hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-25 00:27:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

PS: Gets back the previously-lost false negative by making the variable property name expression the sink when there is a call to 'Invoke'.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2025-07-04 11:12:31 +01:00
parent f882af95d8
commit 0585c2f9e5
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
powershell/ql/lib/semmle/code/powershell/security/CommandInjectionCustomizations.qll
View File

@@ -142,9 +142,11 @@ module CommandInjection {
class InvokeSink extends Sink {
InvokeSink() {
exists(InvokeMemberExpr ie |
this.asExpr().getExpr() = ie.getCallee() or
this.asExpr().getExpr() = ie.getQualifier()
)
this.asExpr().getExpr() = ie.getCallee()
or
ie.getAName() = "Invoke" and
ie.getQualifier().(MemberExprReadAccess).getMemberExpr() = this.asExpr().getExpr()
)
}
override string getSinkType() { result = "call to Invoke" }