PS: Add tests.

2026-05-25 00:27:09 +02:00 · 2024-10-03 18:57:31 +01:00
parent 46ead0d7f7
commit 5103d34dbf
5 changed files with 48 additions and 2 deletions
--- a/powershell/ql/lib/semmle/code/powershell/controlflow/CfgNodes.qll
+++ b/powershell/ql/lib/semmle/code/powershell/controlflow/CfgNodes.qll
@@ -128,6 +128,8 @@ abstract private class NonExprChildMapping extends ChildMapping {
 abstract private class AbstractCallCfgNode extends AstCfgNode {
  override string getAPrimaryQlClass() { result = "CfgCall" }

+  final predicate hasName(string name) { this.getName() = name }
+
  abstract string getName();

  ExprCfgNode getQualifier() { none() }
@@ -231,7 +233,7 @@ module ExprNodes {
    final override ExprCfgNode getCommand() { none() }
  }

-    /** A control-flow node that wraps an `ConstructorCall` expression. */
+  /** A control-flow node that wraps an `ConstructorCall` expression. */
  class ConstructorCallCfgNode extends InvokeMemberCfgNode {
    ConstructorCallCfgNode() { super.getExpr() instanceof ConstructorCall }

--- a/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowDispatch.qll
+++ b/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowDispatch.qll
@@ -155,7 +155,7 @@ private predicate qualifiedCall(CfgNodes::CallCfgNode call, Node receiver, strin
  call.getName() = method
 }

-private Node trackInstance(Type t, boolean exact) {
+Node trackInstance(Type t, boolean exact) {
  result =
    CallGraphConstruction::Make<TrackInstanceInput>::track(TrackInstanceInput::MkState(t, exact))
 }
--- a/powershell/ql/test/library-tests/dataflow/typetracking/test.expected
+++ b/powershell/ql/test/library-tests/dataflow/typetracking/test.expected
@@ -0,0 +1,2 @@
+testFailures
+failures
--- a/powershell/ql/test/library-tests/dataflow/typetracking/test.ps1
+++ b/powershell/ql/test/library-tests/dataflow/typetracking/test.ps1
@@ -0,0 +1,19 @@
+class MyClass {
+    [string] $field
+    MyClass($val) {
+        $this.field = $val
+    }
+}
+
+$myClass = [MyClass]::new("hello")
+
+Sink $myClass # $ MISSING: type=MyClass
+
+
+$withNamedArg = New-Object -TypeName PSObject
+
+Sink $withNamedArg # $ MISSING: type=PSObject
+
+$withPositionalArg = New-Object PSObject
+
+Sink $withPositionalArg # $ MISSING: type=PSObject
--- a/powershell/ql/test/library-tests/dataflow/typetracking/test.ql
+++ b/powershell/ql/test/library-tests/dataflow/typetracking/test.ql
@@ -0,0 +1,23 @@
+import powershell
+import semmle.code.powershell.dataflow.internal.DataFlowDispatch
+import semmle.code.powershell.dataflow.internal.DataFlowPublic
+import semmle.code.powershell.dataflow.internal.DataFlowPrivate
+import TestUtilities.InlineExpectationsTest
+
+module TypeTrackingTest implements TestSig {
+  string getARelevantTag() { result = "type" }
+
+  predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(Node n, DataFlowCall c, Type t |
+      location = n.getLocation() and
+      element = n.toString() and
+      tag = "type" and
+      value = t.getName() and
+      n = trackInstance(t, _) and
+      isArgumentNode(n, c, _) and
+      c.asCall().hasName("Sink")
+    )
+  }
+}
+
+import MakeTest<TypeTrackingTest>