PS: Fixup 'powershell/command-injection' so that it compiles after all the AST name changes.

MathiasVP · MathiasVP · commit 1cb059c381d6 · 2024-09-03T18:18:16.000+01:00
diff --git a/powershell/ql/src/experimental/CommandInjection.ql b/powershell/ql/src/experimental/CommandInjection.ql
@@ -10,48 +10,48 @@
 
 import powershell
 
-predicate containsScope(VariableExpression outer, VariableExpression inner) {
+predicate containsScope(VarAccess outer, VarAccess inner) {
   outer.getUserPath() = inner.getUserPath() and
   outer != inner
 }
 
-predicate constantTernaryExpression(TernaryExpression ternary) {
+predicate constantTernaryExpression(ConditionalExpr ternary) {
   onlyConstantExpressions(ternary.getIfTrue()) and onlyConstantExpressions(ternary.getIfFalse())
 }
 
-predicate constantBinaryExpression(BinaryExpression binary) {
-  onlyConstantExpressions(binary.getLeftHandSide()) and onlyConstantExpressions(binary.getRightHandSide())
+predicate constantBinaryExpression(BinaryExpr binary) {
+  onlyConstantExpressions(binary.getLeft()) and onlyConstantExpressions(binary.getRight())
 }
 
-predicate onlyConstantExpressions(Expression expr){
-  expr instanceof StringConstantExpression or constantBinaryExpression(expr) or constantTernaryExpression(expr)
+predicate onlyConstantExpressions(Expr expr){
+  expr instanceof StringConstExpression or constantBinaryExpression(expr) or constantTernaryExpression(expr)
 }
 
-VariableExpression getNonConstantVariableAssignment(VariableExpression varexpr) {
+VarAccess getNonConstantVariableAssignment(VarAccess varexpr) {
   (
-    exists(AssignmentStatement assignment |
-      not onlyConstantExpressions(assignment.getRightHandSide().(CommandExpression).getExpression()) and
+    exists(AssignStmt assignment |
+      not onlyConstantExpressions(assignment.getRightHandSide().(CmdExpr).getExpr()) and
       result = assignment.getLeftHandSide()
     )
   ) and
   containsScope(result, varexpr)
 }
 
-VariableExpression getParameterWithVariableScope(VariableExpression varexpr) {
+VarAccess getParameterWithVariableScope(VarAccess varexpr) {
   exists(Parameter parameter |
     result = parameter.getName() and
     containsScope(result, varexpr)
   )
 }
 
-Expression getAllSubExpressions(Expression expr)
+Expr getAllSubExpressions(Expr expr)
 {
   result = expr or
   result = getAllSubExpressions(expr.(ArrayLiteral).getAnElement()) or
-  result = getAllSubExpressions(expr.(ArrayExpression).getStatementBlock().getAStatement().(Pipeline).getAComponent().(CommandExpression).getExpression())
+  result = getAllSubExpressions(expr.(ArrayExpr).getStatementBlock().getAStatement().(Pipeline).getAComponent().(CmdExpr).getExpr())
 }
 
-Expression dangerousCommandElement(Command command)
+Expr dangerousCommandElement(Cmd command)
 {
   (
     command.getKind() = 28 or
@@ -60,15 +60,15 @@ Expression dangerousCommandElement(Command command)
   result = getAllSubExpressions(command.getAnElement())
 }
 
-from Expression commandarg, VariableExpression unknownDeclaration
+from Expr commandarg, VarAccess unknownDeclaration
 where
-  exists(Command command |
+  exists(Cmd command |
     (
       unknownDeclaration = getNonConstantVariableAssignment(commandarg) or
       unknownDeclaration = getParameterWithVariableScope(commandarg)
     )
     and
     commandarg = dangerousCommandElement(command)
   )
-select commandarg.(VariableExpression).getLocation(), "Unsafe flow to command argument from $@.",
+select commandarg.(VarAccess).getLocation(), "Unsafe flow to command argument from $@.",
   unknownDeclaration, unknownDeclaration.getUserPath()

Original file line number	Diff line number	Diff line change
`@@ -10,48 +10,48 @@`
`10`	`10`
`11`	`11`	`import powershell`
`12`	`12`
`13`		`-predicate containsScope(VariableExpression outer, VariableExpression inner) {`
	`13`	`+predicate containsScope(VarAccess outer, VarAccess inner) {`
`14`	`14`	`outer.getUserPath() = inner.getUserPath() and`
`15`	`15`	`outer != inner`
`16`	`16`	`}`
`17`	`17`
`18`		`-predicate constantTernaryExpression(TernaryExpression ternary) {`
	`18`	`+predicate constantTernaryExpression(ConditionalExpr ternary) {`
`19`	`19`	`onlyConstantExpressions(ternary.getIfTrue()) and onlyConstantExpressions(ternary.getIfFalse())`
`20`	`20`	`}`
`21`	`21`
`22`		`-predicate constantBinaryExpression(BinaryExpression binary) {`
`23`		`- onlyConstantExpressions(binary.getLeftHandSide()) and onlyConstantExpressions(binary.getRightHandSide())`
	`22`	`+predicate constantBinaryExpression(BinaryExpr binary) {`
	`23`	`+ onlyConstantExpressions(binary.getLeft()) and onlyConstantExpressions(binary.getRight())`
`24`	`24`	`}`
`25`	`25`
`26`		`-predicate onlyConstantExpressions(Expression expr){`
`27`		`- expr instanceof StringConstantExpression or constantBinaryExpression(expr) or constantTernaryExpression(expr)`
	`26`	`+predicate onlyConstantExpressions(Expr expr){`
	`27`	`+ expr instanceof StringConstExpression or constantBinaryExpression(expr) or constantTernaryExpression(expr)`
`28`	`28`	`}`
`29`	`29`
`30`		`-VariableExpression getNonConstantVariableAssignment(VariableExpression varexpr) {`
	`30`	`+VarAccess getNonConstantVariableAssignment(VarAccess varexpr) {`
`31`	`31`	`(`
`32`		`- exists(AssignmentStatement assignment \|`
`33`		`- not onlyConstantExpressions(assignment.getRightHandSide().(CommandExpression).getExpression()) and`
	`32`	`+ exists(AssignStmt assignment \|`
	`33`	`+ not onlyConstantExpressions(assignment.getRightHandSide().(CmdExpr).getExpr()) and`
`34`	`34`	`result = assignment.getLeftHandSide()`
`35`	`35`	`)`
`36`	`36`	`) and`
`37`	`37`	`containsScope(result, varexpr)`
`38`	`38`	`}`
`39`	`39`
`40`		`-VariableExpression getParameterWithVariableScope(VariableExpression varexpr) {`
	`40`	`+VarAccess getParameterWithVariableScope(VarAccess varexpr) {`
`41`	`41`	`exists(Parameter parameter \|`
`42`	`42`	`result = parameter.getName() and`
`43`	`43`	`containsScope(result, varexpr)`
`44`	`44`	`)`
`45`	`45`	`}`
`46`	`46`
`47`		`-Expression getAllSubExpressions(Expression expr)`
	`47`	`+Expr getAllSubExpressions(Expr expr)`
`48`	`48`	`{`
`49`	`49`	`result = expr or`
`50`	`50`	`result = getAllSubExpressions(expr.(ArrayLiteral).getAnElement()) or`
`51`		`- result = getAllSubExpressions(expr.(ArrayExpression).getStatementBlock().getAStatement().(Pipeline).getAComponent().(CommandExpression).getExpression())`
	`51`	`+ result = getAllSubExpressions(expr.(ArrayExpr).getStatementBlock().getAStatement().(Pipeline).getAComponent().(CmdExpr).getExpr())`
`52`	`52`	`}`
`53`	`53`
`54`		`-Expression dangerousCommandElement(Command command)`
	`54`	`+Expr dangerousCommandElement(Cmd command)`
`55`	`55`	`{`
`56`	`56`	`(`
`57`	`57`	`command.getKind() = 28 or`
`@@ -60,15 +60,15 @@ Expression dangerousCommandElement(Command command)`
`60`	`60`	`result = getAllSubExpressions(command.getAnElement())`
`61`	`61`	`}`
`62`	`62`
`63`		`-from Expression commandarg, VariableExpression unknownDeclaration`
	`63`	`+from Expr commandarg, VarAccess unknownDeclaration`
`64`	`64`	`where`
`65`		`- exists(Command command \|`
	`65`	`+ exists(Cmd command \|`
`66`	`66`	`(`
`67`	`67`	`unknownDeclaration = getNonConstantVariableAssignment(commandarg) or`
`68`	`68`	`unknownDeclaration = getParameterWithVariableScope(commandarg)`
`69`	`69`	`)`
`70`	`70`	`and`
`71`	`71`	`commandarg = dangerousCommandElement(command)`
`72`	`72`	`)`
`73`		`-select commandarg.(VariableExpression).getLocation(), "Unsafe flow to command argument from $@.",`
	`73`	`+select commandarg.(VarAccess).getLocation(), "Unsafe flow to command argument from $@.",`
`74`	`74`	`unknownDeclaration, unknownDeclaration.getUserPath()`