PS: Fixup 'powershell/command-injection' so that it compiles after all the AST name changes.

2026-05-25 00:27:09 +02:00 · 2024-09-03 18:16:49 +01:00
parent c2bdc7aa52
commit 1cb059c381
1 changed files with 16 additions and 16 deletions
--- a/powershell/ql/src/experimental/CommandInjection.ql
+++ b/powershell/ql/src/experimental/CommandInjection.ql
@@ -10,48 +10,48 @@

 import powershell

-predicate containsScope(VariableExpression outer, VariableExpression inner) {
+predicate containsScope(VarAccess outer, VarAccess inner) {
  outer.getUserPath() = inner.getUserPath() and
  outer != inner
 }

-predicate constantTernaryExpression(TernaryExpression ternary) {
+predicate constantTernaryExpression(ConditionalExpr ternary) {
  onlyConstantExpressions(ternary.getIfTrue()) and onlyConstantExpressions(ternary.getIfFalse())
 }

-predicate constantBinaryExpression(BinaryExpression binary) {
-  onlyConstantExpressions(binary.getLeftHandSide()) and onlyConstantExpressions(binary.getRightHandSide())
+predicate constantBinaryExpression(BinaryExpr binary) {
+  onlyConstantExpressions(binary.getLeft()) and onlyConstantExpressions(binary.getRight())
 }

-predicate onlyConstantExpressions(Expression expr){
-  expr instanceof StringConstantExpression or constantBinaryExpression(expr) or constantTernaryExpression(expr)
+predicate onlyConstantExpressions(Expr expr){
+  expr instanceof StringConstExpression or constantBinaryExpression(expr) or constantTernaryExpression(expr)
 }

-VariableExpression getNonConstantVariableAssignment(VariableExpression varexpr) {
+VarAccess getNonConstantVariableAssignment(VarAccess varexpr) {
  (
-    exists(AssignmentStatement assignment |
-      not onlyConstantExpressions(assignment.getRightHandSide().(CommandExpression).getExpression()) and
+    exists(AssignStmt assignment |
+      not onlyConstantExpressions(assignment.getRightHandSide().(CmdExpr).getExpr()) and
      result = assignment.getLeftHandSide()
    )
  ) and
  containsScope(result, varexpr)
 }

-VariableExpression getParameterWithVariableScope(VariableExpression varexpr) {
+VarAccess getParameterWithVariableScope(VarAccess varexpr) {
  exists(Parameter parameter |
    result = parameter.getName() and
    containsScope(result, varexpr)
  )
 }

-Expression getAllSubExpressions(Expression expr)
+Expr getAllSubExpressions(Expr expr)
 {
  result = expr or
  result = getAllSubExpressions(expr.(ArrayLiteral).getAnElement()) or
-  result = getAllSubExpressions(expr.(ArrayExpression).getStatementBlock().getAStatement().(Pipeline).getAComponent().(CommandExpression).getExpression())
+  result = getAllSubExpressions(expr.(ArrayExpr).getStatementBlock().getAStatement().(Pipeline).getAComponent().(CmdExpr).getExpr())
 }

-Expression dangerousCommandElement(Command command)
+Expr dangerousCommandElement(Cmd command)
 {
  (
    command.getKind() = 28 or
@@ -60,9 +60,9 @@ Expression dangerousCommandElement(Command command)
  result = getAllSubExpressions(command.getAnElement())
 }

-from Expression commandarg, VariableExpression unknownDeclaration
+from Expr commandarg, VarAccess unknownDeclaration
 where
-  exists(Command command |
+  exists(Cmd command |
    (
      unknownDeclaration = getNonConstantVariableAssignment(commandarg) or
      unknownDeclaration = getParameterWithVariableScope(commandarg)
@@ -70,5 +70,5 @@ where
    and
    commandarg = dangerousCommandElement(command)
  )
-select commandarg.(VariableExpression).getLocation(), "Unsafe flow to command argument from $@.",
+select commandarg.(VarAccess).getLocation(), "Unsafe flow to command argument from $@.",
  unknownDeclaration, unknownDeclaration.getUserPath()