PS: Add various helper predicates.

Author: MathiasVP

powershell/ql/lib/semmle/code/powershell/Command.qll

@@ -19,8 +19,14 @@ class Cmd extends @command, CmdBase {
 
   StringConstExpr getCmdName() { result = this.getElement(0) }
 
-  Expr getAnArgument() { result = this.getArgument(_) or result = this.getNamedArgument(_) }
-
+  /** Gets any argument to this command. */
+  Expr getAnArgument() { result = this.getArgument(_) }
+
+  /**
+   * Gets the `i`th argument to this command.
+   *
+   * The argument may be named or positional.
+   */
   Expr getArgument(int i) {
     result =
       rank[i + 1](CmdElement e, int j |
@@ -32,6 +38,18 @@ class Cmd extends @command, CmdBase {
       )
   }
 
+  /** Gets the `i`th positional argument to this command. */
+  Expr getPositionalArgument(int i) {
+    result =
+      rank[i + 1](Argument e, int j |
+        e = this.getArgument(j) and
+        e instanceof PositionalArgument
+      |
+        e order by j
+      )
+  }
+
+  /** Gets the named argument with the given name. */
   Expr getNamedArgument(string name) {
     exists(int i, CmdParameter p |
       this.getElement(i) = p and
@@ -53,11 +71,21 @@ class Cmd extends @command, CmdBase {
 class Argument extends Expr {
   Cmd cmd;
 
-  Argument() { cmd.getArgument(_) = this or cmd.getNamedArgument(_) = this }
+  Argument() { cmd.getAnArgument() = this }
 
   Cmd getCmd() { result = cmd }
 
-  int getIndex() { cmd.getArgument(result) = this }
+  int getPosition() { cmd.getPositionalArgument(result) = this }
 
   string getName() { cmd.getNamedArgument(result) = this }
 }
+
+/** A positional argument to a command. */
+class PositionalArgument extends Argument {
+  PositionalArgument() { not this instanceof NamedArgument }
+}
+
+/** A named argument to a command. */
+class NamedArgument extends Argument {
+  NamedArgument() { this = cmd.getNamedArgument(_) }
+}

powershell/ql/lib/semmle/code/powershell/Variable.qll

@@ -14,10 +14,10 @@ private predicate hasParameterBlockImpl(Internal::Parameter p, ParamBlock block,
 
 /**
  * Gets the enclosing scope of `p`.
- * 
+ *
  * For a function parameter, this is the function body. For a parameter from a
  * parameter block, this is the enclosing scope of the parameter block.
- * 
+ *
  * In both of the above cases, the enclosing scope is the function body.
  */
 private Scope getEnclosingScopeImpl(Internal::Parameter p) {
@@ -176,6 +176,8 @@ class Parameter extends AbstractLocalScopeVariable, TParameter {
 
   override string getName() { result = p.getName() }
 
+  final predicate hasName(string name) { name = p.getName() }
+
   final override Scope getDeclaringScope() { result = p.getEnclosingScope() }
 
   predicate hasParameterBlock(ParamBlock block, int i) { p.hasParameterBlock(block, i) }
@@ -186,7 +188,18 @@ class Parameter extends AbstractLocalScopeVariable, TParameter {
 
   predicate hasDefaultValue() { exists(this.getDefaultValue()) }
 
-  int getIndex() { this.isFunctionParameter(_, result) }
+  /**
+   * Gets the index of this parameter.
+   *
+   * The parameter may be in a parameter block or a function parameter.
+   */
+  int getIndex() { result = this.getFunctionIndex() or result = this.getBlockIndex() }
+
+  /** Gets the index of this parameter in the parameter block, if any. */
+  int getBlockIndex() { this.hasParameterBlock(_, result) }
+
+  /** Gets the index of this parameter in the function, if any. */
+  int getFunctionIndex() { this.isFunctionParameter(_, result) }
 
   Function getFunction() { result.getBody() = this.getDeclaringScope() }
 }

powershell/ql/lib/semmle/code/powershell/controlflow/CfgNodes.qll

@@ -174,6 +174,14 @@ module ExprNodes {
     override Argument e;
 
     final override Argument getExpr() { result = super.getExpr() }
+
+    /** Gets the position of this argument, if any. */
+    int getPosition() { result = e.getPosition() }
+
+    /** Gets the name of this argument, if any. */
+    string getName() { result = e.getName() }
+
+    StmtNodes::CmdCfgNode getCmd() { result.getAnArgument() = this }
   }
 
   private class InvokeMemberChildMapping extends ExprChildMapping, InvokeMemberExpr {
@@ -253,7 +261,7 @@ module ExprNodes {
 
 module StmtNodes {
   private class CmdChildMapping extends NonExprChildMapping, Cmd {
-    override predicate relevantChild(Ast n) { n = this.getElement(_) }
+    override predicate relevantChild(Ast n) { n = this.getAnArgument() or n = this.getCommand() }
   }
 
   /** A control-flow node that wraps a `Cmd` AST expression. */
@@ -263,6 +271,20 @@ module StmtNodes {
     override CmdChildMapping s;
 
     override Cmd getStmt() { result = super.getStmt() }
+
+    ExprCfgNode getArgument(int i) { s.hasCfgChild(s.getArgument(i), this, result) }
+
+    ExprCfgNode getPositionalArgument(int i) {
+      s.hasCfgChild(s.getPositionalArgument(i), this, result)
+    }
+
+    ExprCfgNode getNamedArgument(string name) {
+      s.hasCfgChild(s.getNamedArgument(name), this, result)
+    }
+
+    ExprCfgNode getAnArgument() { s.hasCfgChild(s.getAnArgument(), this, result) }
+
+    ExprCfgNode getCommand() { s.hasCfgChild(s.getCommand(), this, result) }
   }
 
   private class AssignStmtChildMapping extends NonExprChildMapping, AssignStmt {

powershell/ql/lib/semmle/code/powershell/controlflow/internal/ControlFlowGraphImpl.qll

@@ -176,7 +176,7 @@ module Trees {
       exists(Parameter p |
         p =
           rank[i + 1](Parameter cand, int j |
-            cand.hasDefaultValue() and j = cand.getIndex()
+            cand.hasDefaultValue() and j = cand.getFunctionIndex()
           |
             cand order by j
           ) and