Skip to content

PS: Fix more Chanel-reported PowerShell issues #186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MathiasVP merged 12 commits into from
Apr 9, 2025
Merged

PS: Fix more Chanel-reported PowerShell issues #186

MathiasVP merged 12 commits into from
Apr 9, 2025

Conversation

@MathiasVP
Copy link
Collaborator

@MathiasVP MathiasVP commented Apr 3, 2025
edited
Loading

This PR fixes two three(!) PowerShell issues reported by @chanel-y:

Missing edges in API graphs

Consider this example:

$executionContext.InvokeCommand.InvokeScript(...)

@chanel-y reported that the following use of API graphs didn't work:

from API::Node call
where
  API::getTopLevelMember("executioncontext").getMember("invokecommand").getMethod("invokescript") =
    call
select call, "..."

This was because we were missing two API edges:

  • An edge from the top level (i.e., root) node to any use of an automatic variable such as $executionContext, and
  • An edge from a qualifier to a member read such as $executionContext.InvokeCommand

With those two extra steps added, the above snippet works 🥳

In addition, I added two drive-by fixes:

  • The first commit adds a location to the synthesized top-level function
  • The last commit adds a call to toLowerCase when selecting a method using getMethod. This is, again, necessary because PowerShell is case insensitive, and $executionContext.InvokeCommand.InvokeScript and $executionContext.invokecommand.invokescript both invokes the InvokeScript method.

Missing pipeline parameters

Recall that these two snippets are equivalent:

param([Parameter(ValueFromPipeline = $true)] $arg)

process {
    $arg
}

and

process {
    $_
}

One has an explicit pipeline parameter, and the other has an implicit one. That means that we sometimes have to synthesize implicit pipeline parameters in the AST.

This was already done in #178 and #181. However, sometimes I referred to a non-existing explicitly-provided pipeline parameter, and other times I referred to a synthesized implicitly-provided pipeline parameter when I should be referring to the explicitly-provided one. This PR makes sure that we always:

  • Refer to the synthesized one only if no explicit one is provided, and
  • Always refer to the explicit one if such a parameter is provided

Missing model edges in taint-tracking

We added models-as-data in #134, and slightly regressed it in #178. @chanel-y noticed this due to a lack of taint-flow through CodeGeneration.EscapeSingleQuotedStringContent. This PR adds the missing QL required to get that flow, and also adds a MaD taint-model for this method.

I'll do a follow-up that adds autogenerated models for the other methods later.

chanel-y
chanel-y previously approved these changes Apr 3, 2025
View reviewed changes
@MathiasVP MathiasVP changed the title Powershell automatic variables as member edges PS: Fix more Chanel-reported PowerShell issues Apr 4, 2025
@MathiasVP MathiasVP merged commit 7612ef9 into main Apr 9, 2025
1 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chanel-y chanel-y chanel-y approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MathiasVP @chanel-y