hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #270 from microsoft/better-api-graphs

Browse Source 
PS: Better usability when working with nested classes
This commit is contained in:
Chanel
2025-08-11 08:03:50 -07:00
committed by GitHub
parent f8bdfa4666 e96e464855
commit 337132b5e0
9 changed files with 705 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
powershell/ql/lib/qlpack.yml
View File

@@ -16,4 +16,6 @@ dependencies:
dataExtensions:
- semmle/code/powershell/frameworks/**/*.model.yml
- semmle/code/powershell/frameworks/**/*.typemodel.yml
- semmle/code/powershell/frameworks/data/internal/cmdlet.model.yml
- semmle/code/powershell/frameworks/data/internal/alias.model.yml
warnOnImplicitThis: true

237
powershell/ql/lib/semmle/code/powershell/ApiGraphs.qll
View File

@@ -10,6 +10,7 @@ private import semmle.code.powershell.dataflow.DataFlow
private import semmle.code.powershell.typetracking.ApiGraphShared
private import semmle.code.powershell.typetracking.internal.TypeTrackingImpl
private import semmle.code.powershell.controlflow.Cfg
private import frameworks.data.internal.ApiGraphModels
private import frameworks.data.internal.ApiGraphModelsExtensions as Extensions
private import frameworks.data.internal.ApiGraphModelsSpecific as Specific
private import semmle.code.powershell.dataflow.internal.DataFlowPrivate as DataFlowPrivate
@@ -204,18 +205,6 @@ module API {
Impl::positionalParameterOrArgumentEdge(this.getAnEpsilonSuccessor(), n, result)
}
/**
* Gets the given keyword parameter of this callable, or keyword argument to this call.
*
* Note: for historical reasons, this predicate may refer to an argument of a call, but this may change in the future.
* When referring to an argument, it is recommended to use `getKeywordArgument(n)` instead.
*/
pragma[inline]
Node getKeywordParameter(string name) {
// This predicate is currently not 'inline_late' because 'name' can be an input or output
Impl::keywordParameterOrArgumentEdge(this.getAnEpsilonSuccessor(), name, result)
}
/**
* Gets the argument passed in argument position `pos` at this call.
*/
@@ -260,15 +249,6 @@ module API {
result = this.getContent(contents.getAReadContent())
}
/**
* Gets a representative for the instance field of the given `name`.
*/
pragma[inline]
Node getField(string name) {
// This predicate is currently not 'inline_late' because 'name' can be an input or output
Impl::fieldEdge(this.getAnEpsilonSuccessor(), name, result)
}
/**
* Gets a representative for an arbitrary element of this collection.
*/
@@ -283,8 +263,7 @@ module API {
this = Impl::MkMethodAccessNode(result) or
this = Impl::MkBackwardNode(result, _) or
this = Impl::MkForwardNode(result, _) or
this = Impl::MkSinkNode(result) or
this = Impl::MkNamespaceOfTypeNameNode(result)
this = Impl::MkSinkNode(result)
}
/** Gets the location of this node. */
@@ -293,6 +272,10 @@ module API {
or
this instanceof RootNode and
result instanceof EmptyLocation
or
not this instanceof RootNode and
not exists(this.getInducingNode()) and
result instanceof EmptyLocation
}
/**
@@ -352,20 +335,84 @@ module API {
override string toString() { result = "SinkNode(" + this.getInducingNode() + ")" }
}
private class UsingNode extends Node, Impl::MkUsingNode {
UsingStmt using; // TODO: This should really be the cfg node, I think
abstract private class AbstractTypeNameNode extends Node {
string prefix;
UsingNode() { this = Impl::MkUsingNode(using) }
bindingset[prefix]
AbstractTypeNameNode() { any() }
override string toString() { result = "UsingNode(" + using + ")" }
override string toString() { result = "TypeNameNode(" + this.getTypeName() + ")" }
string getComponent() {
exists(int n |
result = prefix.splitAt(".", n) and
not exists(prefix.splitAt(".", n + 1))
)
}
string getTypeName() { result = prefix }
abstract Node getSuccessor(string name);
Node memberEdge(string name) { none() }
Node methodEdge(string name) { none() }
final predicate isImplicit() { not this.isExplicit(_) }
predicate isExplicit(DataFlow::TypeNameNode typeName) { none() }
}
private class NamespaceOfTypeNameNode extends Node, Impl::MkNamespaceOfTypeNameNode {
DataFlow::QualifiedTypeNameNode typeName;
final class TypeNameNode = AbstractTypeNameNode;
NamespaceOfTypeNameNode() { this = Impl::MkNamespaceOfTypeNameNode(typeName) }
private class ExplicitTypeNameNode extends AbstractTypeNameNode, Impl::MkExplicitTypeNameNode {
ExplicitTypeNameNode() { this = Impl::MkExplicitTypeNameNode(prefix) }
override string toString() { result = "NamespaceOfTypeNameNode(" + typeName + ")" }
final override Node getSuccessor(string name) {
exists(ExplicitTypeNameNode succ |
succ = Impl::MkExplicitTypeNameNode(prefix + "." + name) and
result = succ
)
or
exists(DataFlow::TypeNameNode typeName, int n, string lowerCaseName |
Specific::needsExplicitTypeNameNode(typeName, prefix) and
lowerCaseName = typeName.getLowerCaseName() and
name = lowerCaseName.splitAt(".", n) and
not lowerCaseName.matches("%.%") and
result = getForwardStartNode(typeName)
)
}
final override predicate isExplicit(DataFlow::TypeNameNode typeName) {
Specific::needsExplicitTypeNameNode(typeName, prefix)
}
}
private string getAnAlias(string cmdlet) { Specific::aliasModel(cmdlet, result) }
predicate implicitCmdlet(string mod, string cmdlet) {
exists(string cmdlet0 |
Specific::cmdletModel(mod, cmdlet0) and
cmdlet = [cmdlet0, getAnAlias(cmdlet0)]
)
}
private class ImplicitTypeNameNode extends AbstractTypeNameNode, Impl::MkImplicitTypeNameNode {
ImplicitTypeNameNode() { this = Impl::MkImplicitTypeNameNode(prefix) }
final override Node getSuccessor(string name) {
result = Impl::MkImplicitTypeNameNode(prefix + "." + name)
}
final override Node memberEdge(string name) { result = this.methodEdge(name) }
final override Node methodEdge(string name) {
exists(DataFlow::CallNode call |
result = Impl::MkMethodAccessNode(call) and
name = call.getLowerCaseName() and
implicitCmdlet(prefix, name)
)
}
}
/**
@@ -405,13 +452,6 @@ module API {
/** Gets the root node. */
Node root() { result instanceof RootNode }
bindingset[name]
pragma[inline_late]
Node namespace(string name) {
// This predicate is currently not 'inline_late' because 'n' can be an input or output
Impl::namespace(name, result)
}
pragma[inline]
Node getTopLevelMember(string name) { Impl::topLevelMember(name, result) }
@@ -466,8 +506,8 @@ module API {
MkRoot() or
/** The method accessed at `call`, synthetically treated as a separate object. */
MkMethodAccessNode(DataFlow::CallNode call) or
MkUsingNode(UsingStmt using) or
MkNamespaceOfTypeNameNode(DataFlow::QualifiedTypeNameNode typeName) or
MkExplicitTypeNameNode(string prefix) { Specific::needsExplicitTypeNameNode(_, prefix) } or
MkImplicitTypeNameNode(string prefix) { Specific::needsImplicitTypeNameNode(prefix) } or
MkForwardNode(DataFlow::LocalSourceNode node, TypeTracker t) { isReachable(node, t) } or
/** Intermediate node for following backward data flow. */
MkBackwardNode(DataFlow::LocalSourceNode node, TypeTracker t) { isReachable(node, t) } or
@@ -483,27 +523,8 @@ module API {
node = any(EntryPoint e).getASink()
}
bindingset[e]
pragma[inline_late]
private DataFlow::Node getNodeFromExpr(Expr e) { result.asExpr().getExpr() = e }
private import frameworks.data.ModelsAsData
cached
predicate namespace(string name, Node node) {
exists(DataFlow::QualifiedTypeNameNode typeName |
typeName.getNamespace() = name and
node = MkNamespaceOfTypeNameNode(typeName)
)
or
exists(UsingStmt using |
using.getName().toLowerCase() = name and
node = MkUsingNode(using)
)
or
node = ModelOutput::getATypeNode(name)
}
cached
predicate topLevelMember(string name, Node node) { memberEdge(root(), name, node) }
@@ -516,83 +537,55 @@ module API {
)
}
cached
predicate callEdge(Node pred, string name, Node succ) {
exists(DataFlow::CallNode call |
// from receiver to method call node
pred = getForwardEndNode(getALocalSourceStrict(call.getQualifier())) and
succ = MkMethodAccessNode(call) and
name = call.getLowerCaseName()
)
}
bindingset[name]
private string memberOrMethodReturnValue(string name) {
// This predicate is a bit ad-hoc, but it's okay for now.
// We can delete it once we no longer use the typeModel and summaryModel
// tables to represent implicit root members.
result = "Method[" + name + "]"
or
result = "Method[" + name + "].ReturnValue"
or
result = "Member[" + name + "]"
}
private Node getAnImplicitRootMember(string name) {
exists(DataFlow::CallNode call |
Extensions::typeModel(_, Specific::getAnImplicitImport(), memberOrMethodReturnValue(name))
or
Extensions::summaryModel(Specific::getAnImplicitImport(), memberOrMethodReturnValue(name),
_, _, _, _)
or
Extensions::sourceModel(Specific::getAnImplicitImport(), memberOrMethodReturnValue(name), _,
_)
|
result = MkMethodAccessNode(call) and
name = call.getLowerCaseName()
)
}
cached
predicate memberEdge(Node pred, string name, Node succ) {
pred = API::root() and
(
exists(StringConstExpr read |
succ = getForwardStartNode(getNodeFromExpr(read)) and
name = read.getValueString()
)
succ.(TypeNameNode).getTypeName() = name
or
exists(DataFlow::AutomaticVariableNode automatic |
automatic.getLowerCaseName() = name and
succ = getForwardStartNode(automatic)
)
)
or
exists(TypeNameNode typeName | pred = typeName |
typeName.getSuccessor(name) = succ
or
succ = getAnImplicitRootMember(name)
typeName.memberEdge(name) = succ
)
or
exists(DataFlow::QualifiedTypeNameNode typeName |
typeName.getLowerCaseName() = name and
pred = MkNamespaceOfTypeNameNode(typeName) and
succ = getForwardStartNode(typeName)
)
or
exists(MemberExprReadAccess read |
read.getLowerCaseMemberName().toLowerCase() = name and
pred = getForwardEndNode(getALocalSourceStrict(getNodeFromExpr(read.getQualifier()))) and
succ = getForwardStartNode(getNodeFromExpr(read))
exists(DataFlow::Node qualifier | pred = getForwardEndNode(getALocalSourceStrict(qualifier)) |
exists(CfgNodes::ExprNodes::MemberExprReadAccessCfgNode read |
read.getQualifier() = qualifier.asExpr() and
read.getLowerCaseMemberName() = name and
succ = getForwardStartNode(DataFlow::exprNode(read))
)
or
exists(DataFlow::CallNode call |
call.getLowerCaseName() = name and
call.getQualifier() = qualifier and
succ = MkMethodAccessNode(call)
)
)
}
cached
predicate methodEdge(Node pred, string name, Node succ) {
exists(DataFlow::CallNode call |
succ = MkMethodAccessNode(call) and name = call.getLowerCaseName()
|
succ = MkMethodAccessNode(call) and
name = call.getLowerCaseName() and
pred = getForwardEndNode(getALocalSourceStrict(call.getQualifier()))
)
or
pred.(TypeNameNode).methodEdge(name) = succ
or
pred = API::root() and
succ = getAnImplicitRootMember(name)
exists(DataFlow::CallNode call |
not exists(call.getQualifier()) and
succ = MkMethodAccessNode(call) and
name = call.getLowerCaseName()
)
}
cached
@@ -617,11 +610,6 @@ module API {
)
}
cached
predicate fieldEdge(Node pred, string name, Node succ) {
Impl::contentEdge(pred, DataFlowPrivate::TFieldContent(name), succ)
}
cached
predicate elementEdge(Node pred, Node succ) {
contentEdge(pred, any(DataFlow::ContentSet set | set.isAnyElement()).getAReadContent(), succ)
@@ -665,10 +653,6 @@ module API {
), succ)
}
private predicate keywordParameterEdge(Node pred, string name, Node succ) {
parameterEdge(pred, any(DataFlowDispatch::ParameterPosition pos | pos.isKeyword(name)), succ)
}
cached
predicate positionalParameterOrArgumentEdge(Node pred, int n, Node succ) {
positionalArgumentEdge(pred, n, succ)
@@ -676,13 +660,6 @@ module API {
positionalParameterEdge(pred, n, succ)
}
cached
predicate keywordParameterOrArgumentEdge(Node pred, string name, Node succ) {
keywordArgumentEdge(pred, name, succ)
or
keywordParameterEdge(pred, name, succ)
}
cached
predicate instanceEdge(Node pred, Node succ) {
// TODO: Also model parameters with a given type here

15
powershell/ql/lib/semmle/code/powershell/dataflow/FlowSummary.qll
View File

@@ -47,18 +47,3 @@ abstract class SummarizedCallable extends LibraryCallable, Impl::Public::Summari
)
}
}
/**
* A callable with a flow summary, identified by a unique string, where all
* calls to a method with the same name are considered relevant.
*/
abstract class SimpleSummarizedCallable extends SummarizedCallable {
CallExpr c;
bindingset[this]
SimpleSummarizedCallable() { c.getLowerCaseName() = this }
final override CallExpr getACall() { result = c }
final override CallExpr getACallSimple() { result = c }
}

5
powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPrivate.qll
View File

@@ -280,6 +280,8 @@ private module Cached {
)
) and
model = ""
or
LocalFlow::flowSummaryLocalStep(nodeFrom, nodeTo, _, model)
}
/** This is the local flow predicate that is exposed. */
@@ -302,6 +304,9 @@ private module Cached {
LocalFlow::localFlowStepCommon(nodeFrom, nodeTo)
or
SsaFlow::localFlowStep(_, nodeFrom, nodeTo, _)
or
LocalFlow::flowSummaryLocalStep(nodeFrom, nodeTo, any(LibraryCallableToIncludeInTypeTracking c),
_)
}
/** Holds if `n` wraps an SSA definition without ingoing flow. */

10
powershell/ql/lib/semmle/code/powershell/frameworks/data/empty.model.yml
View File

@@ -30,3 +30,13 @@ extensions:
pack: microsoft/powershell-all
extensible: typeVariableModel
data: []
- addsTo:
pack: microsoft/powershell-all
extensible: cmdletModel
data: []
- addsTo:
pack: microsoft/powershell-all
extensible: aliasModel
data: []

88
powershell/ql/lib/semmle/code/powershell/frameworks/data/internal/ApiGraphModelsSpecific.qll
View File

@@ -26,8 +26,13 @@ private import codeql.dataflow.internal.AccessPathSyntax
import semmle.code.powershell.ApiGraphs
import semmle.code.powershell.dataflow.DataFlow::DataFlow as DataFlow
private import FlowSummaryImpl::Public
private import semmle.code.powershell.controlflow.Cfg
private import semmle.code.powershell.dataflow.internal.DataFlowDispatch as DataFlowDispatch
extensible predicate cmdletModel(string mod, string cmdlet);
extensible predicate aliasModel(string cmdlet, string alias);
bindingset[rawType]
predicate isTypeUsed(string rawType) { any() }
@@ -40,7 +45,7 @@ private predicate parseType(string rawType, string consts, string suffix) {
)
}
private predicate parseRelevantType(string rawType, string consts, string suffix) {
predicate parseRelevantType(string rawType, string consts, string suffix) {
isRelevantType(rawType) and
parseType(rawType, consts, suffix)
}
@@ -57,58 +62,63 @@ predicate hasImplicitTypeModel(string type, string otherType) {
/** Gets a Powershell-specific interpretation of the `(type, path)` tuple after resolving the first `n` access path tokens. */
bindingset[type, path]
API::Node getExtraNodeFromPath(string type, AccessPath path, int n) {
// A row of form `any;Method[foo]` should match any method named `foo`.
type = "any" and
n = 1 and
exists(string methodName, DataFlow::CallNode call |
methodMatchedByName(path, methodName) and
call.matchesName(methodName) and
result.(API::MethodAccessNode).asCall() = call
API::Node getExtraNodeFromPath(string type, AccessPath path, int n) { none() }
bindingset[type, name, namespace]
private predicate typeMatches(string type, string name, string namespace) {
if namespace = "" then type.matches("%" + name) else type.matches("%" + namespace + "." + name)
}
bindingset[type]
private DataFlow::TypeNameNode getTypeNameNode(string type) {
exists(string name, string namespace |
name = result.getLowerCaseName() and
namespace = result.getNamespace() and
typeMatches(type, name, namespace)
)
}
/**
* Gets a string that represents a module that is always implicitly
* imported in any powershell script.
*/
string getAnImplicitImport() {
result = "microsoft.powershell.management!"
or
result = "microsoft.powershell.utility!"
private string getTypeNameComponent(string type, int index) {
index = [0 .. strictcount(type.indexOf("."))] and
parseRelevantType(_, type, _) and
result =
strictconcat(int i, string s | s = type.splitAt(".", i) and i <= index | s, "." order by i)
}
predicate needsExplicitTypeNameNode(DataFlow::TypeNameNode typeName, string component) {
exists(string type, int index |
component = getTypeNameComponent(type, index) and
typeName = getTypeNameNode(type) and
index = [0 .. strictcount(type.indexOf(".")) - 1]
)
}
predicate needsImplicitTypeNameNode(string component) {
exists(string type, int index |
component = getTypeNameComponent(type, index) and
index = [0 .. strictcount(type.indexOf("."))] and
type.matches("microsoft.powershell.%")
)
}
/** Gets a Powershell-specific interpretation of the given `type`. */
API::Node getExtraNodeFromType(string rawType) {
exists(
string type, string suffix, DataFlow::QualifiedTypeNameNode qualifiedTypeName, string namespace,
string typename
|
exists(string type, string suffix, DataFlow::TypeNameNode typeName |
parseRelevantType(rawType, type, suffix) and
qualifiedTypeName.hasQualifiedName(namespace, typename) and
(namespace + "." + typename).toLowerCase() = type
typeName = getTypeNameNode(type)
|
suffix = "!" and
result = qualifiedTypeName.(DataFlow::LocalSourceNode).track()
result = typeName.(DataFlow::LocalSourceNode).track()
or
suffix = "" and
result = qualifiedTypeName.(DataFlow::LocalSourceNode).track().getInstance()
result = typeName.(DataFlow::LocalSourceNode).track().getInstance()
)
or
rawType = ["", getAnImplicitImport()] and
result = API::root()
}
/**
* Holds if `path` occurs in a CSV row with type `any`, meaning it can start
* matching anywhere, and the path begins with `Method[methodName]`.
*/
private predicate methodMatchedByName(AccessPath path, string methodName) {
isRelevantFullPath("any", path) and
exists(AccessPathToken token |
token = path.getToken(0) and
token.getName() = "Method" and
methodName = token.getAnArgument()
exists(string name, API::TypeNameNode typeName |
parseRelevantType(rawType, name, _) and
typeName = API::getTopLevelMember(name) and
typeName.isImplicit() and
result = typeName
)
}

132
powershell/ql/lib/semmle/code/powershell/frameworks/data/internal/alias.model.yml Normal file
View File

@@ -0,0 +1,132 @@
extensions:
- addsTo:
pack: microsoft/powershell-all
extensible: aliasModel
data:
- ["cimcmdlets", "remove-ciminstance"]
- ["add-content", "ac"]
- ["clear-content", "clc"]
- ["clear-item", "cli"]
- ["clear-itemproperty", "clp"]
- ["convert-path", "cvpa"]
- ["copy-item", "copy"]
- ["copy-item", "cp"]
- ["copy-item", "cpi"]
- ["copy-itemproperty", "cpp"]
- ["get-childitem", "dir"]
- ["get-childitem", "gci"]
- ["get-childitem", "ls"]
- ["get-clipboard", "gcb"]
- ["get-computerinfo", "gin"]
- ["get-content", "cat"]
- ["get-content", "gc"]
- ["get-content", type"]
- ["get-item", "gi"]
- ["get-itemproperty", "gp"]
- ["get-itempropertyvalue", "gpv"]
- ["get-location", "gl"]
- ["get-location", "pwd"]
- ["get-process", "gps"]
- ["get-process", "ps"]
- ["get-psdrive", "gdr"]
- ["get-service", "gsv"]
- ["get-timezone", "gtz"]
- ["invoke-item", "ii"]
- ["move-item", "mi"]
- ["move-item", "move"]
- ["move-item", "mv"]
- ["move-itemproperty", "mp"]
- ["new-item", "ni"]
- ["new-psdrive", "mount"]
- ["new-psdrive", "ndr"]
- ["pop-location", "popd"]
- ["push-location", "pushd"]
- ["remove-item", "del"]
- ["remove-item", "erase"]
- ["remove-item", "rd"]
- ["remove-item", "ri"]
- ["remove-item", "rm"]
- ["remove-item", "rmdir"]
- ["remove-itemproperty", "rp"]
- ["remove-psdrive", "rdr"]
- ["rename-item", "ren"]
- ["rename-item", "rni"]
- ["rename-itemproperty", "rnp"]
- ["resolve-path", "rvpa"]
- ["set-clipboard", "scb"]
- ["set-item", "si"]
- ["set-itemproperty", "sp"]
- ["set-location", "cd"]
- ["set-location", "chdir"]
- ["set-location", "sl"]
- ["set-timezone", "stz"]
- ["start-process", "saps"]
- ["start-process", "start"]
- ["start-service", "sasv"]
- ["stop-process", "kill"]
- ["stop-process", "spps"]
- ["stop-service", "spsv"]
- ["compress-psresource", "cmres"]
- ["find-psresource", "fdres"]
- ["get-installedpsresource", "get-psresource"]
- ["install-psresource", "isres"]
- ["publish-psresource", "pbres"]
- ["update-psresource", "udres"]
- ["clear-variable", "clv"]
- ["compare-object", "compare"]
- ["compare-object", "diff"]
- ["disable-psbreakpoint", "dbp"]
- ["enable-psbreakpoint", "ebp"]
- ["export-alias", "epal"]
- ["export-csv", "epcsv"]
- ["format-custom", "fc"]
- ["format-hex", "fhx"]
- ["format-list", "fl"]
- ["format-table", "ft"]
- ["format-wide", "fw"]
- ["get-alias", "gal"]
- ["get-error", "gerr"]
- ["get-member", "gm"]
- ["get-psbreakpoint", "gbp"]
- ["get-pscallstack", "gcs"]
- ["get-unique", "gu"]
- ["get-variable", "gv"]
- ["group-object", "group"]
- ["import-alias", "ipal"]
- ["import-csv", "ipcsv"]
- ["invoke-expression", "iex"]
- ["invoke-restmethod", "irm"]
- ["invoke-webrequest", "iwr"]
- ["measure-object", "measure"]
- ["new-alias", "nal"]
- ["new-variable", "nv"]
- ["out-gridview", "ogv"]
- ["remove-psbreakpoint", "rbp"]
- ["remove-variable", "rv"]
- ["select-object", "select"]
- ["select-string", "sls"]
- ["set-alias", "sal"]
- ["set-psbreakpoint", "sbp"]
- ["set-variable", "set"]
- ["set-variable", "sv"]
- ["show-command", "shcm"]
- ["sort-object", "sort"]
- ["start-sleep", "sleep"]
- ["tee-object", "tee"]
- ["write-output", "echo"]
- ["write-output", "write"]
- ["add-localgroupmember", "algm"]
- ["disable-localuser", "dlu"]
- ["enable-localuser", "elu"]
- ["get-localgroup", "glg"]
- ["get-localgroupmember", "glgm"]
- ["get-localuser", "glu"]
- ["new-localgroup", "nlg"]
- ["new-localuser", "nlu"]
- ["remove-localgroup", "rlg"]
- ["remove-localgroupmember", "rlgm"]
- ["remove-localuser", "rlu"]
- ["rename-localgroup", "rnlg"]
- ["rename-localuser", "rnlu"]
- ["set-localgroup", "slg"]
- ["set-localuser", "slu"]

398
powershell/ql/lib/semmle/code/powershell/frameworks/data/internal/cmdlet.model.yml Normal file
View File

@@ -0,0 +1,398 @@
extensions:
- addsTo:
pack: microsoft/powershell-all
extensible: cmdletModel
data:
- ["cimcmdlets", "remove-ciminstance"]
- ["cimcmdlets", "import-binarymilog"]
- ["cimcmdlets", "get-cimclass"]
- ["cimcmdlets", "new-ciminstance"]
- ["cimcmdlets", "cimcmdlets"]
- ["cimcmdlets", "get-cimsession"]
- ["cimcmdlets", "new-cimsession"]
- ["cimcmdlets", "get-cimassociatedinstance"]
- ["cimcmdlets", "export-binarymilog"]
- ["cimcmdlets", "new-cimsessionoption"]
- ["cimcmdlets", "set-ciminstance"]
- ["cimcmdlets", "invoke-cimmethod"]
- ["cimcmdlets", "get-ciminstance"]
- ["cimcmdlets", "remove-cimsession"]
- ["cimcmdlets", "register-cimindicationevent"]
- ["ise", "new-isesnippet"]
- ["ise", "import-isesnippet"]
- ["ise", "get-isesnippet"]
- ["microsoft.powershell.archive", "expand-archive"]
- ["microsoft.powershell.archive", "compress-archive"]
- ["microsoft.powershell.core", "compress-archive"]
- ["microsoft.powershell.core", "test-pssessionconfigurationfile"]
- ["microsoft.powershell.core", "export-modulemember"]
- ["microsoft.powershell.core", "get-pssubsystem"]
- ["microsoft.powershell.core", "where-object"]
- ["microsoft.powershell.core", "new-pssessionconfigurationfile"]
- ["microsoft.powershell.core", "get-pssnapin"]
- ["microsoft.powershell.core", "tabexpansion2"]
- ["microsoft.powershell.core", "clear-history"]
- ["microsoft.powershell.core", "get-history"]
- ["microsoft.powershell.core", "remove-pssession"]
- ["microsoft.powershell.core", "debug-job"]
- ["microsoft.powershell.core", "register-pssessionconfiguration"]
- ["microsoft.powershell.core", "new-modulemanifest"]
- ["microsoft.powershell.core", "disable-pssessionconfiguration"]
- ["microsoft.powershell.core", "invoke-command"]
- ["microsoft.powershell.core", "get-pshostprocessinfo"]
- ["microsoft.powershell.core", "get-pssessionconfiguration"]
- ["microsoft.powershell.core", "wait-job"]
- ["microsoft.powershell.core", "enable-experimentalfeature"]
- ["microsoft.powershell.core", "add-pssnapin"]
- ["microsoft.powershell.core", "new-psrolecapabilityfile"]
- ["microsoft.powershell.core", "new-pssessionoption"]
- ["microsoft.powershell.core", "receive-job"]
- ["microsoft.powershell.core", "disconnect-pssession"]
- ["microsoft.powershell.core", "set-pssessionconfiguration"]
- ["microsoft.powershell.core", "add-history"]
- ["microsoft.powershell.core", "remove-pssnapin"]
- ["microsoft.powershell.core", "export-console"]
- ["microsoft.powershell.core", "get-help"]
- ["microsoft.powershell.core", "suspend-job"]
- ["microsoft.powershell.core", "switch-process"]
- ["microsoft.powershell.core", "remove-job"]
- ["microsoft.powershell.core", "receive-pssession"]
- ["microsoft.powershell.core", "save-help"]
- ["microsoft.powershell.core", "connect-pssession"]
- ["microsoft.powershell.core", "get-experimentalfeature"]
- ["microsoft.powershell.core", "import-module"]
- ["microsoft.powershell.core", "remove-module"]
- ["microsoft.powershell.core", "get-pssessioncapability"]
- ["microsoft.powershell.core", "new-module"]
- ["microsoft.powershell.core", "set-psdebug"]
- ["microsoft.powershell.core", "enable-psremoting"]
- ["microsoft.powershell.core", "get-job"]
- ["microsoft.powershell.core", "out-null"]
- ["microsoft.powershell.core", "get-pssession"]
- ["microsoft.powershell.core", "start-job"]
- ["microsoft.powershell.core", "exit-pssession"]
- ["microsoft.powershell.core", "register-argumentcompleter"]
- ["microsoft.powershell.core", "invoke-history"]
- ["microsoft.powershell.core", "new-pstransportoption"]
- ["microsoft.powershell.core", "new-pssession"]
- ["microsoft.powershell.core", "disable-experimentalfeature"]
- ["microsoft.powershell.core", "enable-pssessionconfiguration"]
- ["microsoft.powershell.core", "foreach-object"]
- ["microsoft.powershell.core", "disable-psremoting"]
- ["microsoft.powershell.core", "enter-pssession"]
- ["microsoft.powershell.core", "set-strictmode"]
- ["microsoft.powershell.core", "stop-job"]
- ["microsoft.powershell.core", "get-verb"]
- ["microsoft.powershell.core", "update-help"]
- ["microsoft.powershell.core", "resume-job"]
- ["microsoft.powershell.core", "get-module"]
- ["microsoft.powershell.core", "clear-host"]
- ["microsoft.powershell.core", "enter-pshostprocess"]
- ["microsoft.powershell.core", "get-command"]
- ["microsoft.powershell.core", "test-modulemanifest"]
- ["microsoft.powershell.core", "unregister-pssessionconfiguration"]
- ["microsoft.powershell.core", "exit-pshostprocess"]
- ["microsoft.powershell.core", "out-default"]
- ["microsoft.powershell.core", "out-host"]
- ["microsoft.powershell.diagnostics", "get-counter"]
- ["microsoft.powershell.diagnostics", "export-counter"]
- ["microsoft.powershell.diagnostics", "get-winevent"]
- ["microsoft.powershell.diagnostics", "new-winevent"]
- ["microsoft.powershell.diagnostics", "import-counter"]
- ["microsoft.powershell.host", "start-transcript"]
- ["microsoft.powershell.host", "stop-transcript"]
- ["microsoft.powershell.localaccounts", "stop-transcript"]
- ["microsoft.powershell.localaccounts", "new-localgroup"]
- ["microsoft.powershell.localaccounts", "rename-localuser"]
- ["microsoft.powershell.localaccounts", "new-localuser"]
- ["microsoft.powershell.localaccounts", "add-localgroupmember"]
- ["microsoft.powershell.localaccounts", "set-localgroup"]
- ["microsoft.powershell.localaccounts", "enable-localuser"]
- ["microsoft.powershell.localaccounts", "disable-localuser"]
- ["microsoft.powershell.localaccounts", "get-localgroup"]
- ["microsoft.powershell.localaccounts", "remove-localgroup"]
- ["microsoft.powershell.localaccounts", "set-localuser"]
- ["microsoft.powershell.localaccounts", "remove-localgroupmember"]
- ["microsoft.powershell.localaccounts", "remove-localuser"]
- ["microsoft.powershell.localaccounts", "get-localgroupmember"]
- ["microsoft.powershell.localaccounts", "get-localuser"]
- ["microsoft.powershell.localaccounts", "rename-localgroup"]
- ["microsoft.powershell.management", "rename-localgroup"]
- ["microsoft.powershell.management", "reset-computermachinepassword"]
- ["microsoft.powershell.management", "rename-itemproperty"]
- ["microsoft.powershell.management", "set-itemproperty"]
- ["microsoft.powershell.management", "get-itemproperty"]
- ["microsoft.powershell.management", "remove-item"]
- ["microsoft.powershell.management", "set-service"]
- ["microsoft.powershell.management", "restore-computer"]
- ["microsoft.powershell.management", "test-path"]
- ["microsoft.powershell.management", "copy-itemproperty"]
- ["microsoft.powershell.management", "get-wmiobject"]
- ["microsoft.powershell.management", "show-controlpanelitem"]
- ["microsoft.powershell.management", "test-computersecurechannel"]
- ["microsoft.powershell.management", "clear-eventlog"]
- ["microsoft.powershell.management", "remove-psdrive"]
- ["microsoft.powershell.management", "get-itempropertyvalue"]
- ["microsoft.powershell.management", "convert-path"]
- ["microsoft.powershell.management", "remove-wmiobject"]
- ["microsoft.powershell.management", "show-eventlog"]
- ["microsoft.powershell.management", "resolve-path"]
- ["microsoft.powershell.management", "get-location"]
- ["microsoft.powershell.management", "stop-computer"]
- ["microsoft.powershell.management", "move-item"]
- ["microsoft.powershell.management", "invoke-wmimethod"]
- ["microsoft.powershell.management", "add-content"]
- ["microsoft.powershell.management", "split-path"]
- ["microsoft.powershell.management", "undo-transaction"]
- ["microsoft.powershell.management", "set-location"]
- ["microsoft.powershell.management", "get-childitem"]
- ["microsoft.powershell.management", "start-transaction"]
- ["microsoft.powershell.management", "suspend-service"]
- ["microsoft.powershell.management", "set-timezone"]
- ["microsoft.powershell.management", "wait-process"]
- ["microsoft.powershell.management", "stop-service"]
- ["microsoft.powershell.management", "new-webserviceproxy"]
- ["microsoft.powershell.management", "get-content"]
- ["microsoft.powershell.management", "set-wmiinstance"]
- ["microsoft.powershell.management", "stop-process"]
- ["microsoft.powershell.management", "clear-content"]
- ["microsoft.powershell.management", "checkpoint-computer"]
- ["microsoft.powershell.management", "complete-transaction"]
- ["microsoft.powershell.management", "get-eventlog"]
- ["microsoft.powershell.management", "debug-process"]
- ["microsoft.powershell.management", "clear-recyclebin"]
- ["microsoft.powershell.management", "start-process"]
- ["microsoft.powershell.management", "copy-item"]
- ["microsoft.powershell.management", "write-eventlog"]
- ["microsoft.powershell.management", "set-content"]
- ["microsoft.powershell.management", "new-itemproperty"]
- ["microsoft.powershell.management", "restart-service"]
- ["microsoft.powershell.management", "get-controlpanelitem"]
- ["microsoft.powershell.management", "move-itemproperty"]
- ["microsoft.powershell.management", "get-transaction"]
- ["microsoft.powershell.management", "new-eventlog"]
- ["microsoft.powershell.management", "get-hotfix"]
- ["microsoft.powershell.management", "add-computer"]
- ["microsoft.powershell.management", "push-location"]
- ["microsoft.powershell.management", "start-service"]
- ["microsoft.powershell.management", "join-path"]
- ["microsoft.powershell.management", "test-connection"]
- ["microsoft.powershell.management", "set-clipboard"]
- ["microsoft.powershell.management", "get-timezone"]
- ["microsoft.powershell.management", "get-service"]
- ["microsoft.powershell.management", "restart-computer"]
- ["microsoft.powershell.management", "clear-itemproperty"]
- ["microsoft.powershell.management", "resume-service"]
- ["microsoft.powershell.management", "new-psdrive"]
- ["microsoft.powershell.management", "get-psprovider"]
- ["microsoft.powershell.management", "get-psdrive"]
- ["microsoft.powershell.management", "limit-eventlog"]
- ["microsoft.powershell.management", "rename-computer"]
- ["microsoft.powershell.management", "get-computerrestorepoint"]
- ["microsoft.powershell.management", "pop-location"]
- ["microsoft.powershell.management", "rename-item"]
- ["microsoft.powershell.management", "remove-itemproperty"]
- ["microsoft.powershell.management", "enable-computerrestore"]
- ["microsoft.powershell.management", "register-wmievent"]
- ["microsoft.powershell.management", "get-computerinfo"]
- ["microsoft.powershell.management", "remove-service"]
- ["microsoft.powershell.management", "disable-computerrestore"]
- ["microsoft.powershell.management", "set-item"]
- ["microsoft.powershell.management", "remove-computer"]
- ["microsoft.powershell.management", "invoke-item"]
- ["microsoft.powershell.management", "use-transaction"]
- ["microsoft.powershell.management", "get-process"]
- ["microsoft.powershell.management", "get-item"]
- ["microsoft.powershell.management", "new-item"]
- ["microsoft.powershell.management", "get-clipboard"]
- ["microsoft.powershell.management", "remove-eventlog"]
- ["microsoft.powershell.management", "clear-item"]
- ["microsoft.powershell.management", "new-service"]
- ["microsoft.powershell.odatautils", "export-odataendpointproxy"]
- ["microsoft.powershell.operation.validation", "get-operationvalidation"]
- ["microsoft.powershell.operation.validation", "invoke-operationvalidation"]
- ["microsoft.powershell.security", "get-pfxcertificate"]
- ["microsoft.powershell.security", "set-authenticodesignature"]
- ["microsoft.powershell.security", "get-acl"]
- ["microsoft.powershell.security", "get-credential"]
- ["microsoft.powershell.security", "get-executionpolicy"]
- ["microsoft.powershell.security", "protect-cmsmessage"]
- ["microsoft.powershell.security", "set-acl"]
- ["microsoft.powershell.security", "get-authenticodesignature"]
- ["microsoft.powershell.security", "get-cmsmessage"]
- ["microsoft.powershell.security", "new-filecatalog"]
- ["microsoft.powershell.security", "unprotect-cmsmessage"]
- ["microsoft.powershell.security", "set-executionpolicy"]
- ["microsoft.powershell.security", "convertto-securestring"]
- ["microsoft.powershell.security", "test-filecatalog"]
- ["microsoft.powershell.security", "convertfrom-securestring"]
- ["microsoft.powershell.utility", "convertfrom-string"]
- ["microsoft.powershell.utility", "remove-typedata"]
- ["microsoft.powershell.utility", "set-markdownoption"]
- ["microsoft.powershell.utility", "import-powershelldatafile"]
- ["microsoft.powershell.utility", "get-markdownoption"]
- ["microsoft.powershell.utility", "tee-object"]
- ["microsoft.powershell.utility", "get-event"]
- ["microsoft.powershell.utility", "write-debug"]
- ["microsoft.powershell.utility", "import-pssession"]
- ["microsoft.powershell.utility", "select-string"]
- ["microsoft.powershell.utility", "register-engineevent"]
- ["microsoft.powershell.utility", "convertfrom-stringdata"]
- ["microsoft.powershell.utility", "select-object"]
- ["microsoft.powershell.utility", "write-progress"]
- ["microsoft.powershell.utility", "set-tracesource"]
- ["microsoft.powershell.utility", "group-object"]
- ["microsoft.powershell.utility", "get-error"]
- ["microsoft.powershell.utility", "update-typedata"]
- ["microsoft.powershell.utility", "get-uptime"]
- ["microsoft.powershell.utility", "new-event"]
- ["microsoft.powershell.utility", "write-error"]
- ["microsoft.powershell.utility", "add-member"]
- ["microsoft.powershell.utility", "get-filehash"]
- ["microsoft.powershell.utility", "import-alias"]
- ["microsoft.powershell.utility", "get-pscallstack"]
- ["microsoft.powershell.utility", "disable-runspacedebug"]
- ["microsoft.powershell.utility", "unblock-file"]
- ["microsoft.powershell.utility", "new-temporaryfile"]
- ["microsoft.powershell.utility", "debug-runspace"]
- ["microsoft.powershell.utility", "convertto-xml"]
- ["microsoft.powershell.utility", "get-verb"]
- ["microsoft.powershell.utility", "disable-psbreakpoint"]
- ["microsoft.powershell.utility", "format-wide"]
- ["microsoft.powershell.utility", "export-csv"]
- ["microsoft.powershell.utility", "convertto-csv"]
- ["microsoft.powershell.utility", "new-timespan"]
- ["microsoft.powershell.utility", "show-markdown"]
- ["microsoft.powershell.utility", "add-type"]
- ["microsoft.powershell.utility", "import-clixml"]
- ["microsoft.powershell.utility", "get-runspacedebug"]
- ["microsoft.powershell.utility", "get-host"]
- ["microsoft.powershell.utility", "get-typedata"]
- ["microsoft.powershell.utility", "update-list"]
- ["microsoft.powershell.utility", "clear-variable"]
- ["microsoft.powershell.utility", "get-securerandom"]
- ["microsoft.powershell.utility", "convertfrom-clixml"]
- ["microsoft.powershell.utility", "get-member"]
- ["microsoft.powershell.utility", "invoke-restmethod"]
- ["microsoft.powershell.utility", "convertfrom-markdown"]
- ["microsoft.powershell.utility", "show-command"]
- ["microsoft.powershell.utility", "unregister-event"]
- ["microsoft.powershell.utility", "export-alias"]
- ["microsoft.powershell.utility", "convertfrom-csv"]
- ["microsoft.powershell.utility", "send-mailmessage"]
- ["microsoft.powershell.utility", "export-formatdata"]
- ["microsoft.powershell.utility", "out-string"]
- ["microsoft.powershell.utility", "format-custom"]
- ["microsoft.powershell.utility", "write-information"]
- ["microsoft.powershell.utility", "new-alias"]
- ["microsoft.powershell.utility", "import-localizeddata"]
- ["microsoft.powershell.utility", "remove-event"]
- ["microsoft.powershell.utility", "write-warning"]
- ["microsoft.powershell.utility", "out-file"]
- ["microsoft.powershell.utility", "write-output"]
- ["microsoft.powershell.utility", "write-host"]
- ["microsoft.powershell.utility", "convertfrom-sddlstring"]
- ["microsoft.powershell.utility", "register-objectevent"]
- ["microsoft.powershell.utility", "update-formatdata"]
- ["microsoft.powershell.utility", "invoke-webrequest"]
- ["microsoft.powershell.utility", "compare-object"]
- ["microsoft.powershell.utility", "convertto-html"]
- ["microsoft.powershell.utility", "write-verbose"]
- ["microsoft.powershell.utility", "format-hex"]
- ["microsoft.powershell.utility", "get-eventsubscriber"]
- ["microsoft.powershell.utility", "read-host"]
- ["microsoft.powershell.utility", "measure-command"]
- ["microsoft.powershell.utility", "start-sleep"]
- ["microsoft.powershell.utility", "get-runspace"]
- ["microsoft.powershell.utility", "out-gridview"]
- ["microsoft.powershell.utility", "convertto-clixml"]
- ["microsoft.powershell.utility", "wait-event"]
- ["microsoft.powershell.utility", "export-pssession"]
- ["microsoft.powershell.utility", "remove-variable"]
- ["microsoft.powershell.utility", "get-variable"]
- ["microsoft.powershell.utility", "remove-alias"]
- ["microsoft.powershell.utility", "get-random"]
- ["microsoft.powershell.utility", "set-variable"]
- ["microsoft.powershell.utility", "set-alias"]
- ["microsoft.powershell.utility", "get-uiculture"]
- ["microsoft.powershell.utility", "get-alias"]
- ["microsoft.powershell.utility", "get-date"]
- ["microsoft.powershell.utility", "format-table"]
- ["microsoft.powershell.utility", "get-unique"]
- ["microsoft.powershell.utility", "set-psbreakpoint"]
- ["microsoft.powershell.utility", "out-printer"]
- ["microsoft.powershell.utility", "import-csv"]
- ["microsoft.powershell.utility", "enable-psbreakpoint"]
- ["microsoft.powershell.utility", "convert-string"]
- ["microsoft.powershell.utility", "select-xml"]
- ["microsoft.powershell.utility", "test-json"]
- ["microsoft.powershell.utility", "measure-object"]
- ["microsoft.powershell.utility", "get-psbreakpoint"]
- ["microsoft.powershell.utility", "sort-object"]
- ["microsoft.powershell.utility", "new-object"]
- ["microsoft.powershell.utility", "invoke-expression"]
- ["microsoft.powershell.utility", "wait-debugger"]
- ["microsoft.powershell.utility", "remove-psbreakpoint"]
- ["microsoft.powershell.utility", "new-variable"]
- ["microsoft.powershell.utility", "get-formatdata"]
- ["microsoft.powershell.utility", "trace-command"]
- ["microsoft.powershell.utility", "get-culture"]
- ["microsoft.powershell.utility", "get-tracesource"]
- ["microsoft.powershell.utility", "new-guid"]
- ["microsoft.powershell.utility", "enable-runspacedebug"]
- ["microsoft.powershell.utility", "join-string"]
- ["microsoft.powershell.utility", "export-clixml"]
- ["microsoft.powershell.utility", "convertfrom-json"]
- ["microsoft.powershell.utility", "format-list"]
- ["microsoft.powershell.utility", "set-date"]
- ["microsoft.powershell.utility", "convertto-json"]
- ["microsoft.wsman.management", "connect-wsman"]
- ["microsoft.wsman.management", "disconnect-wsman"]
- ["microsoft.wsman.management", "remove-wsmaninstance"]
- ["microsoft.wsman.management", "new-wsmaninstance"]
- ["microsoft.wsman.management", "set-wsmaninstance"]
- ["microsoft.wsman.management", "test-wsman"]
- ["microsoft.wsman.management", "get-wsmancredssp"]
- ["microsoft.wsman.management", "get-wsmaninstance"]
- ["microsoft.wsman.management", "disable-wsmancredssp"]
- ["microsoft.wsman.management", "new-wsmansessionoption"]
- ["microsoft.wsman.management", "invoke-wsmanaction"]
- ["microsoft.wsman.management", "set-wsmanquickconfig"]
- ["microsoft.wsman.management", "enable-wsmancredssp"]
- ["psdiagnostics", "enable-pstrace"]
- ["psdiagnostics", "disable-wsmantrace"]
- ["psdiagnostics", "enable-wsmantrace"]
- ["psdiagnostics", "disable-pstrace"]
- ["psdiagnostics", "set-logproperties"]
- ["psdiagnostics", "enable-pswsmancombinedtrace"]
- ["psdiagnostics", "get-logproperties"]
- ["psdiagnostics", "disable-pswsmancombinedtrace"]
- ["psdiagnostics", "start-trace"]
- ["psdiagnostics", "stop-trace"]
- ["psreadline", "get-psreadlineoption"]
- ["psreadline", "set-psreadlinekeyhandler"]
- ["psreadline", "get-psreadlinekeyhandler"]
- ["psreadline", "remove-psreadlinekeyhandler"]
- ["psreadline", "psconsolehostreadline"]
- ["psreadline", "set-psreadlineoption"]
- ["psscheduledjob", "set-psreadlineoption"]
- ["psscheduledjob", "set-jobtrigger"]
- ["psscheduledjob", "add-jobtrigger"]
- ["psscheduledjob", "enable-jobtrigger"]
- ["psscheduledjob", "disable-scheduledjob"]
- ["psscheduledjob", "enable-scheduledjob"]
- ["psscheduledjob", "new-scheduledjoboption"]
- ["psscheduledjob", "unregister-scheduledjob"]
- ["psscheduledjob", "remove-jobtrigger"]
- ["psscheduledjob", "get-scheduledjoboption"]
- ["psscheduledjob", "new-jobtrigger"]
- ["psscheduledjob", "disable-jobtrigger"]
- ["psscheduledjob", "set-scheduledjob"]
- ["psscheduledjob", "get-jobtrigger"]
- ["psscheduledjob", "set-scheduledjoboption"]
- ["psscheduledjob", "register-scheduledjob"]
- ["psscheduledjob", "get-scheduledjob"]
- ["psworkflow", "new-psworkflowsession"]
- ["psworkflow", "new-psworkflowexecutionoption"]
- ["psworkflowutility", "invoke-asworkflow"]
- ["threadjob", "start-threadjob"]

4
powershell/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected
View File

@@ -3,7 +3,7 @@ edges
| test.ps1:9:11:9:20 | userinput | test.ps1:10:9:10:38 | Get-Process -Name $UserInput | provenance | |
| test.ps1:15:11:15:20 | userinput | test.ps1:16:50:16:79 | Get-Process -Name $UserInput | provenance | |
| test.ps1:21:11:21:20 | userinput | test.ps1:22:41:22:70 | Get-Process -Name $UserInput | provenance | |
| test.ps1:27:11:27:20 | userinput | test.ps1:28:38:28:67 | Get-Process -Name $UserInput | provenance | |
| test.ps1:27:11:27:20 | userinput | test.ps1:28:38:28:67 | Get-Process -Name $UserInput | provenance | Sink:MaD:102 |
| test.ps1:33:11:33:20 | userinput | test.ps1:34:14:34:46 | public class Foo { $UserInput } | provenance | |
| test.ps1:39:11:39:20 | userinput | test.ps1:40:30:40:62 | public class Foo { $UserInput } | provenance | |
| test.ps1:45:11:45:20 | userinput | test.ps1:47:5:47:9 | code | provenance | |
@@ -11,7 +11,7 @@ edges
| test.ps1:73:11:73:20 | userinput | test.ps1:75:25:75:54 | Get-Process -Name $UserInput | provenance | |
| test.ps1:80:11:80:20 | userinput | test.ps1:82:16:82:45 | Get-Process -Name $UserInput | provenance | |
| test.ps1:87:11:87:20 | userinput | test.ps1:89:12:89:28 | ping $UserInput | provenance | |
| test.ps1:94:11:94:20 | userinput | test.ps1:98:33:98:62 | Get-Process -Name $UserInput | provenance | |
| test.ps1:94:11:94:20 | userinput | test.ps1:98:33:98:62 | Get-Process -Name $UserInput | provenance | Sink:MaD:101 |
| test.ps1:104:11:104:20 | userinput | test.ps1:108:58:108:87 | Get-Process -Name $UserInput | provenance | |
| test.ps1:114:11:114:20 | userinput | test.ps1:116:34:116:43 | UserInput | provenance | |
| test.ps1:121:11:121:20 | userinput | test.ps1:123:28:123:37 | UserInput | provenance | |