Microsoft CodeQL GitHub 리포지토리는 Windows 드라이버 개발을 간소화하고 WHCP(Windows 하드웨어 호환성 프로그램)를 준수하도록 하는 두 개의 쿼리 도구 모음을 제공합니다. recommended.qls 제품군에는 드라이버 개발자를 위한 모든 권장 쿼리가 포함되며, mustfix.qls 제품군은 WHCP 인증에 필요한 "반드시 수정해야 하는" 쿼리에 중점을 둡니다. 두 제품군은 정기적으로 업데이트됩니다.
Must-Fix WCHP 인증에 대한 쿼리
다음 쿼리 하위 집합은 WHCP 인증을 위한 Must-Fix 이며 권장 수정 도구 모음에도 포함되어 있습니다.
이 규칙 집합은 mustfix.qls에 포함됩니다.
| 아이디 | 위치 | 일반적인 약점 열거형 |
|---|---|---|
| cpp/bad-addition-overflow-check |
codeql/cpp-queries//<Version>Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql |
CWE-190, CWE-192 |
| cpp/포인터-오버플로-체크 |
codeql/cpp-queries//<Version>Likely Bugs/Memory Management/PointerOverflow.ql |
해당 없음(N/A) |
| cpp/인수가 너무 적습니다 |
codeql/cpp-queries/<Version>/가능성이 높은 버그/명시되지 않은 함수/인수가 너무 적음.ql |
해당 없음(N/A) |
| cpp/더 넓은 유형과의 비교 |
codeql/cpp-queries//<Version>Security/CWE/CWE-190/ComparisonWithWiderType.ql |
CWE-190, CWE-197, CWE-835 |
| cpp/hresult-boolean-conversion |
codeql/cpp-queries//<Version>Security/CWE/CWE-253/HResultBooleanConversion.ql |
CWE-253 |
mustfix.qls 파일에는 다음 필수 수정 코드 쿼리가 포함됩니다.
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT license.
- description: Security queries required to fix when certifying Windows Drivers
- queries: .
from: codeql/cpp-queries
version: 0.9.0
- include:
query path:
- Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
- Likely Bugs/Memory Management/PointerOverflow.ql
- Likely Bugs/Underspecified Functions/TooFewArguments.ql
- Security/CWE/CWE-190/ComparisonWithWiderType.ql
- Security/CWE/CWE-253/HResultBooleanConversion.ql
- import: windows-driver-suites/windows_mustfix_partial.qls
from: microsoft/windows-drivers
이 규칙 집합은 windows-driver-suites/windows_mustfix_partial.qls에 포함됩니다.
| 아이디 | 위치 | 일반적인 약점 열거형 |
|---|---|---|
| cpp/windows/wdk/deprecated-api |
/microsoft/windows-drivers/<Version>/drivers/general/queries/WdkDeprecatedApis/wdk-deprecated-api.ql |
해당 없음(N/A) |
| microsoft/Security/CWE/CWE-704/WcharCharConversionLimited |
/microsoft/windows-drivers//<Version>microsoft/Security/CWE/CWE-704/WcharCharConversionLimited.ql |
CWE-704 |
windows_mustfix_partial.qls 파일에는 다음 필수 수정 코드 쿼리가 포함되어 있습니다.
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT license.
- description: Security queries required to fix when certifying Windows Drivers
- queries: .
from: microsoft/windows-drivers
- include:
query path:
- drivers/general/queries/WdkDeprecatedApis/wdk-deprecated-api.ql
- microsoft/Security/CWE/CWE-704/WcharCharConversionLimited.ql
권장되는 수정 쿼리
이러한 쿼리는 Microsoft GitHub CodeQL 리포지토리에서 권장되는.qls 쿼리 도구 모음의 일부입니다. "CWE(Common Weakness Enumeration)" 열은 지정된 쿼리가 검색하는 보안 문제의 유형을 식별합니다. CWE에 대한 자세한 내용은 CWE의 Mitre 페이지를 참조하세요.
"CWE(Common Weakness Enumeration)" 열에는 쿼리에서 식별하는 보안 문제 유형이 표시됩니다.
모범 사례
| 아이디 | 위치 | 일반적인 약점 열거형 |
|---|---|---|
| 오프셋 범위 확인 전 사용 |
codeql/cpp-queries//<Version>모범 사례/잠재적 오류/OffsetUseBeforeRangeCheck.ql |
해당 없음(N/A) |
가능성 있는 버그
| 아이디 | 위치 | 일반적인 약점 열거형 |
|---|---|---|
| cpp/bad-addition-overflow-check |
codeql/cpp-queries//<Version>Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql |
CWE-190, CWE-192 |
| cpp/정수-곱셈-long-형으로-캐스트 |
codeql/cpp-queries//<Version>Likely Bugs/Arithmetic/IntMultToLong.ql |
CWE-190, CWE-192, CWE-197, CWE-681 |
| cpp/서명된 오버플로 검사 |
codeql/cpp-queries//<Version>Likely Bugs/Arithmetic/SignedOverflowCheck.ql |
해당 없음(N/A) |
| cpp/upcast-array-pointer-arithmetic |
codeql/cpp-queries//<Version>Likely Bugs/Conversion/CastArrayPointerArithmetic.ql |
CWE-119, CWE-843 |
| cpp/포인터-오버플로-체크 |
codeql/cpp-queries//<Version>Likely Bugs/Memory Management/PointerOverflow.ql |
해당 없음(N/A) |
| cpp/인수가 너무 적습니다 |
codeql/cpp-queries/<Version>/가능성이 높은 버그/명시되지 않은 함수/인수가 너무 적음.ql |
해당 없음(N/A) |
| cpp/incorrect-not-operator-usage |
codeql/cpp-queries//<Version>Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql |
CWE-480 |
| cpp/의심스러운-추가-sizeof |
codeql/cpp-queries//<Version>Likely Bugs/Memory Management/SuspiciousSizeof.ql |
CWE-468 |
| cpp/uninitialized-local |
codeql/cpp-queries/<Version>/가능성이 높은 버그/메모리 관리/초기화되지 않은 로컬.ql |
CWE-457, CWE-665 |
안전
| 아이디 | 위치 | 일반적인 약점 열거형 |
|---|---|---|
| cpp/조건부로 초기화되지 않은 변수 |
codeql/cpp-queries//<Version>Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql. |
CWE-457 |
| cpp/unterminated-variadic-call |
codeql/cpp-queries//<Version>Security/CWE/CWE-121/UnterminatedVarargsCall.ql |
CWE-121 |
| cpp/suspicious-pointer-scaling |
codeql/cpp-queries//<Version>Security/CWE/CWE-468/IncorrectPointerScaling.ql |
CWE-468 |
| cpp/suspicious-pointer-scaling-void |
codeql/cpp-queries//<Version>Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql |
CWE-468 |
| cpp/잠재적으로 위험한 함수 |
codeql/cpp-queries//<Version>Security/CWE/CWE-676/PotentiallyDangerousFunction.ql |
CWE-676 |
| cpp/incorrect-string-type-conversion |
codeql/cpp-queries/<Version>Security/CWE/CWE-704/WcharCharConversion.ql |
CWE-704 |
| cpp/더 넓은 유형과의 비교 |
codeql/cpp-queries//<Version>Security/CWE/CWE-190/ComparisonWithWiderType.ql |
CWE-190, CWE-197, CWE-835 |
| cpp/hresult-boolean-conversion |
codeql/cpp-queries//<Version>Security/CWE/CWE-253/HResultBooleanConversion.ql |
CWE-253 |
| cpp/의심스러운-추가-sizeof |
codeql/cpp-queries/<Version>/Security/CWE/CWE-468/CWE-468/SuspiciousAddWithSizeof.ql |
CWE-468 |
recommended.qls 파일에는 다음과 같은 권장 코드 쿼리가 포함됩니다.
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT license.
- description: Recommended and required queries for Windows Drivers.
- import: windows-driver-suites/windows_mustfix_partial.qls
from: microsoft/windows-drivers
- import: windows-driver-suites/windows_recommended_partial.qls
from: microsoft/windows-drivers
- queries: .
from: codeql/cpp-queries
version: 0.9.0
- include:
query path:
- Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql
- Likely Bugs/Arithmetic/IntMultToLong.ql
- Likely Bugs/Arithmetic/SignedOverflowCheck.ql
- Likely Bugs/Conversion/CastArrayPointerArithmetic.ql
- Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql
- Likely Bugs/Memory Management/SuspiciousSizeof.ql
- Likely Bugs/Memory Management/UninitializedLocal.ql
- Security/CWE/CWE-121/UnterminatedVarargsCall.ql
- Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql
- Security/CWE/CWE-468/IncorrectPointerScaling.ql
- Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql
- Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
- Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
- Security/CWE/CWE-704/WcharCharConversion.ql
- Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
- Likely Bugs/Memory Management/PointerOverflow.ql
- Likely Bugs/Underspecified Functions/TooFewArguments.ql
- Security/CWE/CWE-190/ComparisonWithWiderType.ql
- Security/CWE/CWE-253/HResultBooleanConversion.ql
이러한 쿼리는 windows_recommended_partial.qls 쿼리 도구 모음의 일부입니다.
발생 가능성이 있는 버그 - windows_recommended_partial.qls
| 아이디 | 위치 | 일반적인 약점 열거형 |
|---|---|---|
| cpp/패딩 바이트 정보 공개 |
microsoft/windows-drivers//<Version>microsoft/Likely Bugs/Boundary Violations/PaddingByteInformationDisclosure.ql |
해당 없음(N/A) |
| cpp/badoverflowguard |
microsoft/windows-drivers//<Version>microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql |
해당 없음(N/A) |
| cpp/infiniteloop |
microsoft/windows-drivers//<Version>microsoft/Likely Bugs/Conversion/InfiniteLoop.ql |
해당 없음(N/A) |
| cpp/uninitializedptrfield |
microsoft/windows-drivers//<Version>microsoft/Likely Bugs/UninitializedPtrField.ql |
해당 없음(N/A) |
| cpp/use-after-free |
microsoft/windows-drivers//<Version>microsoft/Likely Bugs/Memory Management/UseAfterFree/UseAfterFree.ql |
해당 없음(N/A) |
보안 - windows_recommended_partial.qls
| 아이디 | 위치 | 코드 분석 경고 |
|---|---|---|
| cpp/weak-crypto/cng/hardcoded-iv |
/microsoft/windows-drivers//<Version>microsoft/Security/Crytpography/HardcodedIVCNG.ql |
해당 없음(N/A) |
드라이버 - 일반
| 아이디 | 위치 | 코드 분석 경고 |
|---|---|---|
| cpp/drivers/ke-set-event-pageable |
/microsoft/windows-drivers/<Version>/drivers/general/queries/KeSetEventPageable/KeSetEventPageable.ql |
연결된 CA 확인 없음 |
| cpp/drivers/role-type-correctly-used |
/microsoft/windows-drivers//<Version>drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.ql |
연결된 CA 확인 없음 |
| cpp/drivers/extended-deprecated-api |
/microsoft/windows-drivers/<Version>/drivers/general/queries/ExtendedDeprecatedApis.ql |
C28719 경고, C28726 경고, C28735 경고, C28750 경고 |
| cpp/drivers/irql-not-saved |
/microsoft/windows-drivers//<Version>drivers/general/queries/IrqlNotSaved/IrqlNotSaved.ql |
C28158 경고 |
| cpp/drivers/irql-not-used |
/microsoft/windows-drivers//<Version>drivers/general/queries/IrqlNotUsed/IrqlNotUsed.ql |
C28157 경고 |
| cpp/drivers/irql-set-too-high |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlTooHigh/IrqlTooHigh.ql |
C28150 경고 |
| cpp/drivers/irql-too-low |
/microsoft/windows-drivers//<Version>drivers/general/queries/IrqlTooLow/IrqlTooLow.ql |
C28120 경고 |
| cpp/drivers/irql-set-too-high |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlSetTooHigh/IrqlTooHigh.ql |
C28121 경고 |
| cpp/drivers/irql-set-too-low |
/microsoft/windows-drivers/<Version>/drivers/general/queries/IrqlSetTooLow/IrqlSetTooLow.ql |
C28124 경고 |
| cpp/drivers/pool-tag-integral |
/microsoft/windows-drivers//<Version>drivers/general/queries/PoolTagIntegral/PoolTagIntegral.ql |
C28134 경고 |
| cpp/drivers/str-safe |
/microsoft/windows-drivers/<Version>/drivers/general/queries/StrSafe/StrSafe.ql |
C28146 경고 |
드라이버 - WDM
| 아이디 | 위치 | 코드 분석 경고 |
|---|---|---|
| cpp/drivers/illegal-field-access |
/microsoft/windows-drivers//<Version>drivers/wdm/queries/IllegalFieldAccess/IllegalFieldAccess.ql |
C28128 경고 |
| cpp/drivers/illegal-field-access2 |
/microsoft/windows-drivers//<Version>drivers/wdm/queries/IllegalFieldAccess2/IllegalFieldAccess2.ql |
C28175 경고 |
| cpp/drivers/illegal-field-write |
/microsoft/windows-drivers//<Version>drivers/wdm/queries/IllegalFieldWrite/IllegalFieldWrite.ql |
C28176 경고 |
| cpp/drivers/opaque-mdl-use |
/microsoft/windows-drivers//<Version>drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlUse.ql |
(연결된 CA 검사 없음) |
| cpp/drivers/opaque-mdl-write |
/microsoft/windows-drivers//<Version>drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlWrite.ql |
C28145 경고 |
| cpp/drivers/pending-status-error |
/microsoft/windows-drivers//<Version>drivers/wdm/queries/PendingStatusError/PendingStatusError.ql |
C28143 경고 |
| cpp/드라이버/잘못된 디스패치 테이블 할당 |
/microsoft/windows-drivers//<Version>drivers/wdm/queries/WrongDispatchTableAssignment/WrongDispatchTableAssignment.ql |
C28169 경고 |
windows-driver-suites/windows_recommended_partial.qls 파일에는 다음과 같은 권장 코드 쿼리가 포함됩니다.
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT license.
- description: Recommended and required queries for Windows Drivers.
- import: windows-driver-suites/windows_mustfix_partial.qls
- queries: .
from: microsoft/windows-drivers
- include:
query path:
- microsoft/Likely Bugs/Boundary Violations/PaddingByteInformationDisclosure.ql
- microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql
- microsoft/Likely Bugs/Conversion/InfiniteLoop.ql
- microsoft/Likely Bugs/Memory Management/UseAfterFree/UseAfterFree.ql
- microsoft/Likely Bugs/UninitializedPtrField.ql
- microsoft/Security/Crytpography/HardcodedIVCNG.ql
- drivers/general/queries/KeSetEventPageable/KeSetEventPageable.ql
- drivers/general/queries/RoleTypeCorrectlyUsed/RoleTypeCorrectlyUsed.ql
- drivers/general/queries/DefaultPoolTag/DefaultPoolTag.ql
- drivers/general/queries/ExaminedValue/ExaminedValue.ql
- drivers/general/queries/ExtendedDeprecatedApis/ExtendedDeprecatedApis.ql
- drivers/general/queries/IrqlNotSaved/IrqlNotSaved.ql
- drivers/general/queries/IrqlNotUsed/IrqlNotUsed.ql
- drivers/general/queries/IrqlTooHigh/IrqlTooHigh.ql
- drivers/general/queries/IrqlTooLow/IrqlTooLow.ql
- drivers/general/queries/IrqlSetTooHigh/IrqlTooHigh.ql
- drivers/general/queries/IrqlSetTooLow/IrqlSetTooLow.ql
- drivers/general/queries/PoolTagIntegral/PoolTagIntegral.ql
- drivers/general/queries/StrSafe/StrSafe.ql
- drivers/wdm/queries/IllegalFieldAccess/IllegalFieldAccess.ql
- drivers/wdm/queries/IllegalFieldAccess2/IllegalFieldAccess2.ql
- drivers/wdm/queries/IllegalFieldWrite/IllegalFieldWrite.ql
- drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlUse.ql
- drivers/wdm/queries/OpaqueMdlUse/OpaqueMdlWrite.ql
- drivers/wdm/queries/PendingStatusError/PendingStatusError.ql
- drivers/wdm/queries/WrongDispatchTableAssignment/WrongDispatchTableAssignment.ql