PS: Add tests.

2026-05-25 00:27:09 +02:00 · 2024-11-08 15:51:13 +00:00
parent 40cf8dd387
commit b3de6a23ea
3 changed files with 20 additions and 0 deletions
--- a/powershell/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected
+++ b/powershell/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected
@@ -0,0 +1,12 @@
+edges
+| test.ps1:1:8:1:10 | x | test.ps1:3:28:3:48 | Get-Process -Id $x | provenance |  |
+| test.ps1:5:10:5:21 | Env:MY_VAR | test.ps1:7:3:7:20 | $code --enabled | provenance |  |
+nodes
+| test.ps1:1:8:1:10 | x | semmle.label | x |
+| test.ps1:3:28:3:48 | Get-Process -Id $x | semmle.label | Get-Process -Id $x |
+| test.ps1:5:10:5:21 | Env:MY_VAR | semmle.label | Env:MY_VAR |
+| test.ps1:7:3:7:20 | $code --enabled | semmle.label | $code --enabled |
+subpaths
+#select
+| test.ps1:3:28:3:48 | Get-Process -Id $x | test.ps1:1:8:1:10 | x | test.ps1:3:28:3:48 | Get-Process -Id $x | This command depends on a $@. | test.ps1:1:8:1:10 | x | user-provided value |
+| test.ps1:7:3:7:20 | $code --enabled | test.ps1:5:10:5:21 | Env:MY_VAR | test.ps1:7:3:7:20 | $code --enabled | This command depends on a $@. | test.ps1:5:10:5:21 | Env:MY_VAR | user-provided value |
--- a/powershell/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.qlref
+++ b/powershell/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.qlref
@@ -0,0 +1 @@
+queries/security/cwe-078/CommandInjection.ql
--- a/powershell/ql/test/query-tests/security/cwe-078/CommandInjection/test.ps1
+++ b/powershell/ql/test/query-tests/security/cwe-078/CommandInjection/test.ps1
@@ -0,0 +1,7 @@
+param ($x)
+
+Invoke-Expression -Command "Get-Process -Id $x" # BAD
+
+$code = "$Env:MY_VAR"
+
+& "$code --enabled" # BAD
				`@@ -0,0 +1 @@`
				`queries/security/cwe-078/CommandInjection.ql`