共同弱點列舉 / 程式碼分析警告 |
|---|---|---|
| CPP/Drivers/WDK-Deprecated-API |
/microsoft/windows-drivers/<Version>/drivers/general/queries/WdkDeprecatedApis/wdk-deprecated-api.ql |
N/A |
| cpp/drivers/extended-deprecated-apis |
/microsoft/windows-drivers/<Version>/drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql |
C28719 警告、 C28726 警告、 C28735 警告、 C28750 警告 |
| cpp/incorrect-string-type-conversion-ignore-puchar-casts |
/microsoft/windows-drivers/<Version>/microsoft/Security/CWE/CWE-704/WcharCharConversionLimited.ql |
CWE-704 |
必須修正的查詢來自 Microsoft 的 CPP-Queries 套件
| ID | 地點 | 常見弱點列舉 |
|---|---|---|
| cpp/bad-addition-overflow-check |
/microsoft/cpp-queries/<Version>/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql |
CWE-190、 CWE-192 |
| CPP/錯誤數字格式參數 |
/microsoft/cpp-queries/<Version>/Likely Bugs/Format/WrongNumberOfFormatArguments.ql |
CWE-234,CWE-685 |
| cpp/pointer-overflow-check |
/microsoft/cpp-queries/<Version>/可能的錯誤/記憶體管理/PointerOverflow.ql |
CWE-758 |
| CPP/UNSAFE-STRNCAT |
/microsoft/cpp-queries/<Version>/Likely Bugs/記憶體管理/SuspiciousCallToStrncat.ql |
CWE-119、 CWE-251、 CWE-676、 CWE-788 |
| CPP/不安全使用這個 |
/microsoft/cpp-queries/<Version>/Likely Bugs/OO/UnsafeUseOfThis.ql |
CWE-670 |
| CPP/BOOST/TLS-SETTINGS-MISCONFIGURATION |
/microsoft/cpp-queries/<Version>/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql |
CWE-326 |
| cpp/boost/使用已廢棄硬編碼安全協議 |
/microsoft/cpp-queries/<Version>/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql |
CWE-327 |
| cpp/too-few-arguments |
/microsoft/cpp-queries/<Version>/Likely Bugs/Underspecified Functions/TooFewArguments.ql |
CWE-234,CWE-685 |
| CPP/Microsoft/Public/BadOverflowGuard |
/microsoft/cpp-queries/<Version>/Microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql |
CWE-190、 CWE-191 |
| cpp/microsoft/public/drivers/incorrect-usage-of-rtlcomparememory |
/microsoft/cpp-queries/<Version>/Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql |
N/A |
| cpp/microsoft/public/weak-crypto/禁用的加密演算法 |
/microsoft/cpp-queries/<Version>/Microsoft/Security/Cryptography/BannedEncryption.ql |
CWE-327 |
| cpp/Microsoft/Public/弱加密/CAPI/禁用模式 |
/microsoft/cpp-queries/<Version>/Microsoft/Security/Cryptography/BannedModesCAPI.ql |
CWE-327 |
| CPP/Microsoft/公開/弱加密/CNG/禁用模式 |
/microsoft/cpp-queries/<Version>/Microsoft/Security/Cryptography/BannedModesCNG.ql |
CWE-327 |
| CPP/Microsoft/Public/Weak-Crypto/CNG/Hardcoded-IV |
/microsoft/cpp-queries/<Version>/Microsoft/Security/Cryptography/HardcodedIVCNG.ql |
CWE-327 |
| cpp/microsoft/public/enum-index |
/microsoft/cpp-queries/<Version>/Microsoft/Security/MemoryAccess/EnumIndex/UncheckedBoundsEnumAsIndex.ql |
CWE-125 |
| cpp/命令列注入 |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-078/ExecTainted.ql |
CWE-078, CWE-088 |
| CPP/非控制程序操作 |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-114/UncontrolledProcessOperation.ql |
CWE-114 |
| cpp/不正確邊界寫入 |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-120/BadlyBoundedWrite.ql |
CWE-120、 CWE-787、 CWE-805 |
| CPP/overrunning-write |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-120/OverrunWrite.ql |
CWE-120、 CWE-787、 CWE-805 |
| cpp/無空間用於終止符 |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql |
CWE-120、 CWE-122、 CWE-131 |
| CPP/使用者控制-null-終止-污染 |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql |
CWE-170 |
| cpp/comparison-with-wider-type |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-190/ComparisonWithWiderType.ql |
CWE-190、 CWE-197、 CWE-835 |
| cpp/hresult-boolean-conversion |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-253/HResultBooleanConversion.ql |
CWE-253 |
| cpp/openssl-heartbleed |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-327/OpenSslHeartbleed.ql |
CWE-327,CWE-788 |
| C++/危險函式溢出 |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-676/DangerousFunctionOverflow.ql |
CWE-242、 CWE-676 |
| C++/危險的cin |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-676/DangerousUseOfCin.ql |
CWE-676 |
| cpp/不正確的字串類型轉換 |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-704/WcharCharConversion.ql |
CWE-704 |
| CPP/unsafe-dacl-security-descriptor |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql |
CWE-732 |
推薦查詢
推薦的 QLS 套件包含 mustfix.qls 套件中的所有查詢,以及 microsoft/windows-driver 和 microsoft/cpp-queries 套件中的以下查詢。
來自 microsoft/windows-drivers 套件的一般驅動查詢
| ID | 地點 | 程序代碼分析警告 |
|---|---|---|
| CPP/驅動程式/註解語法 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/AnnotationSyntax/AnnotationSyntax.ql |
C28266 警告 |
| CPP/驅動程式/current-function-type-not-correct |
/microsoft/windows-drivers/<Version>/drivers/general/queries/CurrentFunctionTypeNotCorrect/CurrentFunctionTypeNotCorrect.ql |
C28101 警告 |
| CPP/驅動程式/預設池標籤 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/DefaultPoolTag/DefaultPoolTag.ql |
C28147 警告 |
| CPP/驅動程式/驅動程式條目儲存緩衝區 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/DriverEntrySaveBuffer/DriverEntrySaveBuffer.ql |
C28131 警告 |
| CPP/驅動程式/檢視值 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/ExaminedValue/ExaminedValue.ql |
C28193 警告 |
| CPP/Drivers/IRP-堆疊-入口-複製 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IRPStackEntryCopy/IRPStackEntryCopy.ql |
C28114 警告 |
| CPP/Drivers/重要函數呼叫優化輸出 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/ImportantFunctionCallOptimizedOut/ImportantFunctionCallOptimizedOut.ql |
C28625 警告 |
| CPP/驅動程式/不當非運算子零 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/ImproperNotOperatorOnZero/ImproperNotOperatorOnZero.ql |
C28650 警告 |
| CPP/Drivers/Invalid-function-class-typedef |
/microsoft/windows-drivers/<Version>/drivers/general/queries/InvalidFunctionClassTypedef/InvalidFunctionClassTypedef.ql |
C28268 警告 |
| cpp/驅動程式/無效的函式指標註解 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/InvalidFunctionPointerAnnotation/InvalidFunctionPointerAnnotation.ql |
C28165 警告 |
| cpp/驅動程式/IO初始化定時器調用 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IoInitializeTimerCall/IoInitializeTimerCall.ql |
C28133 警告 |
| CPP/驅動程式/IRQL-註解-問題 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlAnnotationIssue/IrqlAnnotationIssue.ql |
C28153 警告 |
| cpp/drivers/irql-cancel-routine |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlCancelRoutine/IrqlCancelRoutine.ql |
C28144 警告 |
| CPP/驅動程式/IRQL-float-state-mismatch |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlFloatStateMismatch/IrqlFloatStateMismatch.ql |
C28111 警告 |
| cpp/drivers/irql-not-saved |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlNotSaved/IrqlNotSaved.ql |
C28158 警告 |
| cpp/drivers/irql-not-used |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlNotUsed/IrqlNotUsed.ql |
C28157 警告 |
| cpp/drivers/irql-set-too-high |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlSetTooHigh/IrqlSetTooHigh.ql |
C28150 警告 |
| cpp/drivers/irql-set-too-low |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlSetTooLow/IrqlSetTooLow.ql |
C28124 警告 |
| cpp/驅動程式/IRQL過高 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlTooHigh/IrqlTooHigh.ql |
C28121 警告 |
| cpp/drivers/irql-too-low |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlTooLow/IrqlTooLow.ql |
C28120 警告 |
| cpp/drivers/ke-set-event-pageable |
/microsoft/windows-drivers/<Version>/drivers/general/queries/KeSetEventPageable/KeSetEventPageable.ql |
沒有相關聯的 CA 檢查 |
| CPP/驅動程式/多執行緒 AV 條件 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/MultithreadedAVCondition/MultithreadedAVCondition.ql |
C28616 警告 |
| CPP/驅動程式/NT狀態-明確-cast |
/microsoft/windows-drivers/<Version>/drivers/general/queries/NtstatusExplicitCast/NtstatusExplicitCast.ql |
C28714 警告 |
| cpp/drivers/ntstatus-explicit-cast2 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/NtstatusExplicitCast2/NtstatusExplicitCast2.ql |
C28715 警告 |
| cpp/drivers/ntstatus-explicit-cast3 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/NtstatusExplicitCast3/NtstatusExplicitCast3.ql |
C28716 警告 |
| CPP/驅動程式/空字元指標指派 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/NullCharacterPointerAssignment/NullCharacterPointerAssignment.ql |
C28730 警告 |
| CPP/驅動程式/操作數指派 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/OperandAssignment/OperandAssignment.ql |
C28129 警告 |
| cpp/驅動程式/指標變數大小 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/PointerVariableSize/PointerVariableSize.ql |
C28132 警告 |
| cpp/drivers/pool-tag-integral |
/microsoft/windows-drivers/<Version>/drivers/general/queries/PoolTagIntegral/PoolTagIntegral.ql |
C28134 警告 |
| cpp/drivers/role-type-correctly-used |
/microsoft/windows-drivers/<Version>/drivers/general/queries/RoleTypeCorrectUsed/RoleTypeCorrectUsed.ql |
C28158 警告 |
| cpp/drivers/routine-function-type-not-expected |
/microsoft/windows-drivers/<Version>/drivers/general/queries/RoutineFunctionTypeNotExpected/RoutineFunctionTypeNotExpected.ql |
C28127 警告 |
| cpp/drivers/str-safe |
/microsoft/windows-drivers/<Version>/drivers/general/queries/StrSafe/StrSafe.ql |
C28146 警告 |
| cpp/驅動程式/嚴格型別匹配 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/StrictTypeMatch/StrictTypeMatch.ql |
C28139 警告 |
來自 microsoft/windows-drivers 套件的 WDM 驅動程式查詢
| ID | 地點 | 程序代碼分析警告 |
|---|---|---|
| cpp/drivers/非法字段訪問 |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/IllegalFieldAccess/IllegalFieldAccess.ql |
C28128 警告 |
| cpp/驅動程式/非法欄位存取-2 |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/IllegalFieldAccess2/IllegalFieldAccess2.ql |
C28175 警告 |
| cpp/驅動程序/非法欄位寫入 |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/IllegalFieldWrite/IllegalFieldWrite.ql |
C28176 警告 |
| CPP/驅動程式/init-not-cleared |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/InitNotCleared/InitNotCleared.ql |
C28152 警告 |
| CPP/Drivers/Kewaitlocal-Requires-kernel-mode |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/KeWaitLocal/KeWaitLocal.ql |
C28135 警告 |
| CPP/驅動程式/多頁程式碼 |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/MultiplePagedCode/MultiplePagedCode.ql |
C28171 警告 |
| CPP/驅動程式/OB-參考模式 |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/ObReferenceMode/ObReferenceMode.ql |
C28126 警告 |
| cpp/drivers/opaque-mdl-use |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlUse.ql |
沒有相關聯的 CA 檢查 |
| cpp/drivers/opaque-mdl-write |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/OpaqueMdlWrite/OpaqueMdlWrite.ql |
C28145 警告 |
| cpp/驅動程序/待處理狀態錯誤 |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/PendingStatusError/PendingStatusError.ql |
C28143 警告 |
| cpp/驅動程式/錯誤的分派表指派 |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/WrongDispatchTableAssignment/WrongDispatchTableAssignment.ql |
C28168警告,C28169警告 |
來自 microsoft/windows-drivers 套件的一般 C++ 查詢
| ID | 地點 | 常見弱點列舉 /程式碼分析警告 |
|---|---|---|
| cpp/paddingbyteinformationdisclosure |
/microsoft/windows-drivers/<Version>/microsoft/可能的錯誤/邊界違規/PaddingByteInformationDisclosure.ql |
N/A |
| cpp/badoverflowguard |
/microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql |
N/A |
| cpp/infiniteloop |
/microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Conversion/InfiniteLoop.ql |
N/A |
| cpp/use-after-free |
/microsoft/windows-drivers/<Version>/microsoft/可能的錯誤/記憶體管理/UseAfterFree/UseAfterFree.ql |
N/A |
| cpp/uninitializedptrfield |
/microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/UninitializedPtrField.ql |
N/A |
| cpp/weak-crypto/cng/hardcoded-iv |
/microsoft/windows-drivers/<Version>/microsoft/Security/Crytpography/HardcodedIVCNG.ql |
N/A |
來自 microsoft/cpp-queries 套件的一般 C++ 查詢
| ID | 地點 | 常見弱點列舉 |
|---|---|---|
| cpp/offset-use-before-range-check |
/microsoft/cpp-queries/<Version>/最佳實務/可能錯誤/OffsetUseBeforeRangeCheck.ql |
CWE-120、 CWE-125 |
| cpp/整數乘法轉換為長整型 |
/microsoft/cpp-queries/<Version>/Likely Bugs/Arithmetic/IntMultToLong.ql |
CWE-190、 CWE-192、 CWE-197、 CWE-681 |
| cpp/signed-overflow-check |
/microsoft/cpp-queries/<Version>/Likely Bugs/Arithmetic/SignedOverflowCheck.ql |
CWE-128、 CWE-190 |
| cpp/upcast-array-pointer-arithmetic |
/microsoft/cpp-queries/<Version>/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql |
CWE-119,CWE-843 |
| cpp/錯誤的非運算子使用 |
/microsoft/cpp-queries/<Version>/可能的錯誤/可能的錯字/IncorrectNotOperatorUsage.ql |
CWE-480 |
| cpp/suspicious-sizeof |
/microsoft/cpp-queries/<Version>/Likely Bugs/記憶體管理/SuspiciousSizeof.ql |
CWE-467 |
| cpp/uninitialized-local |
/microsoft/cpp-queries/<Version>/可能的錯誤/記憶體管理/UninitializedLocal.ql |
CWE-457、 CWE-665 |
| cpp/未結束的可變參數呼叫 |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-121/UnterminatedVarargsCall.ql |
CWE-121 |
| cpp/conditionally-uninitialized-variable |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql |
CWE-457 |
| cpp/suspicious-add-sizeof |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql |
CWE-468 |
| cpp/suspicious-pointer-scaling |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-468/IncorrectPointerScaling.ql |
CWE-468 |
| cpp/suspicious-pointer-scaling-void |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql |
CWE-468 |
| cpp/潛在危險函數 |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql |
CWE-676 |
| cpp/緩衝器溢位 |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-119/OverflowBuffer.ql |
CWE-119、 CWE-121、 CWE-122、 CWE-126 |
必須執行查詢
mustrun.qls 套件包含必須執行的查詢,才能通過 WHCP 認證。 這些查詢不一定因潛在的誤報而必須修正,但應檢視結果並修正任何真正的錯誤。 若產生的 DVL 在這些檢查中沒有結果,則無法通過靜態工具標誌測試。
在 Windows 11 版本 26H1 中, mustrun.qls 與 recommended.qls 所暴露的查詢是相同的。