hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-25 08:37:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

PS: Rename getName to getLowerCaseName.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2025-04-23 10:53:31 +01:00
parent 12db85ad9c
commit 7360d800f2
22 changed files with 96 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
powershell/ql/lib/semmle/code/powershell/ApiGraphs.qll
View File

@@ -511,7 +511,7 @@ module API {
predicate toplevelCall(string name, Node node) {
exists(DataFlow::CallNode call |
call.asExpr().getExpr().getEnclosingScope() instanceof TopLevelScriptBlock and
call.getName() = name and
call.getLowerCaseName() = name and
node = MkMethodAccessNode(call)
)
}
@@ -522,7 +522,7 @@ module API {
// from receiver to method call node
pred = getForwardEndNode(getALocalSourceStrict(call.getQualifier())) and
succ = MkMethodAccessNode(call) and
name = call.getName()
name = call.getLowerCaseName()
)
}
@@ -549,7 +549,7 @@ module API {
_)
|
result = MkMethodAccessNode(call) and
name = call.getName().toLowerCase()
name = call.getLowerCaseName()
)
}
@@ -586,7 +586,7 @@ module API {
cached
predicate methodEdge(Node pred, string name, Node succ) {
exists(DataFlow::CallNode call |
succ = MkMethodAccessNode(call) and name = call.getName().toLowerCase()
succ = MkMethodAccessNode(call) and name = call.getLowerCaseName()
|
pred = getForwardEndNode(getALocalSourceStrict(call.getQualifier()))
)

24
powershell/ql/lib/semmle/code/powershell/ast/internal/CallExpr.qll
View File

@@ -5,7 +5,17 @@ class CallExpr extends Expr, TCallExpr {
Expr getArgument(int i) { none() }
/** Gets the name that is used to select the callee. */
string getName() { none() }
string getLowerCaseName() { none() }
/** Holds if `name` is the name of this call. The name is case insensitive. */
bindingset[name]
pragma[inline_late]
final predicate matchesName(string name) { this.getLowerCaseName() = name.toLowerCase() }
/** Gets a name that case-insensitively matches the name of this call. */
bindingset[result]
pragma[inline_late]
final string getAName() { result.toLowerCase() = this.getLowerCaseName() }
/** Gets the i'th positional argument to this call. */
Expr getPositionalArgument(int i) { none() }
@@ -32,7 +42,7 @@ class CallExpr extends Expr, TCallExpr {
exists(Pipeline p, int i | this = p.getComponent(i + 1) and result = p.getComponent(i))
}
final override string toString() { result = "Call to " + this.getName() }
final override string toString() { result = "Call to " + this.getLowerCaseName() }
predicate isStatic() { none() }
}
@@ -44,7 +54,15 @@ class Argument extends Expr {
int getPosition() { this = call.getPositionalArgument(result) }
string getName() { this = call.getNamedArgument(result) }
string getLowerCaseName() { this = call.getNamedArgument(result) }
bindingset[name]
pragma[inline_late]
final predicate matchesName(string name) { this.getLowerCaseName() = name.toLowerCase() }
bindingset[result]
pragma[inline_late]
final string getAName() { result.toLowerCase() = this.getLowerCaseName() }
CallExpr getCall() { result = call }
}

2
powershell/ql/lib/semmle/code/powershell/ast/internal/ChildIndex.qll
View File

@@ -37,7 +37,7 @@ newtype ChildIndex =
RealVar(string name) { name = variableNameInScope(_, _) } or
ProcessBlockPipelineVarReadAccess() or
ProcessBlockPipelineByPropertyNameVarReadAccess(string name) {
name = any(Raw::PipelineByPropertyNameParameter p).getName()
name = any(Raw::PipelineByPropertyNameParameter p).getLowerCaseName()
}
int synthPipelineParameterChildIndex(Raw::ScriptBlock sb) {

8
powershell/ql/lib/semmle/code/powershell/ast/internal/Command.qll
View File

@@ -1,7 +1,7 @@
private import AstImport
class CmdCall extends CallExpr, TCmd {
final override string getName() { result = getRawAst(this).(Raw::Cmd).getCommandName() }
final override string getLowerCaseName() { result = getRawAst(this).(Raw::Cmd).getLowerCaseName() }
final override Expr getArgument(int i) { synthChild(getRawAst(this), cmdArgument(i), result) }
@@ -85,7 +85,7 @@ class DotSourcingOperator extends CmdCall {
}
class JoinPath extends CmdCall {
JoinPath() { this.getName().toLowerCase() = "join-path" }
JoinPath() { this.getLowerCaseName() = "join-path" }
Expr getPath() {
result = this.getNamedArgument("path")
@@ -103,7 +103,7 @@ class JoinPath extends CmdCall {
}
class SplitPath extends CmdCall {
SplitPath() { this.getName().toLowerCase() = "split-path" }
SplitPath() { this.getLowerCaseName() = "split-path" }
Expr getPath() {
result = this.getNamedArgument("path")
@@ -131,7 +131,7 @@ class SplitPath extends CmdCall {
}
class GetVariable extends CmdCall {
GetVariable() { this.getName().toLowerCase() = "get-variable" }
GetVariable() { this.getLowerCaseName() = "get-variable" }
Expr getVariable() { result = this.getPositionalArgument(0) }

8
powershell/ql/lib/semmle/code/powershell/ast/internal/InvokeMemberExpression.qll
View File

@@ -1,7 +1,9 @@
private import AstImport
class InvokeMemberExpr extends CallExpr, TInvokeMemberExpr {
final override string getName() { result = getRawAst(this).(Raw::InvokeMemberExpr).getName() }
final override string getLowerCaseName() {
result = getRawAst(this).(Raw::InvokeMemberExpr).getLowerCaseName()
}
final override Ast getChild(ChildIndex i) {
result = super.getChild(i)
@@ -66,7 +68,7 @@ class ConstructorCall extends InvokeMemberExpr {
TypeNameExpr typename;
ConstructorCall() {
this.isStatic() and typename = this.getQualifier() and this.getName() = "new"
this.isStatic() and typename = this.getQualifier() and this.getLowerCaseName() = "new"
}
/** Gets the name of the type being constructed by this constructor call. */
@@ -81,5 +83,5 @@ class ConstructorCall extends InvokeMemberExpr {
* ```
*/
class ToStringCall extends InvokeMemberExpr {
ToStringCall() { this.getName().toLowerCase() = "toString" }
ToStringCall() { this.getLowerCaseName() = "tostring" }
}

2
powershell/ql/lib/semmle/code/powershell/ast/internal/NamedBlock.qll
View File

@@ -60,7 +60,7 @@ class ProcessBlock extends NamedBlock {
PipelineByPropertyNameParameter getPipelineByPropertyNameParameter(string name) {
result = scriptBlock.getAParameter() and
result.getPropertyName() = name
result.getLowerCaseName() = name
}
PipelineByPropertyNameParameter getAPipelineByPropertyNameParameter() {

2
powershell/ql/lib/semmle/code/powershell/ast/internal/ObjectCreation.qll
View File

@@ -28,7 +28,7 @@ class NewObjectCreation extends AbstractObjectCreation, ConstructorCall {
* ```
*/
class DotNetObjectCreation extends AbstractObjectCreation, CmdCall {
DotNetObjectCreation() { this.getName() = "New-Object" }
DotNetObjectCreation() { this.getLowerCaseName() = "new-object" }
final override string getConstructedTypeName() {
result = this.getConstructedTypeExpr().(StringConstExpr).getValueString()

2
powershell/ql/lib/semmle/code/powershell/ast/internal/Parameter.qll
View File

@@ -1,7 +1,7 @@
private import AstImport
class Parameter extends Variable instanceof ParameterImpl {
string getName() { result = super.getNameImpl() }
string getLowerCaseName() { result = super.getLowerCaseNameImpl() }
final predicate hasName(string name) { name = this.getName() }

8
powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/Command.qll
View File

@@ -2,13 +2,13 @@ private import Raw
private predicate parseCommandName(Cmd cmd, string namespace, string name) {
exists(string qualified | command(cmd, qualified, _, _, _) |
namespace = qualified.regexpCapture("([^\\\\]+)\\\\([^\\\\]+)", 1) and
name = qualified.regexpCapture("([^\\\\]+)\\\\([^\\\\]+)", 2)
namespace = qualified.regexpCapture("([^\\\\]+)\\\\([^\\\\]+)", 1).toLowerCase() and
name = qualified.regexpCapture("([^\\\\]+)\\\\([^\\\\]+)", 2).toLowerCase()
or
// Not a qualified name
not exists(qualified.indexOf("\\")) and
namespace = "" and
name = qualified
name = qualified.toLowerCase()
)
}
@@ -30,7 +30,7 @@ class Cmd extends @command, CmdBase {
CmdElement getCallee() { result = this.getElement(0) }
/** Gets the name of the command without any qualifiers. */
string getCommandName() { parseCommandName(this, _, result) }
string getLowerCaseName() { parseCommandName(this, _, result) }
/** Holds if the command is qualified. */
predicate isQualified() { parseCommandName(this, any(string s | s != ""), _) }

4
powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/InvokeMemberExpression.qll
View File

@@ -5,11 +5,9 @@ class InvokeMemberExpr extends @invoke_member_expression, MemberExprBase {
Expr getQualifier() { invoke_member_expression(this, result, _) }
string getName() { result = this.getCallee().(StringConstExpr).getValue().getValue() }
Expr getCallee() { invoke_member_expression(this, _, result) }
string getMemberName() { result = this.getCallee().(StringConstExpr).getValue().getValue() }
string getLowerCaseName() { result = this.getCallee().(StringConstExpr).getValue().getValue().toLowerCase() }
Expr getArgument(int i) { invoke_member_expression_argument(this, i, result) }

7
powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/Parameter.qll
View File

@@ -1,10 +1,11 @@
private import Raw
class Parameter extends @parameter, Ast {
string getName() {
exists(@variable_expression va |
string getLowerCaseName() {
exists(@variable_expression va, string userPath |
parameter(this, va, _, _) and
variable_expression(va, result, _, _, _, _, _, _, _, _, _, _)
variable_expression(va, userPath, _, _, _, _, _, _, _, _, _, _) and
result = userPath.toLowerCase()
)
}

4
powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/Scope.qll
View File

@@ -11,11 +11,11 @@ Scope scopeOf(Ast n) {
module Parameter {
abstract class Scope extends Ast {
abstract string getName();
abstract string getLowerCaseName();
}
private class ParameterScope extends Scope instanceof Parameter {
final override string getName() { result = Parameter.super.getName() }
final override string getLowerCaseName() { result = Parameter.super.getLowerCaseName() }
}
}

24
powershell/ql/lib/semmle/code/powershell/ast/internal/Synthesis.qll
View File

@@ -26,7 +26,7 @@ newtype VarKind =
PipelineIteratorKind() or
PipelineByPropertyNameIteratorKind(string name) {
exists(Raw::ProcessBlock pb |
name = pb.getScriptBlock().getParamBlock().getAPipelineByPropertyNameParameter().getName()
name = pb.getScriptBlock().getParamBlock().getAPipelineByPropertyNameParameter().getLowerCaseName()
)
}
@@ -156,7 +156,7 @@ private module SetVariableAssignment {
override predicate explicitAssignment(Raw::Ast dest, string name, Raw::Ast assignment) {
exists(Raw::Cmd cmd |
assignment = cmd and
cmd.getCommandName().toLowerCase() = "set-variable" and
cmd.getLowerCaseName() = "set-variable" and
cmd.getNamedArgument("name") = dest and
name = dest.(Raw::StringConstExpr).getValue().getValue()
)
@@ -192,7 +192,7 @@ private module ParameterSynth {
override predicate implicitAssignment(Raw::Ast dest, string name) {
exists(Raw::Parameter p |
dest = p and
name = p.getName()
name = p.getLowerCaseName()
)
}
@@ -200,7 +200,7 @@ private module ParameterSynth {
exists(Raw::Ast parent, ChildIndex i | v = TVariableSynth(parent, i) |
exists(Raw::Parameter p |
this.parameter(parent, i, p, _) and
name = p.getName()
name = p.getLowerCaseName()
)
or
this.isPipelineParameterChild(parent, _, i, _, true) and
@@ -765,7 +765,7 @@ private module IteratorAccessSynth {
or
// or
// result = "psitem" // TODO: This is also an automatic variable
result = pb.getScriptBlock().getParamBlock().getPipelineParameter().getName().toLowerCase()
result = pb.getScriptBlock().getParamBlock().getPipelineParameter().getLowerCaseName()
)
or
// TODO: We could join on something other than the string if we wanted (i.e., the raw parameter).
@@ -774,8 +774,7 @@ private module IteratorAccessSynth {
pb.getScriptBlock()
.getParamBlock()
.getAPipelineByPropertyNameParameter()
.getName()
.toLowerCase()
.getLowerCaseName()
}
private class IteratorAccessSynth extends Synthesis {
@@ -787,14 +786,13 @@ private module IteratorAccessSynth {
va.getUserPath() = "_"
or
va.getUserPath().toLowerCase() =
pb.getScriptBlock().getParamBlock().getPipelineParameter().getName().toLowerCase()
pb.getScriptBlock().getParamBlock().getPipelineParameter().getLowerCaseName()
or
va.getUserPath().toLowerCase() =
pb.getScriptBlock()
.getParamBlock()
.getAPipelineByPropertyNameParameter()
.getName()
.toLowerCase()
.getLowerCaseName()
)
}
@@ -829,7 +827,7 @@ private module IteratorAccessSynth {
or
exists(Raw::Parameter p |
p = pb.getScriptBlock().getParamBlock().getAPipelineByPropertyNameParameter() and
child = SynthChild(VarSynthKind(PipelineByPropertyNameIteratorKind(p.getName()))) and
child = SynthChild(VarSynthKind(PipelineByPropertyNameIteratorKind(p.getLowerCaseName()))) and
i = PipelineByPropertyNameIteratorVar(p)
)
)
@@ -864,7 +862,7 @@ private module IteratorAccessSynth {
or
exists(Raw::PipelineByPropertyNameParameter p |
v = TVariableSynth(_, PipelineByPropertyNameIteratorVar(p)) and
name = "__pipeline_iterator for " + p.getName()
name = "__pipeline_iterator for " + p.getLowerCaseName()
)
}
@@ -896,7 +894,7 @@ private module PipelineAccess {
)
or
exists(PipelineByPropertyNameParameter pipelineVar, Raw::PipelineByPropertyNameParameter p |
i = processBlockPipelineByPropertyNameVarReadAccess(p.getName()) and
i = processBlockPipelineByPropertyNameVarReadAccess(p.getLowerCaseName()) and
getResultAst(p) = pipelineVar and
child = SynthChild(VarAccessSynthKind(pipelineVar))
)

8
powershell/ql/lib/semmle/code/powershell/ast/internal/TAst.qll
View File

@@ -13,9 +13,9 @@ private predicate mkSynthChild(SynthKind kind, Raw::Ast parent, ChildIndex i) {
string variableNameInScope(Raw::Ast n, Scope::Range scope) {
scope = Raw::scopeOf(n) and
(
result = n.(Raw::VarAccess).getUserPath() and
not scope.getAParameter().(Raw::PipelineByPropertyNameParameter).getName() = result and
not result.toLowerCase() = ["_", "this", "false", "true", "null"] and
result = n.(Raw::VarAccess).getUserPath().toLowerCase() and
not scope.getAParameter().(Raw::PipelineByPropertyNameParameter).getLowerCaseName() = result and
not result = ["_", "this", "false", "true", "null"] and
not parameter(_, n, _, _) and
not Raw::isEnvVariableAccess(n, _)
or
@@ -56,7 +56,7 @@ private predicate inherits(Scope::Range scope, string name, Scope::Range outer)
pragma[nomagic]
private predicate hasScopeAndName(VariableImpl variable, Scope::Range scope, string name) {
variable.getNameImpl() = name and
variable.getLowerCaseNameImpl() = name and
scope = variable.getDeclaringScopeImpl()
}

18
powershell/ql/lib/semmle/code/powershell/ast/internal/Variable.qll
View File

@@ -5,9 +5,9 @@ module Private {
class TVariable = TVariableReal or TVariableSynth;
class VariableImpl extends Ast, TVariable {
abstract string getNameImpl();
abstract string getLowerCaseNameImpl();
final override string toString() { result = this.getNameImpl() }
final override string toString() { result = this.getLowerCaseNameImpl() }
abstract Location getLocationImpl();
@@ -21,7 +21,7 @@ module Private {
VariableReal() { this = TVariableReal(scope, name, n) }
override string getNameImpl() { result = name }
override string getLowerCaseNameImpl() { result = name }
override Location getLocationImpl() { result = n.getLocation() }
@@ -36,7 +36,7 @@ module Private {
VariableSynth() { this = TVariableSynth(scope, i) }
override string getNameImpl() { any(Synthesis s).variableSynthName(this, result) }
override string getLowerCaseNameImpl() { any(Synthesis s).variableSynthName(this, result) }
override Location getLocationImpl() { result = any(Synthesis s).getLocation(this) }
@@ -92,7 +92,7 @@ module Private {
string getPropertyName() {
exists(Raw::PipelineByPropertyNameParameter p |
i = PipelineByPropertyNameIteratorVar(p) and
result = p.getName()
result = p.getLowerCaseName()
)
}
@@ -100,7 +100,7 @@ module Private {
exists(Raw::PipelineByPropertyNameParameter p |
i = PipelineByPropertyNameIteratorVar(p) and
p.getScriptBlock() = getRawAst(result.getEnclosingFunction().getBody()) and
p.getName() = result.getName()
p.getLowerCaseName() = result.getLowerCaseName()
)
}
}
@@ -127,7 +127,7 @@ module Private {
final override Variable getVariableImpl() { any(Synthesis s).getAnAccess(this, result) }
final override string toString() { result = this.getVariableImpl().getName() }
final override string toString() { result = this.getVariableImpl().getLowerCaseName() }
final override Location getLocation() { result = parent.getLocation() }
}
@@ -145,9 +145,9 @@ private import Private
module Public {
class Variable extends Ast instanceof VariableImpl {
final string getName() { result = super.getNameImpl() }
final string getLowerCaseName() { result = super.getLowerCaseNameImpl() }
final override string toString() { result = this.getName() }
final override string toString() { result = this.getLowerCaseName() }
final override Location getLocation() { result = super.getLocationImpl() }

6
powershell/ql/lib/semmle/code/powershell/controlflow/CfgNodes.qll
View File

@@ -538,9 +538,9 @@ module ExprNodes {
ExprCfgNode getAnArgument() { result = this.getArgument(_) }
/** Gets the name that is used to select the callee. */
string getName() { result = e.getName() }
string getLowerCaseName() { result = e.getLowerCaseName() }
predicate hasName(string name) { this.getName() = name }
predicate hasLowerCaseName(string name) { this.getLowerCaseName() = name }
/** Gets the i'th positional argument to this call. */
ExprCfgNode getPositionalArgument(int i) {
@@ -1041,7 +1041,7 @@ module ExprNodes {
CallExprCfgNode getCall() { result.getAnArgument() = this }
string getName() { result = e.getName() }
string getLowerCaseName() { result = e.getLowerCaseName() }
int getPosition() { result = e.getPosition() }
}

2
powershell/ql/lib/semmle/code/powershell/dataflow/FlowSummary.qll
View File

@@ -56,7 +56,7 @@ abstract class SimpleSummarizedCallable extends SummarizedCallable {
CallExpr c;
bindingset[this]
SimpleSummarizedCallable() { c.getName() = this }
SimpleSummarizedCallable() { c.getLowerCaseName() = this }
final override CallExpr getACall() { result = c }

6
powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowDispatch.qll
View File

@@ -200,7 +200,7 @@ private predicate qualifiedCall(
CfgNodes::ExprNodes::CallExprCfgNode call, Node receiver, string method
) {
call.getQualifier() = receiver.asExpr() and
call.getName() = method
call.getLowerCaseName() = method
}
Node trackInstance(string typename, boolean exact) {
@@ -287,7 +287,7 @@ private module Cached {
newtype TArgumentPosition =
TThisArgumentPosition() or
TKeywordArgumentPosition(string name) {
name = any(Argument p).getName()
name = any(Argument p).getLowerCaseName()
or
FlowSummaryImpl::ParsePositions::isParsedKeywordParameterPosition(_, name)
} or
@@ -304,7 +304,7 @@ private module Cached {
cached
newtype TParameterPosition =
TThisParameterPosition() or
TKeywordParameter(string name) { name = any(Argument p).getName() } or
TKeywordParameter(string name) { name = any(Argument p).getLowerCaseName() } or
TPositionalParameter(int pos, NamedSet ns) {
exists(CfgNodes::ExprNodes::CallExprCfgNode call |
call = ns.getABindingCall() and

12
powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPrivate.qll
View File

@@ -556,7 +556,7 @@ private module ParameterNodes {
override predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) {
parameter.getEnclosingScope() = c.asCfgScope() and
(
pos.isKeyword(parameter.getName().toLowerCase())
pos.isKeyword(parameter.getLowerCaseName())
or
// Given a function f with parameters x, y we map
// x to the positions:
@@ -574,14 +574,14 @@ private module ParameterNodes {
parameter.getIndexExcludingPipelines() = i and
f = parameter.getFunction() and
f = ns.getAFunction() and
name = parameter.getName().toLowerCase() and
name = parameter.getLowerCaseName() and
not name = ns.getAName() and
j =
i -
count(int k, Parameter p |
k < i and
p = getNormalParameter(f, k) and
p.getName() = ns.getAName()
p.getLowerCaseName() = ns.getAName()
)
)
)
@@ -652,7 +652,7 @@ private module ParameterNodes {
override string toStringImpl() { result = this.getParameter().toString() }
string getPropertyName() { result = parameter.getPropertyName() }
string getPropertyName() { result = parameter.getLowerCaseName() }
}
/** A parameter for a library callable with a flow summary. */
@@ -721,7 +721,7 @@ module ArgumentNodes {
) {
arg.getCall() = call and
(
pos.isKeyword(arg.getName())
pos.isKeyword(arg.getLowerCaseName())
or
exists(NamedSet ns, int i |
i = arg.getPosition() and
@@ -1009,7 +1009,7 @@ predicate readStep(Node node1, ContentSet c, Node node2) {
or
exists(PipelineByPropertyNameParameter p, Content::KnownElementContent ec |
c.isKnownOrUnknownElement(ec) and
ec.getIndex().asString() = p.getPropertyName() and
ec.getIndex().asString() = p.getLowerCaseName() and
node1 = TProcessPropertyByNameNode(p, false) and
node2 = TProcessPropertyByNameNode(p, true)
)

4
powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPublic.qll
View File

@@ -180,7 +180,7 @@ private module Cached {
cached
predicate hasMethodCall(LocalSourceNode source, CallNode call, string name) {
source.flowsTo(call.getQualifier()) and
call.getName() = name
call.getLowerCaseName() = name
}
cached
@@ -506,7 +506,7 @@ class CallNode extends ExprNode {
CfgNodes::ExprNodes::CallExprCfgNode getCallNode() { result = call }
string getName() { result = call.getName() }
string getLowerCaseName() { result = call.getLowerCaseName() }
Node getQualifier() { result.asExpr() = call.getQualifier() }

12
powershell/ql/lib/semmle/code/powershell/security/CommandInjectionCustomizations.qll
View File

@@ -219,12 +219,12 @@ class ExpandStringSink extends Sink {
}
class SingleQuoteSanitizer extends Sanitizer {
SingleQuoteSanitizer() {
exists(ExpandableStringExpr e, VarReadAccess v |
v = this.asExpr().getExpr() and
e.getUnexpandedValue().matches("%'$" + v.getVariable().getName() + "'%") and
e.getAnExpr() = v
)
SingleQuoteSanitizer() {
exists(ExpandableStringExpr e, VarReadAccess v |
v = this.asExpr().getExpr() and
e.getUnexpandedValue().toLowerCase().matches("%'$" + v.getVariable().getLowerCaseName() + "'%") and
e.getAnExpr() = v
)
}
}
}

4
powershell/ql/src/experimental/CommandInjection.ql
View File

@@ -11,7 +11,7 @@
import powershell
predicate containsScope(VarAccess outer, VarAccess inner) {
outer.getVariable().getName() = inner.getVariable().getName() and
outer.getVariable().getLowerCaseName() = inner.getVariable().getLowerCaseName() and
outer != inner
}
@@ -75,4 +75,4 @@ where
commandarg = dangerousCommandElement(command)
)
select commandarg.(VarAccess).getLocation(), "Unsafe flow to command argument from $@.",
unknownDeclaration, unknownDeclaration.getVariable().getName()
unknownDeclaration, unknownDeclaration.getVariable().getLowerCaseName()