From 7360d800f2f43d80cdc7debec26cc3ecee3a8e44 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 23 Apr 2025 10:53:31 +0100 Subject: [PATCH] PS: Rename getName to getLowerCaseName. --- .../lib/semmle/code/powershell/ApiGraphs.qll | 8 +++---- .../code/powershell/ast/internal/CallExpr.qll | 24 ++++++++++++++++--- .../powershell/ast/internal/ChildIndex.qll | 2 +- .../code/powershell/ast/internal/Command.qll | 8 +++---- .../ast/internal/InvokeMemberExpression.qll | 8 ++++--- .../powershell/ast/internal/NamedBlock.qll | 2 +- .../ast/internal/ObjectCreation.qll | 2 +- .../powershell/ast/internal/Parameter.qll | 2 +- .../powershell/ast/internal/Raw/Command.qll | 8 +++---- .../internal/Raw/InvokeMemberExpression.qll | 4 +--- .../powershell/ast/internal/Raw/Parameter.qll | 7 +++--- .../powershell/ast/internal/Raw/Scope.qll | 4 ++-- .../powershell/ast/internal/Synthesis.qll | 24 +++++++++---------- .../code/powershell/ast/internal/TAst.qll | 8 +++---- .../code/powershell/ast/internal/Variable.qll | 18 +++++++------- .../code/powershell/controlflow/CfgNodes.qll | 6 ++--- .../code/powershell/dataflow/FlowSummary.qll | 2 +- .../dataflow/internal/DataFlowDispatch.qll | 6 ++--- .../dataflow/internal/DataFlowPrivate.qll | 12 +++++----- .../dataflow/internal/DataFlowPublic.qll | 4 ++-- .../CommandInjectionCustomizations.qll | 12 +++++----- .../ql/src/experimental/CommandInjection.ql | 4 ++-- 22 files changed, 96 insertions(+), 79 deletions(-) diff --git a/powershell/ql/lib/semmle/code/powershell/ApiGraphs.qll b/powershell/ql/lib/semmle/code/powershell/ApiGraphs.qll index f233fb840cf..c7a4aa152a7 100644 --- a/powershell/ql/lib/semmle/code/powershell/ApiGraphs.qll +++ b/powershell/ql/lib/semmle/code/powershell/ApiGraphs.qll @@ -511,7 +511,7 @@ module API { predicate toplevelCall(string name, Node node) { exists(DataFlow::CallNode call | call.asExpr().getExpr().getEnclosingScope() instanceof TopLevelScriptBlock and - call.getName() = name and + call.getLowerCaseName() = name and node = MkMethodAccessNode(call) ) } @@ -522,7 +522,7 @@ module API { // from receiver to method call node pred = getForwardEndNode(getALocalSourceStrict(call.getQualifier())) and succ = MkMethodAccessNode(call) and - name = call.getName() + name = call.getLowerCaseName() ) } @@ -549,7 +549,7 @@ module API { _) | result = MkMethodAccessNode(call) and - name = call.getName().toLowerCase() + name = call.getLowerCaseName() ) } @@ -586,7 +586,7 @@ module API { cached predicate methodEdge(Node pred, string name, Node succ) { exists(DataFlow::CallNode call | - succ = MkMethodAccessNode(call) and name = call.getName().toLowerCase() + succ = MkMethodAccessNode(call) and name = call.getLowerCaseName() | pred = getForwardEndNode(getALocalSourceStrict(call.getQualifier())) ) diff --git a/powershell/ql/lib/semmle/code/powershell/ast/internal/CallExpr.qll b/powershell/ql/lib/semmle/code/powershell/ast/internal/CallExpr.qll index c8dd8dbc9ad..d56741fdd6c 100644 --- a/powershell/ql/lib/semmle/code/powershell/ast/internal/CallExpr.qll +++ b/powershell/ql/lib/semmle/code/powershell/ast/internal/CallExpr.qll @@ -5,7 +5,17 @@ class CallExpr extends Expr, TCallExpr { Expr getArgument(int i) { none() } /** Gets the name that is used to select the callee. */ - string getName() { none() } + string getLowerCaseName() { none() } + + /** Holds if `name` is the name of this call. The name is case insensitive. */ + bindingset[name] + pragma[inline_late] + final predicate matchesName(string name) { this.getLowerCaseName() = name.toLowerCase() } + + /** Gets a name that case-insensitively matches the name of this call. */ + bindingset[result] + pragma[inline_late] + final string getAName() { result.toLowerCase() = this.getLowerCaseName() } /** Gets the i'th positional argument to this call. */ Expr getPositionalArgument(int i) { none() } @@ -32,7 +42,7 @@ class CallExpr extends Expr, TCallExpr { exists(Pipeline p, int i | this = p.getComponent(i + 1) and result = p.getComponent(i)) } - final override string toString() { result = "Call to " + this.getName() } + final override string toString() { result = "Call to " + this.getLowerCaseName() } predicate isStatic() { none() } } @@ -44,7 +54,15 @@ class Argument extends Expr { int getPosition() { this = call.getPositionalArgument(result) } - string getName() { this = call.getNamedArgument(result) } + string getLowerCaseName() { this = call.getNamedArgument(result) } + + bindingset[name] + pragma[inline_late] + final predicate matchesName(string name) { this.getLowerCaseName() = name.toLowerCase() } + + bindingset[result] + pragma[inline_late] + final string getAName() { result.toLowerCase() = this.getLowerCaseName() } CallExpr getCall() { result = call } } diff --git a/powershell/ql/lib/semmle/code/powershell/ast/internal/ChildIndex.qll b/powershell/ql/lib/semmle/code/powershell/ast/internal/ChildIndex.qll index 772aab474ae..9ec865440d1 100644 --- a/powershell/ql/lib/semmle/code/powershell/ast/internal/ChildIndex.qll +++ b/powershell/ql/lib/semmle/code/powershell/ast/internal/ChildIndex.qll @@ -37,7 +37,7 @@ newtype ChildIndex = RealVar(string name) { name = variableNameInScope(_, _) } or ProcessBlockPipelineVarReadAccess() or ProcessBlockPipelineByPropertyNameVarReadAccess(string name) { - name = any(Raw::PipelineByPropertyNameParameter p).getName() + name = any(Raw::PipelineByPropertyNameParameter p).getLowerCaseName() } int synthPipelineParameterChildIndex(Raw::ScriptBlock sb) { diff --git a/powershell/ql/lib/semmle/code/powershell/ast/internal/Command.qll b/powershell/ql/lib/semmle/code/powershell/ast/internal/Command.qll index fb8b93ff9c1..8983c373d9b 100644 --- a/powershell/ql/lib/semmle/code/powershell/ast/internal/Command.qll +++ b/powershell/ql/lib/semmle/code/powershell/ast/internal/Command.qll @@ -1,7 +1,7 @@ private import AstImport class CmdCall extends CallExpr, TCmd { - final override string getName() { result = getRawAst(this).(Raw::Cmd).getCommandName() } + final override string getLowerCaseName() { result = getRawAst(this).(Raw::Cmd).getLowerCaseName() } final override Expr getArgument(int i) { synthChild(getRawAst(this), cmdArgument(i), result) } @@ -85,7 +85,7 @@ class DotSourcingOperator extends CmdCall { } class JoinPath extends CmdCall { - JoinPath() { this.getName().toLowerCase() = "join-path" } + JoinPath() { this.getLowerCaseName() = "join-path" } Expr getPath() { result = this.getNamedArgument("path") @@ -103,7 +103,7 @@ class JoinPath extends CmdCall { } class SplitPath extends CmdCall { - SplitPath() { this.getName().toLowerCase() = "split-path" } + SplitPath() { this.getLowerCaseName() = "split-path" } Expr getPath() { result = this.getNamedArgument("path") @@ -131,7 +131,7 @@ class SplitPath extends CmdCall { } class GetVariable extends CmdCall { - GetVariable() { this.getName().toLowerCase() = "get-variable" } + GetVariable() { this.getLowerCaseName() = "get-variable" } Expr getVariable() { result = this.getPositionalArgument(0) } diff --git a/powershell/ql/lib/semmle/code/powershell/ast/internal/InvokeMemberExpression.qll b/powershell/ql/lib/semmle/code/powershell/ast/internal/InvokeMemberExpression.qll index 0fdde64208f..4772233c9f5 100644 --- a/powershell/ql/lib/semmle/code/powershell/ast/internal/InvokeMemberExpression.qll +++ b/powershell/ql/lib/semmle/code/powershell/ast/internal/InvokeMemberExpression.qll @@ -1,7 +1,9 @@ private import AstImport class InvokeMemberExpr extends CallExpr, TInvokeMemberExpr { - final override string getName() { result = getRawAst(this).(Raw::InvokeMemberExpr).getName() } + final override string getLowerCaseName() { + result = getRawAst(this).(Raw::InvokeMemberExpr).getLowerCaseName() + } final override Ast getChild(ChildIndex i) { result = super.getChild(i) @@ -66,7 +68,7 @@ class ConstructorCall extends InvokeMemberExpr { TypeNameExpr typename; ConstructorCall() { - this.isStatic() and typename = this.getQualifier() and this.getName() = "new" + this.isStatic() and typename = this.getQualifier() and this.getLowerCaseName() = "new" } /** Gets the name of the type being constructed by this constructor call. */ @@ -81,5 +83,5 @@ class ConstructorCall extends InvokeMemberExpr { * ``` */ class ToStringCall extends InvokeMemberExpr { - ToStringCall() { this.getName().toLowerCase() = "toString" } + ToStringCall() { this.getLowerCaseName() = "tostring" } } diff --git a/powershell/ql/lib/semmle/code/powershell/ast/internal/NamedBlock.qll b/powershell/ql/lib/semmle/code/powershell/ast/internal/NamedBlock.qll index 5e721df9de1..6f162c6e1a8 100644 --- a/powershell/ql/lib/semmle/code/powershell/ast/internal/NamedBlock.qll +++ b/powershell/ql/lib/semmle/code/powershell/ast/internal/NamedBlock.qll @@ -60,7 +60,7 @@ class ProcessBlock extends NamedBlock { PipelineByPropertyNameParameter getPipelineByPropertyNameParameter(string name) { result = scriptBlock.getAParameter() and - result.getPropertyName() = name + result.getLowerCaseName() = name } PipelineByPropertyNameParameter getAPipelineByPropertyNameParameter() { diff --git a/powershell/ql/lib/semmle/code/powershell/ast/internal/ObjectCreation.qll b/powershell/ql/lib/semmle/code/powershell/ast/internal/ObjectCreation.qll index 5cb39276259..a2b65a8b0c4 100644 --- a/powershell/ql/lib/semmle/code/powershell/ast/internal/ObjectCreation.qll +++ b/powershell/ql/lib/semmle/code/powershell/ast/internal/ObjectCreation.qll @@ -28,7 +28,7 @@ class NewObjectCreation extends AbstractObjectCreation, ConstructorCall { * ``` */ class DotNetObjectCreation extends AbstractObjectCreation, CmdCall { - DotNetObjectCreation() { this.getName() = "New-Object" } + DotNetObjectCreation() { this.getLowerCaseName() = "new-object" } final override string getConstructedTypeName() { result = this.getConstructedTypeExpr().(StringConstExpr).getValueString() diff --git a/powershell/ql/lib/semmle/code/powershell/ast/internal/Parameter.qll b/powershell/ql/lib/semmle/code/powershell/ast/internal/Parameter.qll index 6a3bc757ead..5b8d3295496 100644 --- a/powershell/ql/lib/semmle/code/powershell/ast/internal/Parameter.qll +++ b/powershell/ql/lib/semmle/code/powershell/ast/internal/Parameter.qll @@ -1,7 +1,7 @@ private import AstImport class Parameter extends Variable instanceof ParameterImpl { - string getName() { result = super.getNameImpl() } + string getLowerCaseName() { result = super.getLowerCaseNameImpl() } final predicate hasName(string name) { name = this.getName() } diff --git a/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/Command.qll b/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/Command.qll index da889b1f573..94ab5f7d49e 100644 --- a/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/Command.qll +++ b/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/Command.qll @@ -2,13 +2,13 @@ private import Raw private predicate parseCommandName(Cmd cmd, string namespace, string name) { exists(string qualified | command(cmd, qualified, _, _, _) | - namespace = qualified.regexpCapture("([^\\\\]+)\\\\([^\\\\]+)", 1) and - name = qualified.regexpCapture("([^\\\\]+)\\\\([^\\\\]+)", 2) + namespace = qualified.regexpCapture("([^\\\\]+)\\\\([^\\\\]+)", 1).toLowerCase() and + name = qualified.regexpCapture("([^\\\\]+)\\\\([^\\\\]+)", 2).toLowerCase() or // Not a qualified name not exists(qualified.indexOf("\\")) and namespace = "" and - name = qualified + name = qualified.toLowerCase() ) } @@ -30,7 +30,7 @@ class Cmd extends @command, CmdBase { CmdElement getCallee() { result = this.getElement(0) } /** Gets the name of the command without any qualifiers. */ - string getCommandName() { parseCommandName(this, _, result) } + string getLowerCaseName() { parseCommandName(this, _, result) } /** Holds if the command is qualified. */ predicate isQualified() { parseCommandName(this, any(string s | s != ""), _) } diff --git a/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/InvokeMemberExpression.qll b/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/InvokeMemberExpression.qll index a2fa623f395..d57fe19f1fc 100644 --- a/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/InvokeMemberExpression.qll +++ b/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/InvokeMemberExpression.qll @@ -5,11 +5,9 @@ class InvokeMemberExpr extends @invoke_member_expression, MemberExprBase { Expr getQualifier() { invoke_member_expression(this, result, _) } - string getName() { result = this.getCallee().(StringConstExpr).getValue().getValue() } - Expr getCallee() { invoke_member_expression(this, _, result) } - string getMemberName() { result = this.getCallee().(StringConstExpr).getValue().getValue() } + string getLowerCaseName() { result = this.getCallee().(StringConstExpr).getValue().getValue().toLowerCase() } Expr getArgument(int i) { invoke_member_expression_argument(this, i, result) } diff --git a/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/Parameter.qll b/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/Parameter.qll index 08ee3f9e209..9316bdba925 100644 --- a/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/Parameter.qll +++ b/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/Parameter.qll @@ -1,10 +1,11 @@ private import Raw class Parameter extends @parameter, Ast { - string getName() { - exists(@variable_expression va | + string getLowerCaseName() { + exists(@variable_expression va, string userPath | parameter(this, va, _, _) and - variable_expression(va, result, _, _, _, _, _, _, _, _, _, _) + variable_expression(va, userPath, _, _, _, _, _, _, _, _, _, _) and + result = userPath.toLowerCase() ) } diff --git a/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/Scope.qll b/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/Scope.qll index 6c8488e1a1a..836628a15fa 100644 --- a/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/Scope.qll +++ b/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/Scope.qll @@ -11,11 +11,11 @@ Scope scopeOf(Ast n) { module Parameter { abstract class Scope extends Ast { - abstract string getName(); + abstract string getLowerCaseName(); } private class ParameterScope extends Scope instanceof Parameter { - final override string getName() { result = Parameter.super.getName() } + final override string getLowerCaseName() { result = Parameter.super.getLowerCaseName() } } } diff --git a/powershell/ql/lib/semmle/code/powershell/ast/internal/Synthesis.qll b/powershell/ql/lib/semmle/code/powershell/ast/internal/Synthesis.qll index 24cb4d323b6..68c2452ba61 100644 --- a/powershell/ql/lib/semmle/code/powershell/ast/internal/Synthesis.qll +++ b/powershell/ql/lib/semmle/code/powershell/ast/internal/Synthesis.qll @@ -26,7 +26,7 @@ newtype VarKind = PipelineIteratorKind() or PipelineByPropertyNameIteratorKind(string name) { exists(Raw::ProcessBlock pb | - name = pb.getScriptBlock().getParamBlock().getAPipelineByPropertyNameParameter().getName() + name = pb.getScriptBlock().getParamBlock().getAPipelineByPropertyNameParameter().getLowerCaseName() ) } @@ -156,7 +156,7 @@ private module SetVariableAssignment { override predicate explicitAssignment(Raw::Ast dest, string name, Raw::Ast assignment) { exists(Raw::Cmd cmd | assignment = cmd and - cmd.getCommandName().toLowerCase() = "set-variable" and + cmd.getLowerCaseName() = "set-variable" and cmd.getNamedArgument("name") = dest and name = dest.(Raw::StringConstExpr).getValue().getValue() ) @@ -192,7 +192,7 @@ private module ParameterSynth { override predicate implicitAssignment(Raw::Ast dest, string name) { exists(Raw::Parameter p | dest = p and - name = p.getName() + name = p.getLowerCaseName() ) } @@ -200,7 +200,7 @@ private module ParameterSynth { exists(Raw::Ast parent, ChildIndex i | v = TVariableSynth(parent, i) | exists(Raw::Parameter p | this.parameter(parent, i, p, _) and - name = p.getName() + name = p.getLowerCaseName() ) or this.isPipelineParameterChild(parent, _, i, _, true) and @@ -765,7 +765,7 @@ private module IteratorAccessSynth { or // or // result = "psitem" // TODO: This is also an automatic variable - result = pb.getScriptBlock().getParamBlock().getPipelineParameter().getName().toLowerCase() + result = pb.getScriptBlock().getParamBlock().getPipelineParameter().getLowerCaseName() ) or // TODO: We could join on something other than the string if we wanted (i.e., the raw parameter). @@ -774,8 +774,7 @@ private module IteratorAccessSynth { pb.getScriptBlock() .getParamBlock() .getAPipelineByPropertyNameParameter() - .getName() - .toLowerCase() + .getLowerCaseName() } private class IteratorAccessSynth extends Synthesis { @@ -787,14 +786,13 @@ private module IteratorAccessSynth { va.getUserPath() = "_" or va.getUserPath().toLowerCase() = - pb.getScriptBlock().getParamBlock().getPipelineParameter().getName().toLowerCase() + pb.getScriptBlock().getParamBlock().getPipelineParameter().getLowerCaseName() or va.getUserPath().toLowerCase() = pb.getScriptBlock() .getParamBlock() .getAPipelineByPropertyNameParameter() - .getName() - .toLowerCase() + .getLowerCaseName() ) } @@ -829,7 +827,7 @@ private module IteratorAccessSynth { or exists(Raw::Parameter p | p = pb.getScriptBlock().getParamBlock().getAPipelineByPropertyNameParameter() and - child = SynthChild(VarSynthKind(PipelineByPropertyNameIteratorKind(p.getName()))) and + child = SynthChild(VarSynthKind(PipelineByPropertyNameIteratorKind(p.getLowerCaseName()))) and i = PipelineByPropertyNameIteratorVar(p) ) ) @@ -864,7 +862,7 @@ private module IteratorAccessSynth { or exists(Raw::PipelineByPropertyNameParameter p | v = TVariableSynth(_, PipelineByPropertyNameIteratorVar(p)) and - name = "__pipeline_iterator for " + p.getName() + name = "__pipeline_iterator for " + p.getLowerCaseName() ) } @@ -896,7 +894,7 @@ private module PipelineAccess { ) or exists(PipelineByPropertyNameParameter pipelineVar, Raw::PipelineByPropertyNameParameter p | - i = processBlockPipelineByPropertyNameVarReadAccess(p.getName()) and + i = processBlockPipelineByPropertyNameVarReadAccess(p.getLowerCaseName()) and getResultAst(p) = pipelineVar and child = SynthChild(VarAccessSynthKind(pipelineVar)) ) diff --git a/powershell/ql/lib/semmle/code/powershell/ast/internal/TAst.qll b/powershell/ql/lib/semmle/code/powershell/ast/internal/TAst.qll index f62e71e58b9..b8f91de3cac 100644 --- a/powershell/ql/lib/semmle/code/powershell/ast/internal/TAst.qll +++ b/powershell/ql/lib/semmle/code/powershell/ast/internal/TAst.qll @@ -13,9 +13,9 @@ private predicate mkSynthChild(SynthKind kind, Raw::Ast parent, ChildIndex i) { string variableNameInScope(Raw::Ast n, Scope::Range scope) { scope = Raw::scopeOf(n) and ( - result = n.(Raw::VarAccess).getUserPath() and - not scope.getAParameter().(Raw::PipelineByPropertyNameParameter).getName() = result and - not result.toLowerCase() = ["_", "this", "false", "true", "null"] and + result = n.(Raw::VarAccess).getUserPath().toLowerCase() and + not scope.getAParameter().(Raw::PipelineByPropertyNameParameter).getLowerCaseName() = result and + not result = ["_", "this", "false", "true", "null"] and not parameter(_, n, _, _) and not Raw::isEnvVariableAccess(n, _) or @@ -56,7 +56,7 @@ private predicate inherits(Scope::Range scope, string name, Scope::Range outer) pragma[nomagic] private predicate hasScopeAndName(VariableImpl variable, Scope::Range scope, string name) { - variable.getNameImpl() = name and + variable.getLowerCaseNameImpl() = name and scope = variable.getDeclaringScopeImpl() } diff --git a/powershell/ql/lib/semmle/code/powershell/ast/internal/Variable.qll b/powershell/ql/lib/semmle/code/powershell/ast/internal/Variable.qll index bfff89bdd20..d8ed4bfb443 100644 --- a/powershell/ql/lib/semmle/code/powershell/ast/internal/Variable.qll +++ b/powershell/ql/lib/semmle/code/powershell/ast/internal/Variable.qll @@ -5,9 +5,9 @@ module Private { class TVariable = TVariableReal or TVariableSynth; class VariableImpl extends Ast, TVariable { - abstract string getNameImpl(); + abstract string getLowerCaseNameImpl(); - final override string toString() { result = this.getNameImpl() } + final override string toString() { result = this.getLowerCaseNameImpl() } abstract Location getLocationImpl(); @@ -21,7 +21,7 @@ module Private { VariableReal() { this = TVariableReal(scope, name, n) } - override string getNameImpl() { result = name } + override string getLowerCaseNameImpl() { result = name } override Location getLocationImpl() { result = n.getLocation() } @@ -36,7 +36,7 @@ module Private { VariableSynth() { this = TVariableSynth(scope, i) } - override string getNameImpl() { any(Synthesis s).variableSynthName(this, result) } + override string getLowerCaseNameImpl() { any(Synthesis s).variableSynthName(this, result) } override Location getLocationImpl() { result = any(Synthesis s).getLocation(this) } @@ -92,7 +92,7 @@ module Private { string getPropertyName() { exists(Raw::PipelineByPropertyNameParameter p | i = PipelineByPropertyNameIteratorVar(p) and - result = p.getName() + result = p.getLowerCaseName() ) } @@ -100,7 +100,7 @@ module Private { exists(Raw::PipelineByPropertyNameParameter p | i = PipelineByPropertyNameIteratorVar(p) and p.getScriptBlock() = getRawAst(result.getEnclosingFunction().getBody()) and - p.getName() = result.getName() + p.getLowerCaseName() = result.getLowerCaseName() ) } } @@ -127,7 +127,7 @@ module Private { final override Variable getVariableImpl() { any(Synthesis s).getAnAccess(this, result) } - final override string toString() { result = this.getVariableImpl().getName() } + final override string toString() { result = this.getVariableImpl().getLowerCaseName() } final override Location getLocation() { result = parent.getLocation() } } @@ -145,9 +145,9 @@ private import Private module Public { class Variable extends Ast instanceof VariableImpl { - final string getName() { result = super.getNameImpl() } + final string getLowerCaseName() { result = super.getLowerCaseNameImpl() } - final override string toString() { result = this.getName() } + final override string toString() { result = this.getLowerCaseName() } final override Location getLocation() { result = super.getLocationImpl() } diff --git a/powershell/ql/lib/semmle/code/powershell/controlflow/CfgNodes.qll b/powershell/ql/lib/semmle/code/powershell/controlflow/CfgNodes.qll index 555aa663717..aab8a76a840 100644 --- a/powershell/ql/lib/semmle/code/powershell/controlflow/CfgNodes.qll +++ b/powershell/ql/lib/semmle/code/powershell/controlflow/CfgNodes.qll @@ -538,9 +538,9 @@ module ExprNodes { ExprCfgNode getAnArgument() { result = this.getArgument(_) } /** Gets the name that is used to select the callee. */ - string getName() { result = e.getName() } + string getLowerCaseName() { result = e.getLowerCaseName() } - predicate hasName(string name) { this.getName() = name } + predicate hasLowerCaseName(string name) { this.getLowerCaseName() = name } /** Gets the i'th positional argument to this call. */ ExprCfgNode getPositionalArgument(int i) { @@ -1041,7 +1041,7 @@ module ExprNodes { CallExprCfgNode getCall() { result.getAnArgument() = this } - string getName() { result = e.getName() } + string getLowerCaseName() { result = e.getLowerCaseName() } int getPosition() { result = e.getPosition() } } diff --git a/powershell/ql/lib/semmle/code/powershell/dataflow/FlowSummary.qll b/powershell/ql/lib/semmle/code/powershell/dataflow/FlowSummary.qll index 4e1b38358f2..de05d4bc7dd 100644 --- a/powershell/ql/lib/semmle/code/powershell/dataflow/FlowSummary.qll +++ b/powershell/ql/lib/semmle/code/powershell/dataflow/FlowSummary.qll @@ -56,7 +56,7 @@ abstract class SimpleSummarizedCallable extends SummarizedCallable { CallExpr c; bindingset[this] - SimpleSummarizedCallable() { c.getName() = this } + SimpleSummarizedCallable() { c.getLowerCaseName() = this } final override CallExpr getACall() { result = c } diff --git a/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowDispatch.qll b/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowDispatch.qll index 3c3dba5cfd7..57e3f539094 100644 --- a/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowDispatch.qll +++ b/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowDispatch.qll @@ -200,7 +200,7 @@ private predicate qualifiedCall( CfgNodes::ExprNodes::CallExprCfgNode call, Node receiver, string method ) { call.getQualifier() = receiver.asExpr() and - call.getName() = method + call.getLowerCaseName() = method } Node trackInstance(string typename, boolean exact) { @@ -287,7 +287,7 @@ private module Cached { newtype TArgumentPosition = TThisArgumentPosition() or TKeywordArgumentPosition(string name) { - name = any(Argument p).getName() + name = any(Argument p).getLowerCaseName() or FlowSummaryImpl::ParsePositions::isParsedKeywordParameterPosition(_, name) } or @@ -304,7 +304,7 @@ private module Cached { cached newtype TParameterPosition = TThisParameterPosition() or - TKeywordParameter(string name) { name = any(Argument p).getName() } or + TKeywordParameter(string name) { name = any(Argument p).getLowerCaseName() } or TPositionalParameter(int pos, NamedSet ns) { exists(CfgNodes::ExprNodes::CallExprCfgNode call | call = ns.getABindingCall() and diff --git a/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPrivate.qll b/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPrivate.qll index ee37aa00f6f..9af063aa337 100644 --- a/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPrivate.qll +++ b/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPrivate.qll @@ -556,7 +556,7 @@ private module ParameterNodes { override predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) { parameter.getEnclosingScope() = c.asCfgScope() and ( - pos.isKeyword(parameter.getName().toLowerCase()) + pos.isKeyword(parameter.getLowerCaseName()) or // Given a function f with parameters x, y we map // x to the positions: @@ -574,14 +574,14 @@ private module ParameterNodes { parameter.getIndexExcludingPipelines() = i and f = parameter.getFunction() and f = ns.getAFunction() and - name = parameter.getName().toLowerCase() and + name = parameter.getLowerCaseName() and not name = ns.getAName() and j = i - count(int k, Parameter p | k < i and p = getNormalParameter(f, k) and - p.getName() = ns.getAName() + p.getLowerCaseName() = ns.getAName() ) ) ) @@ -652,7 +652,7 @@ private module ParameterNodes { override string toStringImpl() { result = this.getParameter().toString() } - string getPropertyName() { result = parameter.getPropertyName() } + string getPropertyName() { result = parameter.getLowerCaseName() } } /** A parameter for a library callable with a flow summary. */ @@ -721,7 +721,7 @@ module ArgumentNodes { ) { arg.getCall() = call and ( - pos.isKeyword(arg.getName()) + pos.isKeyword(arg.getLowerCaseName()) or exists(NamedSet ns, int i | i = arg.getPosition() and @@ -1009,7 +1009,7 @@ predicate readStep(Node node1, ContentSet c, Node node2) { or exists(PipelineByPropertyNameParameter p, Content::KnownElementContent ec | c.isKnownOrUnknownElement(ec) and - ec.getIndex().asString() = p.getPropertyName() and + ec.getIndex().asString() = p.getLowerCaseName() and node1 = TProcessPropertyByNameNode(p, false) and node2 = TProcessPropertyByNameNode(p, true) ) diff --git a/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPublic.qll b/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPublic.qll index 7fc9295a9d1..ee2142a7e0d 100644 --- a/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPublic.qll +++ b/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPublic.qll @@ -180,7 +180,7 @@ private module Cached { cached predicate hasMethodCall(LocalSourceNode source, CallNode call, string name) { source.flowsTo(call.getQualifier()) and - call.getName() = name + call.getLowerCaseName() = name } cached @@ -506,7 +506,7 @@ class CallNode extends ExprNode { CfgNodes::ExprNodes::CallExprCfgNode getCallNode() { result = call } - string getName() { result = call.getName() } + string getLowerCaseName() { result = call.getLowerCaseName() } Node getQualifier() { result.asExpr() = call.getQualifier() } diff --git a/powershell/ql/lib/semmle/code/powershell/security/CommandInjectionCustomizations.qll b/powershell/ql/lib/semmle/code/powershell/security/CommandInjectionCustomizations.qll index 7f2ab885764..353ce1f45a5 100644 --- a/powershell/ql/lib/semmle/code/powershell/security/CommandInjectionCustomizations.qll +++ b/powershell/ql/lib/semmle/code/powershell/security/CommandInjectionCustomizations.qll @@ -219,12 +219,12 @@ class ExpandStringSink extends Sink { } class SingleQuoteSanitizer extends Sanitizer { - SingleQuoteSanitizer() { - exists(ExpandableStringExpr e, VarReadAccess v | - v = this.asExpr().getExpr() and - e.getUnexpandedValue().matches("%'$" + v.getVariable().getName() + "'%") and - e.getAnExpr() = v - ) + SingleQuoteSanitizer() { + exists(ExpandableStringExpr e, VarReadAccess v | + v = this.asExpr().getExpr() and + e.getUnexpandedValue().toLowerCase().matches("%'$" + v.getVariable().getLowerCaseName() + "'%") and + e.getAnExpr() = v + ) } } } diff --git a/powershell/ql/src/experimental/CommandInjection.ql b/powershell/ql/src/experimental/CommandInjection.ql index 9f4696533ea..951cef971e8 100644 --- a/powershell/ql/src/experimental/CommandInjection.ql +++ b/powershell/ql/src/experimental/CommandInjection.ql @@ -11,7 +11,7 @@ import powershell predicate containsScope(VarAccess outer, VarAccess inner) { - outer.getVariable().getName() = inner.getVariable().getName() and + outer.getVariable().getLowerCaseName() = inner.getVariable().getLowerCaseName() and outer != inner } @@ -75,4 +75,4 @@ where commandarg = dangerousCommandElement(command) ) select commandarg.(VarAccess).getLocation(), "Unsafe flow to command argument from $@.", - unknownDeclaration, unknownDeclaration.getVariable().getName() + unknownDeclaration, unknownDeclaration.getVariable().getLowerCaseName()