Observação
O acesso a essa página exige autorização. Você pode tentar entrar ou alterar diretórios.
O acesso a essa página exige autorização. Você pode tentar alterar os diretórios.
O repositório GitHub do Microsoft CodeQL fornece três conjuntos de consultas para simplificar o fluxo de trabalho do desenvolvedor de driver de ponta a ponta. Esses conjuntos estão incluídos no pacote CodeQL microsoft/windows-drivers e fazem uso de consultas exclusivas desse pacote, além de consultas gerais de C++ do pacote microsoft/cpp-queries.
- recommended.qls contém um amplo conjunto de verificações para bugs comuns de driver e C/C++. É recomendável executar esse pacote por padrão e examinar os resultados.
- mustrun.qls contém verificações que devem ser executadas para passar na certificação WHCP (Programa de Compatibilidade de Hardware do Windows). Como essas consultas podem produzir falsos positivos em alguns casos, a falha dessas verificações não reprovará no teste de logo de ferramentas estáticas, mas os desenvolvedores devem examinar os resultados e corrigir bugs reais. Um DVL gerado sem resultados para essas verificações falha no teste do Logotipo das Ferramentas Estáticas. Para 26H1, mustrun.qls e recommended.qls são idênticos .
- mustfix.qls serve como um subconjunto das consultas obrigatórias e contém verificações de que os problemas devem ser corrigidos para passar na certificação WHCP. Um DVL gerado com falhas nessas regras não passa no teste do Logotipo das Ferramentas Estáticas.
Para obter detalhes sobre o conteúdo dos conjuntos de consultas, consulte CodeQL Queries and Suites.
Consultas obrigatórias para certificação WHCP
O subconjunto de consultas a seguir é Must-Fix para certificação WHCP e também está incluído no pacote Correção Recomendada . Esse conjunto de regras está incluído em mustfix.qls.
Muitas das regras a seguir correspondem a CWEs (Common Weakness Enumeration) ou avisos de análise de código anteriores.
Consultas Críticas do pacote de drivers da microsoft/windows
| ID | Localização | Enumeração Comum de Fraquezas / Aviso de Análise de Código |
|---|---|---|
| cpp/drivers/wdk-deprecated-api |
/microsoft/windows-drivers/<Version>/drivers/general/queries/WdkDeprecatedApis/wdk-deprecated-api.ql |
Não aplicável |
| cpp/drivers/extended-deprecated-apis |
/microsoft/windows-drivers/<Version>/drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql |
Aviso C28719, Aviso C28726, Aviso C28735, Aviso C28750 |
| cpp/incorrect-string-type-conversion-ignore-puchar-casts |
/microsoft/windows-drivers/<Version>/microsoft/Security/CWE/CWE-704/WcharCharConversionLimited.ql |
CWE-704 |
Consultas de Correção Obrigatória do pacote microsoft/cpp-queries
| ID | Localização | Enumeração de Fraqueza Comum |
|---|---|---|
| cpp/verificação-ruim-de-excesso-em-adição |
/microsoft/cpp-queries/<Version>/Bugs Prováveis/Arithmetic/BadAdditionOverflowCheck.ql |
CWE-190, CWE-192 |
| cpp/wrong-number-format-arguments (argumentos de formato numérico incorretos) |
/microsoft/cpp-queries/<Version>/Likely Bugs/Format/WrongNumberOfFormatArguments.ql |
CWE-234, CWE-685 |
| cpp/pointer-overflow-check |
/microsoft/cpp-queries/<Version>/Likely Bugs/Memory Management/PointerOverflow.ql |
CWE-758 |
| cpp/unsafe-strncat |
/microsoft/cpp-queries/<Version>/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql |
CWE-119, CWE-251, CWE-676, CWE-788 |
| cpp/uso-indevido-deste |
/microsoft/cpp-queries/<Version>/Likely Bugs/OO/UnsafeUseOfThis.ql |
CWE-670 |
| cpp/boost/tls-settings-misconfiguration |
/microsoft/cpp-queries/<Version>/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql |
CWE-326 |
| cpp/boost/use-of-deprecated-hardcoded-security-protocol |
/microsoft/cpp-queries/<Version>/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql |
CWE-327 |
| cpp/poucos-argumentos |
/microsoft/cpp-queries/<Version>/Likely Bugs/Underspecified Functions/TooFewArguments.ql |
CWE-234, CWE-685 |
| cpp/microsoft/public/badoverflowguard |
/microsoft/cpp-queries/<Version>/Microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql |
CWE-190, CWE-191 |
| cpp/microsoft/public/drivers/incorrect-usage-of-rtlcomparememory |
/microsoft/cpp-queries/<Version>/Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql |
Não aplicável |
| cpp/microsoft/public/weak-crypto/banned-encryption-algorithms |
/microsoft/cpp-queries/<Version>/Microsoft/Security/Cryptography/BannedEncryption.ql |
CWE-327 |
| cpp/microsoft/public/weak-crypto/capi/banned-modes |
/microsoft/cpp-queries/<Version>/Microsoft/Security/Cryptography/BannedModesCAPI.ql |
CWE-327 |
| cpp/microsoft/public/weak-crypto/cng/banned-modes |
/microsoft/cpp-queries/<Version>/Microsoft/Security/Cryptography/BannedModesCNG.ql |
CWE-327 |
| cpp/microsoft/public/weak-crypto/cng/hardcoded-iv |
/microsoft/cpp-queries/<Version>/Microsoft/Security/Cryptography/HardcodedIVCNG.ql |
CWE-327 |
| cpp/microsoft/public/enum-index |
/microsoft/cpp-queries/<Version>/Microsoft/Security/MemoryAccess/EnumIndex/UncheckedBoundsEnumAsIndex.ql |
CWE-125 |
| cpp/command-line-injection |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-078/ExecTainted.ql |
CWE-078, CWE-088 |
| cpp/operação-não-controlada-de-processo |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-114/UncontrolledProcessOperation.ql |
CWE-114 |
| cpp/badly-bounded-write |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-120/BadlyBoundedWrite.ql |
CWE-120, CWE-787, CWE-805 |
| cpp/overrunning-write |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-120/OverrunWrite.ql |
CWE-120, CWE-787, CWE-805 |
| cpp/no-space-for-terminator |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql |
CWE-120, CWE-122, CWE-131 |
| cpp/controlo-de-terminação-nula-controlado-por-usuário-contaminado |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql |
CWE-170 |
| cpp/comparison-with-wider-type |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-190/ComparisonWithWiderType.ql |
CWE-190, CWE-197, CWE-835 |
| cpp/hresult-boolean-conversion |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-253/HResultBooleanConversion.ql |
CWE-253 |
| cpp/openssl-heartbleed |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-327/OpenSslHeartbleed.ql |
CWE-327, CWE-788 |
| cpp/dangerous-function-overflow |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-676/DangerousFunctionOverflow.ql |
CWE-242, CWE-676 |
| cpp/dangerous-cin |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-676/DangerousUseOfCin.ql |
CWE-676 |
| cpp/incorrect-string-type-conversion |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-704/WcharCharConversion.ql |
CWE-704 |
| cpp/unsafe-dacl-security-descriptor |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql |
CWE-732 |
Consultas recomendadas
O pacote recommended.qls inclui todas as consultas do pacote mustfix.qls mais as seguintes consultas dos pacotes microsoft/windows-drivers e microsoft/cpp-queries.
Consultas gerais de driver do pacote microsoft/windows-drivers
| ID | Localização | Aviso de análise de código |
|---|---|---|
| cpp/drivers/annotation-syntax |
/microsoft/windows-drivers/<Version>/drivers/general/queries/AnnotationSyntax/AnnotationSyntax.ql |
Aviso C28266 |
| cpp/drivers/tipo-de-função-atual-incorreto |
/microsoft/windows-drivers/<Version>/drivers/general/queries/CurrentFunctionTypeNotCorrect/CurrentFunctionTypeNotCorrect.ql |
Aviso C28101 |
| cpp/drivers/default-pool-tag |
/microsoft/windows-drivers/<Version>/drivers/general/queries/DefaultPoolTag/DefaultPoolTag.ql |
Aviso C28147 |
| cpp/drivers/driver-entry-save-buffer |
/microsoft/windows-drivers/<Version>/drivers/general/queries/DriverEntrySaveBuffer/DriverEntrySaveBuffer.ql |
Aviso C28131 |
| cpp/drivers/valor-examinado |
/microsoft/windows-drivers/<Version>/drivers/general/queries/ExaminedValue/ExaminedValue.ql |
Aviso C28193 |
| cpp/drivers/irp-stack-entry-copy |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IRPStackEntryCopy/IRPStackEntryCopy.ql |
Aviso C28114 |
| cpp/driveres/chamada-de-função-importante-otimizada-fora |
/microsoft/windows-drivers/<Version>/drivers/general/queries/ImportantFunctionCallOptimizedOut/ImportantFunctionCallOptimizedOut.ql |
Aviso C28625 |
| cpp/drivers/improper-not-operator-on-zero |
/microsoft/windows-drivers/<Version>/drivers/general/queries/ImproperNotOperatorOnZero/ImproperNotOperatorOnZero.ql |
Aviso C28650 |
| cpp/drivers/invalid-function-class-typedef |
/microsoft/windows-drivers/<Version>/drivers/general/queries/InvalidFunctionClassTypedef/InvalidFunctionClassTypedef.ql |
Aviso C28268 |
| cpp/drivers/invalid-function-pointer-annotation |
/microsoft/windows-drivers/<Version>/drivers/general/queries/InvalidFunctionPointerAnnotation/InvalidFunctionPointerAnnotation.ql |
Aviso C28165 |
| cpp/drivers/io-initialize-timer-call |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IoInitializeTimerCall/IoInitializeTimerCall.ql |
Aviso C28133 |
| cpp/drivers/irql-annotation-issue |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlAnnotationIssue/IrqlAnnotationIssue.ql |
Aviso C28153 |
| cpp/drivers/irql-cancel-routine |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlCancelRoutine/IrqlCancelRoutine.ql |
Aviso C28144 |
| cpp/drivers/irql-float-state-mismatch |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlFloatStateMismatch/IrqlFloatStateMismatch.ql |
Aviso C28111 |
| cpp/drivers/irql-not-saved |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlNotSaved/IrqlNotSaved.ql |
Aviso C28158 |
| cpp/drivers/irql-not-used |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlNotUsed/IrqlNotUsed.ql |
Aviso C28157 |
| cpp/drivers/irql-set-too-high |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlSetTooHigh/IrqlSetTooHigh.ql |
Aviso C28150 |
| cpp/drivers/irql-set-too-low |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlSetTooLow/IrqlSetTooLow.ql |
Aviso C28124 |
| cpp/drivers/irql-too-high |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlTooHigh/IrqlTooHigh.ql |
Aviso C28121 |
| cpp/drivers/irql-too-low |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlTooLow/IrqlTooLow.ql |
Aviso C28120 |
| cpp/drivers/ke-set-event-pageable |
/microsoft/windows-drivers/<Version>/drivers/general/queries/KeSetEventPageable/KeSetEventPageable.ql |
Nenhuma verificação de CA associada |
| cpp/drivers/multithreaded-av-condition |
/microsoft/windows-drivers/<Version>/drivers/general/queries/MultithreadedAVCondition/MultithreadedAVCondition.ql |
Aviso C28616 |
| cpp/drivers/ntstatus-explicit-cast |
/microsoft/windows-drivers/<Version>/drivers/general/queries/NtstatusExplicitCast/NtstatusExplicitCast.ql |
Aviso C28714 |
| cpp/drivers/ntstatus-explicit-cast2 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/NtstatusExplicitCast2/NtstatusExplicitCast2.ql |
Aviso C28715 |
| cpp/drivers/ntstatus-explicit-cast3 |
/microsoft/windows-drivers/<Version>/drivers/general/queries/NtstatusExplicitCast3/NtstatusExplicitCast3.ql |
Aviso C28716 |
| cpp/drivers/null-character-pointer-assignment |
/microsoft/windows-drivers/<Version>/drivers/general/queries/NullCharacterPointerAssignment/NullCharacterPointerAssignment.ql |
Aviso C28730 |
| cpp/drivers/operand-assignment |
/microsoft/windows-drivers/<Version>/drivers/general/queries/OperandAssignment/OperandAssignment.ql |
Aviso C28129 |
| cpp/drivers/pointer-variable-size |
/microsoft/windows-drivers/<Version>/drivers/general/queries/PointerVariableSize/PointerVariableSize.ql |
Aviso C28132 |
| cpp/drivers/pool-tag-integral |
/microsoft/windows-drivers/<Version>/drivers/general/queries/PoolTagIntegral/PoolTagIntegral.ql |
Aviso C28134 |
| cpp/drivers/role-type-correctly-used |
/microsoft/windows-drivers/<Version>/drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.ql |
Aviso C28158 |
| cpp/drivers/routine-function-type-not-expected |
/microsoft/windows-drivers/<Version>/drivers/general/queries/RoutineFunctionTypeNotExpected/RoutineFunctionTypeNotExpected.ql |
Aviso C28127 |
| cpp/drivers/str-safe |
/microsoft/windows-drivers/<Version>/drivers/general/queries/StrSafe/StrSafe.ql |
Aviso C28146 |
| cpp/drivers/strict-type-match |
/microsoft/windows-drivers/<Version>/drivers/general/queries/StrictTypeMatch/StrictTypeMatch.ql |
Aviso C28139 |
Consultas de drivers do WDM do pacote Microsoft/Windows-Drivers
| ID | Localização | Aviso de análise de código |
|---|---|---|
| cpp/drivers/illegal-field-access |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/IllegalFieldAccess/IllegalFieldAccess.ql |
Aviso C28128 |
| cpp/drivers/illegal-field-access-2 |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/IllegalFieldAccess2/IllegalFieldAccess2.ql |
Aviso C28175 |
| cpp/drivers/escrita-em-campo-ilegal |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/IllegalFieldWrite/IllegalFieldWrite.ql |
Aviso C28176 |
| cpp/drivers/init-not-cleared |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/InitNotCleared/InitNotCleared.ql |
Aviso C28152 |
| cpp/drivers/kewaitlocal-requires-kernel-mode |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/KeWaitLocal/KeWaitLocal.ql |
Aviso C28135 |
| cpp/drivers/multiple-paged-code |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/MultiplePagedCode/MultiplePagedCode.ql |
Aviso C28171 |
| cpp/drivers/ob-reference-mode |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/ObReferenceMode/ObReferenceMode.ql |
Aviso C28126 |
| cpp/drivers/opaque-mdl-use |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlUse.ql |
Nenhuma verificação de CA associada |
| cpp/drivers/opaque-mdl-write |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/OpaqueMdlWrite/OpaqueMdlWrite.ql |
Aviso C28145 |
| cpp/drivers/pending-status-error |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/PendingStatusError/PendingStatusError.ql |
Aviso C28143 |
| cpp/drivers/atribuição-incorreta-de-tabela-de-despacho |
/microsoft/windows-drivers/<Version>/drivers/wdm/queries/WrongDispatchTableAssignment/WrongDispatchTableAssignment.ql |
Aviso C28168, Aviso C28169 |
Consultas gerais em C++ do pacote Microsoft/Windows-drivers
| ID | Localização | Enumeração de Fraqueza Comum /Aviso de Análise de Código |
|---|---|---|
| cpp/paddingbyteinformationdisclosure |
/microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Boundary Violations/PaddingByteInformationDisclosure.ql |
Não aplicável |
| cpp/badoverflowguard |
/microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql |
Não aplicável |
| cpp/infiniteloop |
/microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Conversion/InfiniteLoop.ql |
Não aplicável |
| cpp/use-after-free |
/microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/Memory Management/UseAfterFree/UseAfterFree.ql |
Não aplicável |
| cpp/uninitializedptrfield |
/microsoft/windows-drivers/<Version>/microsoft/Likely Bugs/UninitializedPtrField.ql |
Não aplicável |
| cpp/weak-crypto/cng/hardcoded-iv |
/microsoft/windows-drivers/<Version>/microsoft/Security/Cryptography/HardcodedIVCNG.ql |
Não aplicável |
Consultas C++ gerais do pacote microsoft/cpp-queries
| ID | Localização | Enumeração de Fraqueza Comum |
|---|---|---|
| cpp/offset-use-before-range-check |
/microsoft/cpp-queries/<Version>/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql |
CWE-120, CWE-125 |
| cpp/integer-multiplication-cast-to-long |
/microsoft/cpp-queries/<Version>/Likely Bugs/Arithmetic/IntMultToLong.ql |
CWE-190, CWE-192, CWE-197, CWE-681 |
| cpp/signed-overflow-check |
/microsoft/cpp-queries/<Version>/Likely Bugs/Arithmetic/SignedOverflowCheck.ql |
CWE-128, CWE-190 |
| cpp/upcast-array-pointer-arithmetic | /microsoft/cpp-queries/<Version>/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql |
CWE-119, CWE-843 |
| cpp/incorrect-not-operator-usage |
/microsoft/cpp-queries/<Version>/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql |
CWE-480 |
| cpp/suspicious-sizeof |
/microsoft/cpp-queries/<Version>/Likely Bugs/Memory Management/SuspiciousSizeof.ql |
CWE-467 |
| cpp/uninitialized-local |
/microsoft/cpp-queries/<Version>/Likely Bugs/Memory Management/UninitializedLocal.ql |
CWE-457, CWE-665 |
| cpp/chamada-variádica-não-terminada |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-121/UnterminatedVarargsCall.ql |
CWE-121 |
| cpp/variável-condicionalmente-não-inicializada |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql |
CWE-457 |
| cpp/suspicious-add-sizeof |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql |
CWE-468 |
| cpp/suspicious-pointer-scaling |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-468/IncorrectPointerScaling.ql |
CWE-468 |
| cpp/suspicious-pointer-scaling-void |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql |
CWE-468 |
| cpp/função-potencialmente-perigosa |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql |
CWE-676 |
| cpp/overflow-buffer |
/microsoft/cpp-queries/<Version>/Security/CWE/CWE-119/OverflowBuffer.ql |
CWE-119, CWE-121, CWE-122, CWE-126 |
Consultas de Execução Obrigatória
O pacote mustrun.qls contém consultas que devem ser executadas para passar na certificação WHCP. Essas consultas podem não precisar necessariamente ser corrigidas devido a possíveis falsos positivos, mas devem ter seus resultados revisados e quaisquer bugs reais encontrados corrigidos. Um DVL gerado sem resultados para essas verificações falha no teste do Logotipo das Ferramentas Estáticas.
Para o Windows 11, versão 26H1, as consultas expostas por mustrun.qls e recommended.qls são idênticas .