PS: Gets back the previously-lost false negative by making the variable property name expression the sink when there is a call to 'Invoke'.

Author: MathiasVP

powershell/ql/lib/semmle/code/powershell/security/CommandInjectionCustomizations.qll

@@ -142,9 +142,11 @@ module CommandInjection {
   class InvokeSink extends Sink {
     InvokeSink() {
       exists(InvokeMemberExpr ie |
-        this.asExpr().getExpr() = ie.getCallee() or 
-        this.asExpr().getExpr() = ie.getQualifier()
-      ) 
+        this.asExpr().getExpr() = ie.getCallee()
+        or
+        ie.getAName() = "Invoke" and
+        ie.getQualifier().(MemberExprReadAccess).getMemberExpr() = this.asExpr().getExpr()
+      )
     }
 
     override string getSinkType() { result = "call to Invoke" }