From 3829528467534743c5b591d5d6ecce8195e4738a Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 8 Aug 2025 17:07:43 +0100 Subject: [PATCH 1/4] PS: Delete stuff we don't actually need. --- .../lib/semmle/code/powershell/ApiGraphs.qll | 81 ------------------- .../code/powershell/dataflow/FlowSummary.qll | 15 ---- 2 files changed, 96 deletions(-) diff --git a/powershell/ql/lib/semmle/code/powershell/ApiGraphs.qll b/powershell/ql/lib/semmle/code/powershell/ApiGraphs.qll index 1bea01e1f917..8091ed3b4f3a 100644 --- a/powershell/ql/lib/semmle/code/powershell/ApiGraphs.qll +++ b/powershell/ql/lib/semmle/code/powershell/ApiGraphs.qll @@ -204,18 +204,6 @@ module API { Impl::positionalParameterOrArgumentEdge(this.getAnEpsilonSuccessor(), n, result) } - /** - * Gets the given keyword parameter of this callable, or keyword argument to this call. - * - * Note: for historical reasons, this predicate may refer to an argument of a call, but this may change in the future. - * When referring to an argument, it is recommended to use `getKeywordArgument(n)` instead. - */ - pragma[inline] - Node getKeywordParameter(string name) { - // This predicate is currently not 'inline_late' because 'name' can be an input or output - Impl::keywordParameterOrArgumentEdge(this.getAnEpsilonSuccessor(), name, result) - } - /** * Gets the argument passed in argument position `pos` at this call. */ @@ -260,15 +248,6 @@ module API { result = this.getContent(contents.getAReadContent()) } - /** - * Gets a representative for the instance field of the given `name`. - */ - pragma[inline] - Node getField(string name) { - // This predicate is currently not 'inline_late' because 'name' can be an input or output - Impl::fieldEdge(this.getAnEpsilonSuccessor(), name, result) - } - /** * Gets a representative for an arbitrary element of this collection. */ @@ -405,13 +384,6 @@ module API { /** Gets the root node. */ Node root() { result instanceof RootNode } - bindingset[name] - pragma[inline_late] - Node namespace(string name) { - // This predicate is currently not 'inline_late' because 'n' can be an input or output - Impl::namespace(name, result) - } - pragma[inline] Node getTopLevelMember(string name) { Impl::topLevelMember(name, result) } @@ -516,43 +488,6 @@ module API { ) } - cached - predicate callEdge(Node pred, string name, Node succ) { - exists(DataFlow::CallNode call | - // from receiver to method call node - pred = getForwardEndNode(getALocalSourceStrict(call.getQualifier())) and - succ = MkMethodAccessNode(call) and - name = call.getLowerCaseName() - ) - } - - bindingset[name] - private string memberOrMethodReturnValue(string name) { - // This predicate is a bit ad-hoc, but it's okay for now. - // We can delete it once we no longer use the typeModel and summaryModel - // tables to represent implicit root members. - result = "Method[" + name + "]" - or - result = "Method[" + name + "].ReturnValue" - or - result = "Member[" + name + "]" - } - - private Node getAnImplicitRootMember(string name) { - exists(DataFlow::CallNode call | - Extensions::typeModel(_, Specific::getAnImplicitImport(), memberOrMethodReturnValue(name)) - or - Extensions::summaryModel(Specific::getAnImplicitImport(), memberOrMethodReturnValue(name), - _, _, _, _) - or - Extensions::sourceModel(Specific::getAnImplicitImport(), memberOrMethodReturnValue(name), _, - _) - | - result = MkMethodAccessNode(call) and - name = call.getLowerCaseName() - ) - } - cached predicate memberEdge(Node pred, string name, Node succ) { pred = API::root() and @@ -617,11 +552,6 @@ module API { ) } - cached - predicate fieldEdge(Node pred, string name, Node succ) { - Impl::contentEdge(pred, DataFlowPrivate::TFieldContent(name), succ) - } - cached predicate elementEdge(Node pred, Node succ) { contentEdge(pred, any(DataFlow::ContentSet set | set.isAnyElement()).getAReadContent(), succ) @@ -665,10 +595,6 @@ module API { ), succ) } - private predicate keywordParameterEdge(Node pred, string name, Node succ) { - parameterEdge(pred, any(DataFlowDispatch::ParameterPosition pos | pos.isKeyword(name)), succ) - } - cached predicate positionalParameterOrArgumentEdge(Node pred, int n, Node succ) { positionalArgumentEdge(pred, n, succ) @@ -676,13 +602,6 @@ module API { positionalParameterEdge(pred, n, succ) } - cached - predicate keywordParameterOrArgumentEdge(Node pred, string name, Node succ) { - keywordArgumentEdge(pred, name, succ) - or - keywordParameterEdge(pred, name, succ) - } - cached predicate instanceEdge(Node pred, Node succ) { // TODO: Also model parameters with a given type here diff --git a/powershell/ql/lib/semmle/code/powershell/dataflow/FlowSummary.qll b/powershell/ql/lib/semmle/code/powershell/dataflow/FlowSummary.qll index de05d4bc7ddd..4e3a967d79a5 100644 --- a/powershell/ql/lib/semmle/code/powershell/dataflow/FlowSummary.qll +++ b/powershell/ql/lib/semmle/code/powershell/dataflow/FlowSummary.qll @@ -47,18 +47,3 @@ abstract class SummarizedCallable extends LibraryCallable, Impl::Public::Summari ) } } - -/** - * A callable with a flow summary, identified by a unique string, where all - * calls to a method with the same name are considered relevant. - */ -abstract class SimpleSummarizedCallable extends SummarizedCallable { - CallExpr c; - - bindingset[this] - SimpleSummarizedCallable() { c.getLowerCaseName() = this } - - final override CallExpr getACall() { result = c } - - final override CallExpr getACallSimple() { result = c } -} From 1bd93b984981748da3e18aa9ae24c9427c2ecc9e Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 8 Aug 2025 17:08:15 +0100 Subject: [PATCH 2/4] PS: Add missing dataflow predicates related to models. --- .../code/powershell/dataflow/internal/DataFlowPrivate.qll | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPrivate.qll b/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPrivate.qll index 123ab0278eb7..6309c4d167c2 100644 --- a/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPrivate.qll +++ b/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPrivate.qll @@ -280,6 +280,8 @@ private module Cached { ) ) and model = "" + or + LocalFlow::flowSummaryLocalStep(nodeFrom, nodeTo, _, model) } /** This is the local flow predicate that is exposed. */ @@ -302,6 +304,9 @@ private module Cached { LocalFlow::localFlowStepCommon(nodeFrom, nodeTo) or SsaFlow::localFlowStep(_, nodeFrom, nodeTo, _) + or + LocalFlow::flowSummaryLocalStep(nodeFrom, nodeTo, any(LibraryCallableToIncludeInTypeTracking c), + _) } /** Holds if `n` wraps an SSA definition without ingoing flow. */ From 9b5897ca3a1cb08e38758b5279cb553b1ae1b1aa Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 11 Aug 2025 12:49:34 +0100 Subject: [PATCH 3/4] PS: Improve api graphs. --- powershell/ql/lib/qlpack.yml | 2 + .../lib/semmle/code/powershell/ApiGraphs.qll | 154 ++++--- .../frameworks/data/empty.model.yml | 10 + .../data/internal/ApiGraphModelsSpecific.qll | 88 ++-- .../frameworks/data/internal/alias.model.yml | 132 ++++++ .../frameworks/data/internal/cmdlet.model.yml | 398 ++++++++++++++++++ 6 files changed, 697 insertions(+), 87 deletions(-) create mode 100644 powershell/ql/lib/semmle/code/powershell/frameworks/data/internal/alias.model.yml create mode 100644 powershell/ql/lib/semmle/code/powershell/frameworks/data/internal/cmdlet.model.yml diff --git a/powershell/ql/lib/qlpack.yml b/powershell/ql/lib/qlpack.yml index e3de11e7ae3c..d4dc94f44130 100644 --- a/powershell/ql/lib/qlpack.yml +++ b/powershell/ql/lib/qlpack.yml @@ -16,4 +16,6 @@ dependencies: dataExtensions: - semmle/code/powershell/frameworks/**/*.model.yml - semmle/code/powershell/frameworks/**/*.typemodel.yml + - semmle/code/powershell/frameworks/data/internal/cmdlet.model.yml + - semmle/code/powershell/frameworks/data/internal/alias.model.yml warnOnImplicitThis: true diff --git a/powershell/ql/lib/semmle/code/powershell/ApiGraphs.qll b/powershell/ql/lib/semmle/code/powershell/ApiGraphs.qll index 8091ed3b4f3a..7dc12ef10548 100644 --- a/powershell/ql/lib/semmle/code/powershell/ApiGraphs.qll +++ b/powershell/ql/lib/semmle/code/powershell/ApiGraphs.qll @@ -10,6 +10,7 @@ private import semmle.code.powershell.dataflow.DataFlow private import semmle.code.powershell.typetracking.ApiGraphShared private import semmle.code.powershell.typetracking.internal.TypeTrackingImpl private import semmle.code.powershell.controlflow.Cfg +private import frameworks.data.internal.ApiGraphModels private import frameworks.data.internal.ApiGraphModelsExtensions as Extensions private import frameworks.data.internal.ApiGraphModelsSpecific as Specific private import semmle.code.powershell.dataflow.internal.DataFlowPrivate as DataFlowPrivate @@ -262,8 +263,7 @@ module API { this = Impl::MkMethodAccessNode(result) or this = Impl::MkBackwardNode(result, _) or this = Impl::MkForwardNode(result, _) or - this = Impl::MkSinkNode(result) or - this = Impl::MkNamespaceOfTypeNameNode(result) + this = Impl::MkSinkNode(result) } /** Gets the location of this node. */ @@ -272,6 +272,10 @@ module API { or this instanceof RootNode and result instanceof EmptyLocation + or + not this instanceof RootNode and + not exists(this.getInducingNode()) and + result instanceof EmptyLocation } /** @@ -331,20 +335,84 @@ module API { override string toString() { result = "SinkNode(" + this.getInducingNode() + ")" } } - private class UsingNode extends Node, Impl::MkUsingNode { - UsingStmt using; // TODO: This should really be the cfg node, I think + abstract private class AbstractTypeNameNode extends Node { + string prefix; + + bindingset[prefix] + AbstractTypeNameNode() { any() } + + override string toString() { result = "TypeNameNode(" + this.getTypeName() + ")" } + + string getComponent() { + exists(int n | + result = prefix.splitAt(".", n) and + not exists(prefix.splitAt(".", n + 1)) + ) + } + + string getTypeName() { result = prefix } + + abstract Node getSuccessor(string name); + + Node memberEdge(string name) { none() } + + Node methodEdge(string name) { none() } + + final predicate isImplicit() { not this.isExplicit(_) } + + predicate isExplicit(DataFlow::TypeNameNode typeName) { none() } + } + + final class TypeNameNode = AbstractTypeNameNode; + + private class ExplicitTypeNameNode extends AbstractTypeNameNode, Impl::MkExplicitTypeNameNode { + ExplicitTypeNameNode() { this = Impl::MkExplicitTypeNameNode(prefix) } + + final override Node getSuccessor(string name) { + exists(ExplicitTypeNameNode succ | + succ = Impl::MkExplicitTypeNameNode(prefix + "." + name) and + result = succ + ) + or + exists(DataFlow::TypeNameNode typeName, int n, string lowerCaseName | + Specific::needsExplicitTypeNameNode(typeName, prefix) and + lowerCaseName = typeName.getLowerCaseName() and + name = lowerCaseName.splitAt(".", n) and + not lowerCaseName.matches("%.%") and + result = getForwardStartNode(typeName) + ) + } + + final override predicate isExplicit(DataFlow::TypeNameNode typeName) { + Specific::needsExplicitTypeNameNode(typeName, prefix) + } + } - UsingNode() { this = Impl::MkUsingNode(using) } + private string getAnAlias(string cmdlet) { Specific::aliasModel(cmdlet, result) } - override string toString() { result = "UsingNode(" + using + ")" } + predicate implicitCmdlet(string mod, string cmdlet) { + exists(string cmdlet0 | + Specific::cmdletModel(mod, cmdlet0) and + cmdlet = [cmdlet0, getAnAlias(cmdlet0)] + ) } - private class NamespaceOfTypeNameNode extends Node, Impl::MkNamespaceOfTypeNameNode { - DataFlow::QualifiedTypeNameNode typeName; + private class ImplicitTypeNameNode extends AbstractTypeNameNode, Impl::MkImplicitTypeNameNode { + ImplicitTypeNameNode() { this = Impl::MkImplicitTypeNameNode(prefix) } + + final override Node getSuccessor(string name) { + result = Impl::MkImplicitTypeNameNode(prefix + "." + name) + } - NamespaceOfTypeNameNode() { this = Impl::MkNamespaceOfTypeNameNode(typeName) } + final override Node memberEdge(string name) { result = this.methodEdge(name) } - override string toString() { result = "NamespaceOfTypeNameNode(" + typeName + ")" } + final override Node methodEdge(string name) { + exists(DataFlow::CallNode call | + result = Impl::MkMethodAccessNode(call) and + name = call.getLowerCaseName() and + implicitCmdlet(prefix, name) + ) + } } /** @@ -438,8 +506,8 @@ module API { MkRoot() or /** The method accessed at `call`, synthetically treated as a separate object. */ MkMethodAccessNode(DataFlow::CallNode call) or - MkUsingNode(UsingStmt using) or - MkNamespaceOfTypeNameNode(DataFlow::QualifiedTypeNameNode typeName) or + MkExplicitTypeNameNode(string prefix) { Specific::needsExplicitTypeNameNode(_, prefix) } or + MkImplicitTypeNameNode(string prefix) { Specific::needsImplicitTypeNameNode(prefix) } or MkForwardNode(DataFlow::LocalSourceNode node, TypeTracker t) { isReachable(node, t) } or /** Intermediate node for following backward data flow. */ MkBackwardNode(DataFlow::LocalSourceNode node, TypeTracker t) { isReachable(node, t) } or @@ -455,27 +523,8 @@ module API { node = any(EntryPoint e).getASink() } - bindingset[e] - pragma[inline_late] - private DataFlow::Node getNodeFromExpr(Expr e) { result.asExpr().getExpr() = e } - private import frameworks.data.ModelsAsData - cached - predicate namespace(string name, Node node) { - exists(DataFlow::QualifiedTypeNameNode typeName | - typeName.getNamespace() = name and - node = MkNamespaceOfTypeNameNode(typeName) - ) - or - exists(UsingStmt using | - using.getName().toLowerCase() = name and - node = MkUsingNode(using) - ) - or - node = ModelOutput::getATypeNode(name) - } - cached predicate topLevelMember(string name, Node node) { memberEdge(root(), name, node) } @@ -492,42 +541,51 @@ module API { predicate memberEdge(Node pred, string name, Node succ) { pred = API::root() and ( - exists(StringConstExpr read | - succ = getForwardStartNode(getNodeFromExpr(read)) and - name = read.getValueString() - ) + succ.(TypeNameNode).getTypeName() = name or exists(DataFlow::AutomaticVariableNode automatic | automatic.getLowerCaseName() = name and succ = getForwardStartNode(automatic) ) - or - succ = getAnImplicitRootMember(name) ) or - exists(DataFlow::QualifiedTypeNameNode typeName | - typeName.getLowerCaseName() = name and - pred = MkNamespaceOfTypeNameNode(typeName) and - succ = getForwardStartNode(typeName) + exists(TypeNameNode typeName | pred = typeName | + typeName.getSuccessor(name) = succ + or + typeName.memberEdge(name) = succ ) or - exists(MemberExprReadAccess read | - read.getLowerCaseMemberName().toLowerCase() = name and - pred = getForwardEndNode(getALocalSourceStrict(getNodeFromExpr(read.getQualifier()))) and - succ = getForwardStartNode(getNodeFromExpr(read)) + exists(DataFlow::Node qualifier | pred = getForwardEndNode(getALocalSourceStrict(qualifier)) | + exists(CfgNodes::ExprNodes::MemberExprReadAccessCfgNode read | + read.getQualifier() = qualifier.asExpr() and + read.getLowerCaseMemberName() = name and + succ = getForwardStartNode(DataFlow::exprNode(read)) + ) + or + exists(DataFlow::CallNode call | + call.getLowerCaseName() = name and + call.getQualifier() = qualifier and + succ = MkMethodAccessNode(call) + ) ) } cached predicate methodEdge(Node pred, string name, Node succ) { exists(DataFlow::CallNode call | - succ = MkMethodAccessNode(call) and name = call.getLowerCaseName() - | + succ = MkMethodAccessNode(call) and + name = call.getLowerCaseName() and pred = getForwardEndNode(getALocalSourceStrict(call.getQualifier())) ) or + pred.(TypeNameNode).methodEdge(name) = succ + or pred = API::root() and - succ = getAnImplicitRootMember(name) + exists(DataFlow::CallNode call | + not exists(call.getQualifier()) and + succ = MkMethodAccessNode(call) and + name = call.getLowerCaseName() + ) } cached diff --git a/powershell/ql/lib/semmle/code/powershell/frameworks/data/empty.model.yml b/powershell/ql/lib/semmle/code/powershell/frameworks/data/empty.model.yml index 3aad99bdddec..5aa501fde28d 100644 --- a/powershell/ql/lib/semmle/code/powershell/frameworks/data/empty.model.yml +++ b/powershell/ql/lib/semmle/code/powershell/frameworks/data/empty.model.yml @@ -30,3 +30,13 @@ extensions: pack: microsoft/powershell-all extensible: typeVariableModel data: [] + + - addsTo: + pack: microsoft/powershell-all + extensible: cmdletModel + data: [] + + - addsTo: + pack: microsoft/powershell-all + extensible: aliasModel + data: [] \ No newline at end of file diff --git a/powershell/ql/lib/semmle/code/powershell/frameworks/data/internal/ApiGraphModelsSpecific.qll b/powershell/ql/lib/semmle/code/powershell/frameworks/data/internal/ApiGraphModelsSpecific.qll index cd6ae9b74f0d..58d4c8323787 100644 --- a/powershell/ql/lib/semmle/code/powershell/frameworks/data/internal/ApiGraphModelsSpecific.qll +++ b/powershell/ql/lib/semmle/code/powershell/frameworks/data/internal/ApiGraphModelsSpecific.qll @@ -26,8 +26,13 @@ private import codeql.dataflow.internal.AccessPathSyntax import semmle.code.powershell.ApiGraphs import semmle.code.powershell.dataflow.DataFlow::DataFlow as DataFlow private import FlowSummaryImpl::Public +private import semmle.code.powershell.controlflow.Cfg private import semmle.code.powershell.dataflow.internal.DataFlowDispatch as DataFlowDispatch +extensible predicate cmdletModel(string mod, string cmdlet); + +extensible predicate aliasModel(string cmdlet, string alias); + bindingset[rawType] predicate isTypeUsed(string rawType) { any() } @@ -40,7 +45,7 @@ private predicate parseType(string rawType, string consts, string suffix) { ) } -private predicate parseRelevantType(string rawType, string consts, string suffix) { +predicate parseRelevantType(string rawType, string consts, string suffix) { isRelevantType(rawType) and parseType(rawType, consts, suffix) } @@ -57,58 +62,63 @@ predicate hasImplicitTypeModel(string type, string otherType) { /** Gets a Powershell-specific interpretation of the `(type, path)` tuple after resolving the first `n` access path tokens. */ bindingset[type, path] -API::Node getExtraNodeFromPath(string type, AccessPath path, int n) { - // A row of form `any;Method[foo]` should match any method named `foo`. - type = "any" and - n = 1 and - exists(string methodName, DataFlow::CallNode call | - methodMatchedByName(path, methodName) and - call.matchesName(methodName) and - result.(API::MethodAccessNode).asCall() = call +API::Node getExtraNodeFromPath(string type, AccessPath path, int n) { none() } + +bindingset[type, name, namespace] +private predicate typeMatches(string type, string name, string namespace) { + if namespace = "" then type.matches("%" + name) else type.matches("%" + namespace + "." + name) +} + +bindingset[type] +private DataFlow::TypeNameNode getTypeNameNode(string type) { + exists(string name, string namespace | + name = result.getLowerCaseName() and + namespace = result.getNamespace() and + typeMatches(type, name, namespace) ) } -/** - * Gets a string that represents a module that is always implicitly - * imported in any powershell script. - */ -string getAnImplicitImport() { - result = "microsoft.powershell.management!" - or - result = "microsoft.powershell.utility!" +private string getTypeNameComponent(string type, int index) { + index = [0 .. strictcount(type.indexOf("."))] and + parseRelevantType(_, type, _) and + result = + strictconcat(int i, string s | s = type.splitAt(".", i) and i <= index | s, "." order by i) +} + +predicate needsExplicitTypeNameNode(DataFlow::TypeNameNode typeName, string component) { + exists(string type, int index | + component = getTypeNameComponent(type, index) and + typeName = getTypeNameNode(type) and + index = [0 .. strictcount(type.indexOf(".")) - 1] + ) +} + +predicate needsImplicitTypeNameNode(string component) { + exists(string type, int index | + component = getTypeNameComponent(type, index) and + index = [0 .. strictcount(type.indexOf("."))] and + type.matches("microsoft.powershell.%") + ) } /** Gets a Powershell-specific interpretation of the given `type`. */ API::Node getExtraNodeFromType(string rawType) { - exists( - string type, string suffix, DataFlow::QualifiedTypeNameNode qualifiedTypeName, string namespace, - string typename - | + exists(string type, string suffix, DataFlow::TypeNameNode typeName | parseRelevantType(rawType, type, suffix) and - qualifiedTypeName.hasQualifiedName(namespace, typename) and - (namespace + "." + typename).toLowerCase() = type + typeName = getTypeNameNode(type) | suffix = "!" and - result = qualifiedTypeName.(DataFlow::LocalSourceNode).track() + result = typeName.(DataFlow::LocalSourceNode).track() or suffix = "" and - result = qualifiedTypeName.(DataFlow::LocalSourceNode).track().getInstance() + result = typeName.(DataFlow::LocalSourceNode).track().getInstance() ) or - rawType = ["", getAnImplicitImport()] and - result = API::root() -} - -/** - * Holds if `path` occurs in a CSV row with type `any`, meaning it can start - * matching anywhere, and the path begins with `Method[methodName]`. - */ -private predicate methodMatchedByName(AccessPath path, string methodName) { - isRelevantFullPath("any", path) and - exists(AccessPathToken token | - token = path.getToken(0) and - token.getName() = "Method" and - methodName = token.getAnArgument() + exists(string name, API::TypeNameNode typeName | + parseRelevantType(rawType, name, _) and + typeName = API::getTopLevelMember(name) and + typeName.isImplicit() and + result = typeName ) } diff --git a/powershell/ql/lib/semmle/code/powershell/frameworks/data/internal/alias.model.yml b/powershell/ql/lib/semmle/code/powershell/frameworks/data/internal/alias.model.yml new file mode 100644 index 000000000000..0ea8188f3086 --- /dev/null +++ b/powershell/ql/lib/semmle/code/powershell/frameworks/data/internal/alias.model.yml @@ -0,0 +1,132 @@ +extensions: + - addsTo: + pack: microsoft/powershell-all + extensible: aliasModel + data: + - ["cimcmdlets", "remove-ciminstance"] + - ["add-content", "ac"] + - ["clear-content", "clc"] + - ["clear-item", "cli"] + - ["clear-itemproperty", "clp"] + - ["convert-path", "cvpa"] + - ["copy-item", "copy"] + - ["copy-item", "cp"] + - ["copy-item", "cpi"] + - ["copy-itemproperty", "cpp"] + - ["get-childitem", "dir"] + - ["get-childitem", "gci"] + - ["get-childitem", "ls"] + - ["get-clipboard", "gcb"] + - ["get-computerinfo", "gin"] + - ["get-content", "cat"] + - ["get-content", "gc"] + - ["get-content", type"] + - ["get-item", "gi"] + - ["get-itemproperty", "gp"] + - ["get-itempropertyvalue", "gpv"] + - ["get-location", "gl"] + - ["get-location", "pwd"] + - ["get-process", "gps"] + - ["get-process", "ps"] + - ["get-psdrive", "gdr"] + - ["get-service", "gsv"] + - ["get-timezone", "gtz"] + - ["invoke-item", "ii"] + - ["move-item", "mi"] + - ["move-item", "move"] + - ["move-item", "mv"] + - ["move-itemproperty", "mp"] + - ["new-item", "ni"] + - ["new-psdrive", "mount"] + - ["new-psdrive", "ndr"] + - ["pop-location", "popd"] + - ["push-location", "pushd"] + - ["remove-item", "del"] + - ["remove-item", "erase"] + - ["remove-item", "rd"] + - ["remove-item", "ri"] + - ["remove-item", "rm"] + - ["remove-item", "rmdir"] + - ["remove-itemproperty", "rp"] + - ["remove-psdrive", "rdr"] + - ["rename-item", "ren"] + - ["rename-item", "rni"] + - ["rename-itemproperty", "rnp"] + - ["resolve-path", "rvpa"] + - ["set-clipboard", "scb"] + - ["set-item", "si"] + - ["set-itemproperty", "sp"] + - ["set-location", "cd"] + - ["set-location", "chdir"] + - ["set-location", "sl"] + - ["set-timezone", "stz"] + - ["start-process", "saps"] + - ["start-process", "start"] + - ["start-service", "sasv"] + - ["stop-process", "kill"] + - ["stop-process", "spps"] + - ["stop-service", "spsv"] + - ["compress-psresource", "cmres"] + - ["find-psresource", "fdres"] + - ["get-installedpsresource", "get-psresource"] + - ["install-psresource", "isres"] + - ["publish-psresource", "pbres"] + - ["update-psresource", "udres"] + - ["clear-variable", "clv"] + - ["compare-object", "compare"] + - ["compare-object", "diff"] + - ["disable-psbreakpoint", "dbp"] + - ["enable-psbreakpoint", "ebp"] + - ["export-alias", "epal"] + - ["export-csv", "epcsv"] + - ["format-custom", "fc"] + - ["format-hex", "fhx"] + - ["format-list", "fl"] + - ["format-table", "ft"] + - ["format-wide", "fw"] + - ["get-alias", "gal"] + - ["get-error", "gerr"] + - ["get-member", "gm"] + - ["get-psbreakpoint", "gbp"] + - ["get-pscallstack", "gcs"] + - ["get-unique", "gu"] + - ["get-variable", "gv"] + - ["group-object", "group"] + - ["import-alias", "ipal"] + - ["import-csv", "ipcsv"] + - ["invoke-expression", "iex"] + - ["invoke-restmethod", "irm"] + - ["invoke-webrequest", "iwr"] + - ["measure-object", "measure"] + - ["new-alias", "nal"] + - ["new-variable", "nv"] + - ["out-gridview", "ogv"] + - ["remove-psbreakpoint", "rbp"] + - ["remove-variable", "rv"] + - ["select-object", "select"] + - ["select-string", "sls"] + - ["set-alias", "sal"] + - ["set-psbreakpoint", "sbp"] + - ["set-variable", "set"] + - ["set-variable", "sv"] + - ["show-command", "shcm"] + - ["sort-object", "sort"] + - ["start-sleep", "sleep"] + - ["tee-object", "tee"] + - ["write-output", "echo"] + - ["write-output", "write"] + - ["add-localgroupmember", "algm"] + - ["disable-localuser", "dlu"] + - ["enable-localuser", "elu"] + - ["get-localgroup", "glg"] + - ["get-localgroupmember", "glgm"] + - ["get-localuser", "glu"] + - ["new-localgroup", "nlg"] + - ["new-localuser", "nlu"] + - ["remove-localgroup", "rlg"] + - ["remove-localgroupmember", "rlgm"] + - ["remove-localuser", "rlu"] + - ["rename-localgroup", "rnlg"] + - ["rename-localuser", "rnlu"] + - ["set-localgroup", "slg"] + - ["set-localuser", "slu"] \ No newline at end of file diff --git a/powershell/ql/lib/semmle/code/powershell/frameworks/data/internal/cmdlet.model.yml b/powershell/ql/lib/semmle/code/powershell/frameworks/data/internal/cmdlet.model.yml new file mode 100644 index 000000000000..935a19ada9cf --- /dev/null +++ b/powershell/ql/lib/semmle/code/powershell/frameworks/data/internal/cmdlet.model.yml @@ -0,0 +1,398 @@ +extensions: + - addsTo: + pack: microsoft/powershell-all + extensible: cmdletModel + data: + - ["cimcmdlets", "remove-ciminstance"] + - ["cimcmdlets", "import-binarymilog"] + - ["cimcmdlets", "get-cimclass"] + - ["cimcmdlets", "new-ciminstance"] + - ["cimcmdlets", "cimcmdlets"] + - ["cimcmdlets", "get-cimsession"] + - ["cimcmdlets", "new-cimsession"] + - ["cimcmdlets", "get-cimassociatedinstance"] + - ["cimcmdlets", "export-binarymilog"] + - ["cimcmdlets", "new-cimsessionoption"] + - ["cimcmdlets", "set-ciminstance"] + - ["cimcmdlets", "invoke-cimmethod"] + - ["cimcmdlets", "get-ciminstance"] + - ["cimcmdlets", "remove-cimsession"] + - ["cimcmdlets", "register-cimindicationevent"] + - ["ise", "new-isesnippet"] + - ["ise", "import-isesnippet"] + - ["ise", "get-isesnippet"] + - ["microsoft.powershell.archive", "expand-archive"] + - ["microsoft.powershell.archive", "compress-archive"] + - ["microsoft.powershell.core", "compress-archive"] + - ["microsoft.powershell.core", "test-pssessionconfigurationfile"] + - ["microsoft.powershell.core", "export-modulemember"] + - ["microsoft.powershell.core", "get-pssubsystem"] + - ["microsoft.powershell.core", "where-object"] + - ["microsoft.powershell.core", "new-pssessionconfigurationfile"] + - ["microsoft.powershell.core", "get-pssnapin"] + - ["microsoft.powershell.core", "tabexpansion2"] + - ["microsoft.powershell.core", "clear-history"] + - ["microsoft.powershell.core", "get-history"] + - ["microsoft.powershell.core", "remove-pssession"] + - ["microsoft.powershell.core", "debug-job"] + - ["microsoft.powershell.core", "register-pssessionconfiguration"] + - ["microsoft.powershell.core", "new-modulemanifest"] + - ["microsoft.powershell.core", "disable-pssessionconfiguration"] + - ["microsoft.powershell.core", "invoke-command"] + - ["microsoft.powershell.core", "get-pshostprocessinfo"] + - ["microsoft.powershell.core", "get-pssessionconfiguration"] + - ["microsoft.powershell.core", "wait-job"] + - ["microsoft.powershell.core", "enable-experimentalfeature"] + - ["microsoft.powershell.core", "add-pssnapin"] + - ["microsoft.powershell.core", "new-psrolecapabilityfile"] + - ["microsoft.powershell.core", "new-pssessionoption"] + - ["microsoft.powershell.core", "receive-job"] + - ["microsoft.powershell.core", "disconnect-pssession"] + - ["microsoft.powershell.core", "set-pssessionconfiguration"] + - ["microsoft.powershell.core", "add-history"] + - ["microsoft.powershell.core", "remove-pssnapin"] + - ["microsoft.powershell.core", "export-console"] + - ["microsoft.powershell.core", "get-help"] + - ["microsoft.powershell.core", "suspend-job"] + - ["microsoft.powershell.core", "switch-process"] + - ["microsoft.powershell.core", "remove-job"] + - ["microsoft.powershell.core", "receive-pssession"] + - ["microsoft.powershell.core", "save-help"] + - ["microsoft.powershell.core", "connect-pssession"] + - ["microsoft.powershell.core", "get-experimentalfeature"] + - ["microsoft.powershell.core", "import-module"] + - ["microsoft.powershell.core", "remove-module"] + - ["microsoft.powershell.core", "get-pssessioncapability"] + - ["microsoft.powershell.core", "new-module"] + - ["microsoft.powershell.core", "set-psdebug"] + - ["microsoft.powershell.core", "enable-psremoting"] + - ["microsoft.powershell.core", "get-job"] + - ["microsoft.powershell.core", "out-null"] + - ["microsoft.powershell.core", "get-pssession"] + - ["microsoft.powershell.core", "start-job"] + - ["microsoft.powershell.core", "exit-pssession"] + - ["microsoft.powershell.core", "register-argumentcompleter"] + - ["microsoft.powershell.core", "invoke-history"] + - ["microsoft.powershell.core", "new-pstransportoption"] + - ["microsoft.powershell.core", "new-pssession"] + - ["microsoft.powershell.core", "disable-experimentalfeature"] + - ["microsoft.powershell.core", "enable-pssessionconfiguration"] + - ["microsoft.powershell.core", "foreach-object"] + - ["microsoft.powershell.core", "disable-psremoting"] + - ["microsoft.powershell.core", "enter-pssession"] + - ["microsoft.powershell.core", "set-strictmode"] + - ["microsoft.powershell.core", "stop-job"] + - ["microsoft.powershell.core", "get-verb"] + - ["microsoft.powershell.core", "update-help"] + - ["microsoft.powershell.core", "resume-job"] + - ["microsoft.powershell.core", "get-module"] + - ["microsoft.powershell.core", "clear-host"] + - ["microsoft.powershell.core", "enter-pshostprocess"] + - ["microsoft.powershell.core", "get-command"] + - ["microsoft.powershell.core", "test-modulemanifest"] + - ["microsoft.powershell.core", "unregister-pssessionconfiguration"] + - ["microsoft.powershell.core", "exit-pshostprocess"] + - ["microsoft.powershell.core", "out-default"] + - ["microsoft.powershell.core", "out-host"] + - ["microsoft.powershell.diagnostics", "get-counter"] + - ["microsoft.powershell.diagnostics", "export-counter"] + - ["microsoft.powershell.diagnostics", "get-winevent"] + - ["microsoft.powershell.diagnostics", "new-winevent"] + - ["microsoft.powershell.diagnostics", "import-counter"] + - ["microsoft.powershell.host", "start-transcript"] + - ["microsoft.powershell.host", "stop-transcript"] + - ["microsoft.powershell.localaccounts", "stop-transcript"] + - ["microsoft.powershell.localaccounts", "new-localgroup"] + - ["microsoft.powershell.localaccounts", "rename-localuser"] + - ["microsoft.powershell.localaccounts", "new-localuser"] + - ["microsoft.powershell.localaccounts", "add-localgroupmember"] + - ["microsoft.powershell.localaccounts", "set-localgroup"] + - ["microsoft.powershell.localaccounts", "enable-localuser"] + - ["microsoft.powershell.localaccounts", "disable-localuser"] + - ["microsoft.powershell.localaccounts", "get-localgroup"] + - ["microsoft.powershell.localaccounts", "remove-localgroup"] + - ["microsoft.powershell.localaccounts", "set-localuser"] + - ["microsoft.powershell.localaccounts", "remove-localgroupmember"] + - ["microsoft.powershell.localaccounts", "remove-localuser"] + - ["microsoft.powershell.localaccounts", "get-localgroupmember"] + - ["microsoft.powershell.localaccounts", "get-localuser"] + - ["microsoft.powershell.localaccounts", "rename-localgroup"] + - ["microsoft.powershell.management", "rename-localgroup"] + - ["microsoft.powershell.management", "reset-computermachinepassword"] + - ["microsoft.powershell.management", "rename-itemproperty"] + - ["microsoft.powershell.management", "set-itemproperty"] + - ["microsoft.powershell.management", "get-itemproperty"] + - ["microsoft.powershell.management", "remove-item"] + - ["microsoft.powershell.management", "set-service"] + - ["microsoft.powershell.management", "restore-computer"] + - ["microsoft.powershell.management", "test-path"] + - ["microsoft.powershell.management", "copy-itemproperty"] + - ["microsoft.powershell.management", "get-wmiobject"] + - ["microsoft.powershell.management", "show-controlpanelitem"] + - ["microsoft.powershell.management", "test-computersecurechannel"] + - ["microsoft.powershell.management", "clear-eventlog"] + - ["microsoft.powershell.management", "remove-psdrive"] + - ["microsoft.powershell.management", "get-itempropertyvalue"] + - ["microsoft.powershell.management", "convert-path"] + - ["microsoft.powershell.management", "remove-wmiobject"] + - ["microsoft.powershell.management", "show-eventlog"] + - ["microsoft.powershell.management", "resolve-path"] + - ["microsoft.powershell.management", "get-location"] + - ["microsoft.powershell.management", "stop-computer"] + - ["microsoft.powershell.management", "move-item"] + - ["microsoft.powershell.management", "invoke-wmimethod"] + - ["microsoft.powershell.management", "add-content"] + - ["microsoft.powershell.management", "split-path"] + - ["microsoft.powershell.management", "undo-transaction"] + - ["microsoft.powershell.management", "set-location"] + - ["microsoft.powershell.management", "get-childitem"] + - ["microsoft.powershell.management", "start-transaction"] + - ["microsoft.powershell.management", "suspend-service"] + - ["microsoft.powershell.management", "set-timezone"] + - ["microsoft.powershell.management", "wait-process"] + - ["microsoft.powershell.management", "stop-service"] + - ["microsoft.powershell.management", "new-webserviceproxy"] + - ["microsoft.powershell.management", "get-content"] + - ["microsoft.powershell.management", "set-wmiinstance"] + - ["microsoft.powershell.management", "stop-process"] + - ["microsoft.powershell.management", "clear-content"] + - ["microsoft.powershell.management", "checkpoint-computer"] + - ["microsoft.powershell.management", "complete-transaction"] + - ["microsoft.powershell.management", "get-eventlog"] + - ["microsoft.powershell.management", "debug-process"] + - ["microsoft.powershell.management", "clear-recyclebin"] + - ["microsoft.powershell.management", "start-process"] + - ["microsoft.powershell.management", "copy-item"] + - ["microsoft.powershell.management", "write-eventlog"] + - ["microsoft.powershell.management", "set-content"] + - ["microsoft.powershell.management", "new-itemproperty"] + - ["microsoft.powershell.management", "restart-service"] + - ["microsoft.powershell.management", "get-controlpanelitem"] + - ["microsoft.powershell.management", "move-itemproperty"] + - ["microsoft.powershell.management", "get-transaction"] + - ["microsoft.powershell.management", "new-eventlog"] + - ["microsoft.powershell.management", "get-hotfix"] + - ["microsoft.powershell.management", "add-computer"] + - ["microsoft.powershell.management", "push-location"] + - ["microsoft.powershell.management", "start-service"] + - ["microsoft.powershell.management", "join-path"] + - ["microsoft.powershell.management", "test-connection"] + - ["microsoft.powershell.management", "set-clipboard"] + - ["microsoft.powershell.management", "get-timezone"] + - ["microsoft.powershell.management", "get-service"] + - ["microsoft.powershell.management", "restart-computer"] + - ["microsoft.powershell.management", "clear-itemproperty"] + - ["microsoft.powershell.management", "resume-service"] + - ["microsoft.powershell.management", "new-psdrive"] + - ["microsoft.powershell.management", "get-psprovider"] + - ["microsoft.powershell.management", "get-psdrive"] + - ["microsoft.powershell.management", "limit-eventlog"] + - ["microsoft.powershell.management", "rename-computer"] + - ["microsoft.powershell.management", "get-computerrestorepoint"] + - ["microsoft.powershell.management", "pop-location"] + - ["microsoft.powershell.management", "rename-item"] + - ["microsoft.powershell.management", "remove-itemproperty"] + - ["microsoft.powershell.management", "enable-computerrestore"] + - ["microsoft.powershell.management", "register-wmievent"] + - ["microsoft.powershell.management", "get-computerinfo"] + - ["microsoft.powershell.management", "remove-service"] + - ["microsoft.powershell.management", "disable-computerrestore"] + - ["microsoft.powershell.management", "set-item"] + - ["microsoft.powershell.management", "remove-computer"] + - ["microsoft.powershell.management", "invoke-item"] + - ["microsoft.powershell.management", "use-transaction"] + - ["microsoft.powershell.management", "get-process"] + - ["microsoft.powershell.management", "get-item"] + - ["microsoft.powershell.management", "new-item"] + - ["microsoft.powershell.management", "get-clipboard"] + - ["microsoft.powershell.management", "remove-eventlog"] + - ["microsoft.powershell.management", "clear-item"] + - ["microsoft.powershell.management", "new-service"] + - ["microsoft.powershell.odatautils", "export-odataendpointproxy"] + - ["microsoft.powershell.operation.validation", "get-operationvalidation"] + - ["microsoft.powershell.operation.validation", "invoke-operationvalidation"] + - ["microsoft.powershell.security", "get-pfxcertificate"] + - ["microsoft.powershell.security", "set-authenticodesignature"] + - ["microsoft.powershell.security", "get-acl"] + - ["microsoft.powershell.security", "get-credential"] + - ["microsoft.powershell.security", "get-executionpolicy"] + - ["microsoft.powershell.security", "protect-cmsmessage"] + - ["microsoft.powershell.security", "set-acl"] + - ["microsoft.powershell.security", "get-authenticodesignature"] + - ["microsoft.powershell.security", "get-cmsmessage"] + - ["microsoft.powershell.security", "new-filecatalog"] + - ["microsoft.powershell.security", "unprotect-cmsmessage"] + - ["microsoft.powershell.security", "set-executionpolicy"] + - ["microsoft.powershell.security", "convertto-securestring"] + - ["microsoft.powershell.security", "test-filecatalog"] + - ["microsoft.powershell.security", "convertfrom-securestring"] + - ["microsoft.powershell.utility", "convertfrom-string"] + - ["microsoft.powershell.utility", "remove-typedata"] + - ["microsoft.powershell.utility", "set-markdownoption"] + - ["microsoft.powershell.utility", "import-powershelldatafile"] + - ["microsoft.powershell.utility", "get-markdownoption"] + - ["microsoft.powershell.utility", "tee-object"] + - ["microsoft.powershell.utility", "get-event"] + - ["microsoft.powershell.utility", "write-debug"] + - ["microsoft.powershell.utility", "import-pssession"] + - ["microsoft.powershell.utility", "select-string"] + - ["microsoft.powershell.utility", "register-engineevent"] + - ["microsoft.powershell.utility", "convertfrom-stringdata"] + - ["microsoft.powershell.utility", "select-object"] + - ["microsoft.powershell.utility", "write-progress"] + - ["microsoft.powershell.utility", "set-tracesource"] + - ["microsoft.powershell.utility", "group-object"] + - ["microsoft.powershell.utility", "get-error"] + - ["microsoft.powershell.utility", "update-typedata"] + - ["microsoft.powershell.utility", "get-uptime"] + - ["microsoft.powershell.utility", "new-event"] + - ["microsoft.powershell.utility", "write-error"] + - ["microsoft.powershell.utility", "add-member"] + - ["microsoft.powershell.utility", "get-filehash"] + - ["microsoft.powershell.utility", "import-alias"] + - ["microsoft.powershell.utility", "get-pscallstack"] + - ["microsoft.powershell.utility", "disable-runspacedebug"] + - ["microsoft.powershell.utility", "unblock-file"] + - ["microsoft.powershell.utility", "new-temporaryfile"] + - ["microsoft.powershell.utility", "debug-runspace"] + - ["microsoft.powershell.utility", "convertto-xml"] + - ["microsoft.powershell.utility", "get-verb"] + - ["microsoft.powershell.utility", "disable-psbreakpoint"] + - ["microsoft.powershell.utility", "format-wide"] + - ["microsoft.powershell.utility", "export-csv"] + - ["microsoft.powershell.utility", "convertto-csv"] + - ["microsoft.powershell.utility", "new-timespan"] + - ["microsoft.powershell.utility", "show-markdown"] + - ["microsoft.powershell.utility", "add-type"] + - ["microsoft.powershell.utility", "import-clixml"] + - ["microsoft.powershell.utility", "get-runspacedebug"] + - ["microsoft.powershell.utility", "get-host"] + - ["microsoft.powershell.utility", "get-typedata"] + - ["microsoft.powershell.utility", "update-list"] + - ["microsoft.powershell.utility", "clear-variable"] + - ["microsoft.powershell.utility", "get-securerandom"] + - ["microsoft.powershell.utility", "convertfrom-clixml"] + - ["microsoft.powershell.utility", "get-member"] + - ["microsoft.powershell.utility", "invoke-restmethod"] + - ["microsoft.powershell.utility", "convertfrom-markdown"] + - ["microsoft.powershell.utility", "show-command"] + - ["microsoft.powershell.utility", "unregister-event"] + - ["microsoft.powershell.utility", "export-alias"] + - ["microsoft.powershell.utility", "convertfrom-csv"] + - ["microsoft.powershell.utility", "send-mailmessage"] + - ["microsoft.powershell.utility", "export-formatdata"] + - ["microsoft.powershell.utility", "out-string"] + - ["microsoft.powershell.utility", "format-custom"] + - ["microsoft.powershell.utility", "write-information"] + - ["microsoft.powershell.utility", "new-alias"] + - ["microsoft.powershell.utility", "import-localizeddata"] + - ["microsoft.powershell.utility", "remove-event"] + - ["microsoft.powershell.utility", "write-warning"] + - ["microsoft.powershell.utility", "out-file"] + - ["microsoft.powershell.utility", "write-output"] + - ["microsoft.powershell.utility", "write-host"] + - ["microsoft.powershell.utility", "convertfrom-sddlstring"] + - ["microsoft.powershell.utility", "register-objectevent"] + - ["microsoft.powershell.utility", "update-formatdata"] + - ["microsoft.powershell.utility", "invoke-webrequest"] + - ["microsoft.powershell.utility", "compare-object"] + - ["microsoft.powershell.utility", "convertto-html"] + - ["microsoft.powershell.utility", "write-verbose"] + - ["microsoft.powershell.utility", "format-hex"] + - ["microsoft.powershell.utility", "get-eventsubscriber"] + - ["microsoft.powershell.utility", "read-host"] + - ["microsoft.powershell.utility", "measure-command"] + - ["microsoft.powershell.utility", "start-sleep"] + - ["microsoft.powershell.utility", "get-runspace"] + - ["microsoft.powershell.utility", "out-gridview"] + - ["microsoft.powershell.utility", "convertto-clixml"] + - ["microsoft.powershell.utility", "wait-event"] + - ["microsoft.powershell.utility", "export-pssession"] + - ["microsoft.powershell.utility", "remove-variable"] + - ["microsoft.powershell.utility", "get-variable"] + - ["microsoft.powershell.utility", "remove-alias"] + - ["microsoft.powershell.utility", "get-random"] + - ["microsoft.powershell.utility", "set-variable"] + - ["microsoft.powershell.utility", "set-alias"] + - ["microsoft.powershell.utility", "get-uiculture"] + - ["microsoft.powershell.utility", "get-alias"] + - ["microsoft.powershell.utility", "get-date"] + - ["microsoft.powershell.utility", "format-table"] + - ["microsoft.powershell.utility", "get-unique"] + - ["microsoft.powershell.utility", "set-psbreakpoint"] + - ["microsoft.powershell.utility", "out-printer"] + - ["microsoft.powershell.utility", "import-csv"] + - ["microsoft.powershell.utility", "enable-psbreakpoint"] + - ["microsoft.powershell.utility", "convert-string"] + - ["microsoft.powershell.utility", "select-xml"] + - ["microsoft.powershell.utility", "test-json"] + - ["microsoft.powershell.utility", "measure-object"] + - ["microsoft.powershell.utility", "get-psbreakpoint"] + - ["microsoft.powershell.utility", "sort-object"] + - ["microsoft.powershell.utility", "new-object"] + - ["microsoft.powershell.utility", "invoke-expression"] + - ["microsoft.powershell.utility", "wait-debugger"] + - ["microsoft.powershell.utility", "remove-psbreakpoint"] + - ["microsoft.powershell.utility", "new-variable"] + - ["microsoft.powershell.utility", "get-formatdata"] + - ["microsoft.powershell.utility", "trace-command"] + - ["microsoft.powershell.utility", "get-culture"] + - ["microsoft.powershell.utility", "get-tracesource"] + - ["microsoft.powershell.utility", "new-guid"] + - ["microsoft.powershell.utility", "enable-runspacedebug"] + - ["microsoft.powershell.utility", "join-string"] + - ["microsoft.powershell.utility", "export-clixml"] + - ["microsoft.powershell.utility", "convertfrom-json"] + - ["microsoft.powershell.utility", "format-list"] + - ["microsoft.powershell.utility", "set-date"] + - ["microsoft.powershell.utility", "convertto-json"] + - ["microsoft.wsman.management", "connect-wsman"] + - ["microsoft.wsman.management", "disconnect-wsman"] + - ["microsoft.wsman.management", "remove-wsmaninstance"] + - ["microsoft.wsman.management", "new-wsmaninstance"] + - ["microsoft.wsman.management", "set-wsmaninstance"] + - ["microsoft.wsman.management", "test-wsman"] + - ["microsoft.wsman.management", "get-wsmancredssp"] + - ["microsoft.wsman.management", "get-wsmaninstance"] + - ["microsoft.wsman.management", "disable-wsmancredssp"] + - ["microsoft.wsman.management", "new-wsmansessionoption"] + - ["microsoft.wsman.management", "invoke-wsmanaction"] + - ["microsoft.wsman.management", "set-wsmanquickconfig"] + - ["microsoft.wsman.management", "enable-wsmancredssp"] + - ["psdiagnostics", "enable-pstrace"] + - ["psdiagnostics", "disable-wsmantrace"] + - ["psdiagnostics", "enable-wsmantrace"] + - ["psdiagnostics", "disable-pstrace"] + - ["psdiagnostics", "set-logproperties"] + - ["psdiagnostics", "enable-pswsmancombinedtrace"] + - ["psdiagnostics", "get-logproperties"] + - ["psdiagnostics", "disable-pswsmancombinedtrace"] + - ["psdiagnostics", "start-trace"] + - ["psdiagnostics", "stop-trace"] + - ["psreadline", "get-psreadlineoption"] + - ["psreadline", "set-psreadlinekeyhandler"] + - ["psreadline", "get-psreadlinekeyhandler"] + - ["psreadline", "remove-psreadlinekeyhandler"] + - ["psreadline", "psconsolehostreadline"] + - ["psreadline", "set-psreadlineoption"] + - ["psscheduledjob", "set-psreadlineoption"] + - ["psscheduledjob", "set-jobtrigger"] + - ["psscheduledjob", "add-jobtrigger"] + - ["psscheduledjob", "enable-jobtrigger"] + - ["psscheduledjob", "disable-scheduledjob"] + - ["psscheduledjob", "enable-scheduledjob"] + - ["psscheduledjob", "new-scheduledjoboption"] + - ["psscheduledjob", "unregister-scheduledjob"] + - ["psscheduledjob", "remove-jobtrigger"] + - ["psscheduledjob", "get-scheduledjoboption"] + - ["psscheduledjob", "new-jobtrigger"] + - ["psscheduledjob", "disable-jobtrigger"] + - ["psscheduledjob", "set-scheduledjob"] + - ["psscheduledjob", "get-jobtrigger"] + - ["psscheduledjob", "set-scheduledjoboption"] + - ["psscheduledjob", "register-scheduledjob"] + - ["psscheduledjob", "get-scheduledjob"] + - ["psworkflow", "new-psworkflowsession"] + - ["psworkflow", "new-psworkflowexecutionoption"] + - ["psworkflowutility", "invoke-asworkflow"] + - ["threadjob", "start-threadjob"] \ No newline at end of file From e96e464855d5a8c3db81721fa9ab0875b775daeb Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 11 Aug 2025 12:49:47 +0100 Subject: [PATCH 4/4] PS: Accept test changes. --- .../cwe-078/CommandInjection/CommandInjection.expected | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/powershell/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected b/powershell/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected index 4ce3845cc051..fd567d0d46f0 100644 --- a/powershell/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected +++ b/powershell/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected @@ -3,7 +3,7 @@ edges | test.ps1:9:11:9:20 | userinput | test.ps1:10:9:10:38 | Get-Process -Name $UserInput | provenance | | | test.ps1:15:11:15:20 | userinput | test.ps1:16:50:16:79 | Get-Process -Name $UserInput | provenance | | | test.ps1:21:11:21:20 | userinput | test.ps1:22:41:22:70 | Get-Process -Name $UserInput | provenance | | -| test.ps1:27:11:27:20 | userinput | test.ps1:28:38:28:67 | Get-Process -Name $UserInput | provenance | | +| test.ps1:27:11:27:20 | userinput | test.ps1:28:38:28:67 | Get-Process -Name $UserInput | provenance | Sink:MaD:102 | | test.ps1:33:11:33:20 | userinput | test.ps1:34:14:34:46 | public class Foo { $UserInput } | provenance | | | test.ps1:39:11:39:20 | userinput | test.ps1:40:30:40:62 | public class Foo { $UserInput } | provenance | | | test.ps1:45:11:45:20 | userinput | test.ps1:47:5:47:9 | code | provenance | | @@ -11,7 +11,7 @@ edges | test.ps1:73:11:73:20 | userinput | test.ps1:75:25:75:54 | Get-Process -Name $UserInput | provenance | | | test.ps1:80:11:80:20 | userinput | test.ps1:82:16:82:45 | Get-Process -Name $UserInput | provenance | | | test.ps1:87:11:87:20 | userinput | test.ps1:89:12:89:28 | ping $UserInput | provenance | | -| test.ps1:94:11:94:20 | userinput | test.ps1:98:33:98:62 | Get-Process -Name $UserInput | provenance | | +| test.ps1:94:11:94:20 | userinput | test.ps1:98:33:98:62 | Get-Process -Name $UserInput | provenance | Sink:MaD:101 | | test.ps1:104:11:104:20 | userinput | test.ps1:108:58:108:87 | Get-Process -Name $UserInput | provenance | | | test.ps1:114:11:114:20 | userinput | test.ps1:116:34:116:43 | UserInput | provenance | | | test.ps1:121:11:121:20 | userinput | test.ps1:123:28:123:37 | UserInput | provenance | |