Merge pull request #292 from microsoft/fix-missing-variables

PS: Fix missing variables

Author: MathiasVP

powershell/ql/lib/semmle/code/powershell/ast/internal/Synthesis.qll

@@ -193,7 +193,9 @@ private module EnvironmentVariableAccessSynth {
       )
     }
 
-    private predicate envVarAccess(Raw::Ast parent, ChildIndex i, Child child, Raw::VarAccess va, string var) {
+    private predicate envVarAccess(
+      Raw::Ast parent, ChildIndex i, Child child, Raw::VarAccess va, string var
+    ) {
       va = parent.getChild(toRawChildIndex(i)) and
       Raw::isEnvVariableAccess(va, var) and
       child = SynthChild(VarAccessSynthKind(TVariableSynth(_, EnvVar(var))))

powershell/ql/lib/semmle/code/powershell/ast/internal/Variable.qll

@@ -140,10 +140,22 @@ module Private {
   predicate explicitAssignment(Raw::Ast dest, Raw::Ast assignment) {
     assignment.(Raw::AssignStmt).getLeftHandSide() = dest
     or
+    exists(Raw::ConvertExpr convert |
+      convert.getExpr() = dest and
+      explicitAssignment(convert, assignment)
+    )
+    or
     any(Synthesis s).explicitAssignment(dest, _, assignment)
   }
 
-  predicate implicitAssignment(Raw::Ast n) { any(Synthesis s).implicitAssignment(n, _) }
+  predicate implicitAssignment(Raw::Ast n) {
+    any(Synthesis s).implicitAssignment(n, _)
+    or
+    exists(Raw::ConvertExpr convert |
+      convert.getExpr() = n and
+      implicitAssignment(convert)
+    )
+  }
 }
 
 private import Private

powershell/ql/lib/semmle/code/powershell/security/SqlInjectionCustomizations.qll

@@ -79,8 +79,7 @@ module SqlInjection {
     override string getSinkType() { result = "call to Invoke-Sqlcmd" }
 
     override predicate allowImplicitRead(DataFlow::ContentSet cs) {
-      cs.getAStoreContent().(DataFlow::Content::KnownKeyContent).getIndex().asString().toLowerCase() =
-        query()
+      cs.getAStoreContent().(DataFlow::Content::KnownKeyContent).getIndex().stringMatches(query())
     }
   }
 

powershell/ql/test/library-tests/ast/Variables/test.ps1

@@ -0,0 +1,5 @@
+$x = 42
+$x
+
+[int]$y = 42
+$y

powershell/ql/test/library-tests/ast/Variables/variables.expected

@@ -0,0 +1,2 @@
+| test.ps1:1:1:1:2 | x | test.ps1:2:1:2:2 | x |
+| test.ps1:4:6:4:7 | y | test.ps1:5:1:5:2 | y |

powershell/ql/test/library-tests/ast/Variables/variables.ql

@@ -0,0 +1,3 @@
+import powershell
+
+query predicate variables(Variable v, VarReadAccess va) { va.getVariable() = v }

powershell/ql/test/library-tests/ast/parent.expected

@@ -451,3 +451,19 @@
 | Strings/String.ps1:6:10:8:0 | '@\nkl | Strings/String.ps1:6:10:8:0 | Call to kl\n'@\n |
 | Strings/String.ps1:6:10:8:0 | Call to kl\n'@\n | Strings/String.ps1:6:10:8:0 | [Stmt] Call to kl\n'@\n |
 | Strings/String.ps1:6:10:8:0 | [Stmt] Call to kl\n'@\n | Strings/String.ps1:1:1:8:0 | {...} |
+| Variables/test.ps1:1:1:1:2 | x | Variables/test.ps1:1:1:1:7 | ...=... |
+| Variables/test.ps1:1:1:1:2 | x | Variables/test.ps1:1:1:5:2 | {...} |
+| Variables/test.ps1:1:1:1:7 | ...=... | Variables/test.ps1:1:1:5:2 | {...} |
+| Variables/test.ps1:1:1:5:2 | {...} | Variables/test.ps1:1:1:5:2 | toplevel function for test.ps1 |
+| Variables/test.ps1:1:1:5:2 | {...} | Variables/test.ps1:1:1:5:2 | {...} |
+| Variables/test.ps1:1:6:1:7 | 42 | Variables/test.ps1:1:1:1:7 | ...=... |
+| Variables/test.ps1:2:1:2:2 | [Stmt] x | Variables/test.ps1:1:1:5:2 | {...} |
+| Variables/test.ps1:2:1:2:2 | x | Variables/test.ps1:2:1:2:2 | [Stmt] x |
+| Variables/test.ps1:4:1:4:5 | int | Variables/test.ps1:4:1:4:7 | [...]... |
+| Variables/test.ps1:4:1:4:7 | [...]... | Variables/test.ps1:4:1:4:12 | ...=... |
+| Variables/test.ps1:4:1:4:12 | ...=... | Variables/test.ps1:1:1:5:2 | {...} |
+| Variables/test.ps1:4:6:4:7 | y | Variables/test.ps1:1:1:5:2 | {...} |
+| Variables/test.ps1:4:6:4:7 | y | Variables/test.ps1:4:1:4:7 | [...]... |
+| Variables/test.ps1:4:11:4:12 | 42 | Variables/test.ps1:4:1:4:12 | ...=... |
+| Variables/test.ps1:5:1:5:2 | [Stmt] y | Variables/test.ps1:1:1:5:2 | {...} |
+| Variables/test.ps1:5:1:5:2 | y | Variables/test.ps1:5:1:5:2 | [Stmt] y |