From a0e17ee37b14481e6382f30823bb2b73d4571f14 Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mapeder@microsoft.com>
Date: Mon, 14 Oct 2024 16:49:48 +0100
Subject: [PATCH] PS: Implicitly read any element content at sinks when doing
 taint flow.

---
 .../powershell/dataflow/internal/TaintTrackingPrivate.qll    | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/powershell/ql/lib/semmle/code/powershell/dataflow/internal/TaintTrackingPrivate.qll b/powershell/ql/lib/semmle/code/powershell/dataflow/internal/TaintTrackingPrivate.qll
index ac6a32de36d..7b5229c8554 100644
--- a/powershell/ql/lib/semmle/code/powershell/dataflow/internal/TaintTrackingPrivate.qll
+++ b/powershell/ql/lib/semmle/code/powershell/dataflow/internal/TaintTrackingPrivate.qll
@@ -15,7 +15,10 @@ predicate defaultTaintSanitizer(DataFlow::Node node) { none() }
  * of `c` at sinks and inputs to additional taint steps.
  */
 bindingset[node]
-predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { none() }
+predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) {
+  node instanceof ArgumentNode and
+  c.isAnyElement()
+}
 
 cached
 private module Cached {