Merge pull request #108 from microsoft/fix-powershell-compilation

MathiasVP · web-flow · commit e36e6175dd0c · 2024-10-02T13:38:21.000+02:00
PS: Fix compile errors and warnings.
diff --git a/powershell/ql/lib/semmle/code/powershell/ExpandableStringExpression.qll b/powershell/ql/lib/semmle/code/powershell/ExpandableStringExpression.qll
@@ -7,8 +7,6 @@ class ExpandableStringExpr extends @expandable_string_expression, Expr {
 
   StringLiteral getUnexpandedValue() { expandable_string_expression(this, result, _, _) }
 
-  private int getKind() { expandable_string_expression(this, _, result, _) }
-
   int getNumExprs() { result = count(this.getAnExpr()) }
 
   Expr getExpr(int i) { expandable_string_expression_nested_expression(this, i, result) }
diff --git a/powershell/ql/lib/semmle/code/powershell/controlflow/internal/Completion.qll b/powershell/ql/lib/semmle/code/powershell/controlflow/internal/Completion.qll
@@ -96,12 +96,16 @@ abstract class Completion extends TCompletion {
 /** Holds if node `n` has the Boolean constant value `value`. */
 private predicate isBooleanConstant(Ast n, boolean value) {
   mustHaveBooleanCompletion(n) and
-  none() // TODO
+  // TODO
+  exists(value) and
+  none()
 }
 
 private predicate isMatchingConstant(Ast n, boolean value) {
   inMatchingContext(n) and
-  none() // TODO
+  // TODO
+  exists(value) and
+  none()
 }
 
 /**
diff --git a/powershell/ql/src/experimental/CommandInjection.ql b/powershell/ql/src/experimental/CommandInjection.ql
@@ -24,7 +24,7 @@ predicate constantBinaryExpression(BinaryExpr binary) {
 }
 
 predicate onlyConstantExpressions(Expr expr){
-  expr instanceof StringConstExpression or constantBinaryExpression(expr) or constantTernaryExpression(expr)
+  expr instanceof StringConstExpr or constantBinaryExpression(expr) or constantTernaryExpression(expr)
 }
 
 VarAccess getNonConstantVariableAssignment(VarAccess varexpr) {
@@ -39,7 +39,7 @@ VarAccess getNonConstantVariableAssignment(VarAccess varexpr) {
 
 VarAccess getParameterWithVariableScope(VarAccess varexpr) {
   exists(Parameter parameter |
-    result = parameter.getName() and
+    result = parameter.getAnAccess() and
     containsScope(result, varexpr)
   )
 }
@@ -48,16 +48,16 @@ Expr getAllSubExpressions(Expr expr)
 {
   result = expr or
   result = getAllSubExpressions(expr.(ArrayLiteral).getAnElement()) or
-  result = getAllSubExpressions(expr.(ArrayExpr).getStatementBlock().getAStatement().(Pipeline).getAComponent().(CmdExpr).getExpr())
+  result = getAllSubExpressions(expr.(ArrayExpr).getStmtBlock().getAStmt().(Pipeline).getAComponent().(CmdExpr).getExpr())
 }
 
 Expr dangerousCommandElement(Cmd command)
 {
   (
     command.getKind() = 28 or
-    command.getName() = "Invoke-Expression"
+    command.getCommandName() = "Invoke-Expression"
   ) and
-  result = getAllSubExpressions(command.getAnElement())
+  result = getAllSubExpressions(command.getAnArgument())
 }
 
 from Expr commandarg, VarAccess unknownDeclaration

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ predicate constantBinaryExpression(BinaryExpr binary) {`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`predicate onlyConstantExpressions(Expr expr){`
`27`		`- expr instanceof StringConstExpression or constantBinaryExpression(expr) or constantTernaryExpression(expr)`
	`27`	`+ expr instanceof StringConstExpr or constantBinaryExpression(expr) or constantTernaryExpression(expr)`
`28`	`28`	`}`
`29`	`29`
`30`	`30`	`VarAccess getNonConstantVariableAssignment(VarAccess varexpr) {`
`@@ -39,7 +39,7 @@ VarAccess getNonConstantVariableAssignment(VarAccess varexpr) {`
`39`	`39`
`40`	`40`	`VarAccess getParameterWithVariableScope(VarAccess varexpr) {`
`41`	`41`	`exists(Parameter parameter \|`
`42`		`- result = parameter.getName() and`
	`42`	`+ result = parameter.getAnAccess() and`
`43`	`43`	`containsScope(result, varexpr)`
`44`	`44`	`)`
`45`	`45`	`}`
`@@ -48,16 +48,16 @@ Expr getAllSubExpressions(Expr expr)`
`48`	`48`	`{`
`49`	`49`	`result = expr or`
`50`	`50`	`result = getAllSubExpressions(expr.(ArrayLiteral).getAnElement()) or`
`51`		`- result = getAllSubExpressions(expr.(ArrayExpr).getStatementBlock().getAStatement().(Pipeline).getAComponent().(CmdExpr).getExpr())`
	`51`	`+ result = getAllSubExpressions(expr.(ArrayExpr).getStmtBlock().getAStmt().(Pipeline).getAComponent().(CmdExpr).getExpr())`
`52`	`52`	`}`
`53`	`53`
`54`	`54`	`Expr dangerousCommandElement(Cmd command)`
`55`	`55`	`{`
`56`	`56`	`(`
`57`	`57`	`command.getKind() = 28 or`
`58`		`- command.getName() = "Invoke-Expression"`
	`58`	`+ command.getCommandName() = "Invoke-Expression"`
`59`	`59`	`) and`
`60`		`- result = getAllSubExpressions(command.getAnElement())`
	`60`	`+ result = getAllSubExpressions(command.getAnArgument())`
`61`	`61`	`}`
`62`	`62`
`63`	`63`	`from Expr commandarg, VarAccess unknownDeclaration`