Merge pull request #199 from microsoft/fix-top-level-arguments

PS: Fix a couple of missing local flow sources

Author: chanel-y

powershell/ql/lib/semmle/code/powershell/ast/internal/FunctionBase.qll

@@ -21,3 +21,8 @@ class FunctionBase extends Ast, TFunctionBase {
 
   final int getNumberOfParameters() { result = count(this.getAParameter()) }
 }
+
+/**
+ * The implicit function that represents the entire script block in a file.
+ */
+class TopLevelFunction extends FunctionBase, TTopLevelFunction { }

powershell/ql/lib/semmle/code/powershell/ast/internal/Synthesis.qll

@@ -675,8 +675,11 @@ private module LiteralSynth {
         s = "null" and
         child = SynthChild(NullLiteralKind())
         or
-        Raw::isEnvVariableAccess(va, s) and
-        child = SynthChild(EnvVariableKind(s))
+        exists(string s0 |
+          s = "env:" + s0 and
+          Raw::isEnvVariableAccess(va, s0) and
+          child = SynthChild(EnvVariableKind(s0))
+        )
         or
         isAutomaticVariableAccess(va, s) and
         child = SynthChild(AutomaticVariableKind(s))

powershell/ql/lib/semmle/code/powershell/dataflow/flowsources/Local.qll

@@ -59,7 +59,7 @@ private class ExternalCommandLineArgumentSource extends CommandLineArgumentSourc
  * A data flow source that represents the parameters of the `Main` method of a program.
  */
 private class MainMethodArgumentSource extends CommandLineArgumentSource {
-  MainMethodArgumentSource() { this.asParameter().getParent() instanceof TopLevelScriptBlock }
+  MainMethodArgumentSource() { this.asParameter().getFunction() instanceof TopLevelFunction }
 }
 
 /**

powershell/ql/lib/semmle/code/powershell/frameworks/SystemConsole/model.yml

@@ -1,4 +1,12 @@
 edges
+| test.ps1:1:8:1:9 | x | test.ps1:3:28:3:47 | Get-Process -Id $x | provenance |  |
+| test.ps1:5:10:5:20 | my_var | test.ps1:7:3:7:19 | $code --enabled | provenance |  |
 nodes
+| test.ps1:1:8:1:9 | x | semmle.label | x |
+| test.ps1:3:28:3:47 | Get-Process -Id $x | semmle.label | Get-Process -Id $x |
+| test.ps1:5:10:5:20 | my_var | semmle.label | my_var |
+| test.ps1:7:3:7:19 | $code --enabled | semmle.label | $code --enabled |
 subpaths
 #select
+| test.ps1:3:28:3:47 | Get-Process -Id $x | test.ps1:1:8:1:9 | x | test.ps1:3:28:3:47 | Get-Process -Id $x | This command depends on a $@. | test.ps1:1:8:1:9 | x | user-provided value |
+| test.ps1:7:3:7:19 | $code --enabled | test.ps1:5:10:5:20 | my_var | test.ps1:7:3:7:19 | $code --enabled | This command depends on a $@. | test.ps1:5:10:5:20 | my_var | user-provided value |