From 1b575a462a444d55234309f12285272d3bb0946c Mon Sep 17 00:00:00 2001 From: dilanbhalla <35575727+dilanbhalla@users.noreply.github.com> Date: Wed, 20 Nov 2024 12:40:33 -0800 Subject: [PATCH 1/3] Create test.ql --- .../ql/src/queries/security/cwe-078/test.ql | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 powershell/ql/src/queries/security/cwe-078/test.ql diff --git a/powershell/ql/src/queries/security/cwe-078/test.ql b/powershell/ql/src/queries/security/cwe-078/test.ql new file mode 100644 index 000000000000..b1413cccbfc2 --- /dev/null +++ b/powershell/ql/src/queries/security/cwe-078/test.ql @@ -0,0 +1,25 @@ +/** + * @name Uncontrolled command line + * @description Using externally controlled strings in a command line may allow a malicious + * user to change the meaning of the command. + * @kind path-problem + * @problem.severity error + * @security-severity 9.8 + * @precision high + * @id powershell/command-injection-test + * @tags correctness + * security + * external/cwe/cwe-078 + * external/cwe/cwe-088 + */ + +import powershell +import semmle.code.powershell.security.CommandInjectionQuery +import CommandInjectionFlow::PathGraph + +from CommandInjetionFlow::PathNode source, CommandInjectionFlow::PathNode sink, Source sourceNode +where + CommandInjectionFlow::flowPath(source, sink) and + sourceNode = source.getNode() +select sink.getNode(), source, sink, "This command depends on a $@.", sourceNode, + sourceNode.getSourceType() From 1340a85ee3f79fd2d327a64c342d70a164c04187 Mon Sep 17 00:00:00 2001 From: dilanbhalla <35575727+dilanbhalla@users.noreply.github.com> Date: Wed, 20 Nov 2024 12:55:40 -0800 Subject: [PATCH 2/3] Create test.ql --- csharp/ql/src/Likely Bugs/Statements/test.ql | 45 ++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 csharp/ql/src/Likely Bugs/Statements/test.ql diff --git a/csharp/ql/src/Likely Bugs/Statements/test.ql b/csharp/ql/src/Likely Bugs/Statements/test.ql new file mode 100644 index 000000000000..f03b720b8ee0 --- /dev/null +++ b/csharp/ql/src/Likely Bugs/Statements/test.ql @@ -0,0 +1,45 @@ +/** + * @name Empty branch of conditional, or empty loop body + * @description Empty blocks that occur as a branch of a conditional or as a loop body may indicate + * badly-maintained code or a bug due to an unhandled case. + * @kind problem + * @problem.severity warning + * @precision high + * @id cs/empty-block-test + * @tags reliability + * readability + */ + +import csharp + +predicate loopStmtWithEptyBlock(BlockStmt child) { + exists(LoopStmt stmt, SourceLocation l | + stmt.getAChild() = child and + child.getNumberOfStmts() = 0 and + child.getLocation() = l and + l.getStartLine() != l.getEndLine() + ) +} + +predicate conditionalWithEmptyBlock(BlockStmt child) { + exists(IfStmt stmt | + stmt.getThen() = child and child.getNumberOfStmts() = 0 and not exists(stmt.getElse()) + ) + or + exists(IfStmt stmt, SourceLocation l | + stmt.getThen() = child and + child.getNumberOfStmts() = 0 and + exists(stmt.getElse()) and + child.getLocation() = l and + l.getStartLine() != l.getEndLine() + ) + or + exists(IfStmt stmt | stmt.getElse() = child and child.getNumberOfStmts() = 0) +} + +from BlockStmt s +where + (loopStmtWithEmptyBlock(s) or conditionalWithEmptyBlock(s)) and + not exists(CommentBlock c | c.getParent() = s) and + not exists(ForStmt fs | fs.getBody() = s and exists(fs.getAnUpdate())) +select s, "Empty block without comment." From cc03bb308af91ffae08caf5e954ed60613c90d64 Mon Sep 17 00:00:00 2001 From: dilanbhalla <35575727+dilanbhalla@users.noreply.github.com> Date: Wed, 20 Nov 2024 12:56:07 -0800 Subject: [PATCH 3/3] Delete powershell/ql/src/queries/security/cwe-078/test.ql --- .../ql/src/queries/security/cwe-078/test.ql | 25 ------------------- 1 file changed, 25 deletions(-) delete mode 100644 powershell/ql/src/queries/security/cwe-078/test.ql diff --git a/powershell/ql/src/queries/security/cwe-078/test.ql b/powershell/ql/src/queries/security/cwe-078/test.ql deleted file mode 100644 index b1413cccbfc2..000000000000 --- a/powershell/ql/src/queries/security/cwe-078/test.ql +++ /dev/null @@ -1,25 +0,0 @@ -/** - * @name Uncontrolled command line - * @description Using externally controlled strings in a command line may allow a malicious - * user to change the meaning of the command. - * @kind path-problem - * @problem.severity error - * @security-severity 9.8 - * @precision high - * @id powershell/command-injection-test - * @tags correctness - * security - * external/cwe/cwe-078 - * external/cwe/cwe-088 - */ - -import powershell -import semmle.code.powershell.security.CommandInjectionQuery -import CommandInjectionFlow::PathGraph - -from CommandInjetionFlow::PathNode source, CommandInjectionFlow::PathNode sink, Source sourceNode -where - CommandInjectionFlow::flowPath(source, sink) and - sourceNode = source.getNode() -select sink.getNode(), source, sink, "This command depends on a $@.", sourceNode, - sourceNode.getSourceType()