PS: Add helper clases for index expression.

Author: MathiasVP

powershell/ql/lib/semmle/code/powershell/IndexExpr.qll

@@ -1,4 +1,5 @@
 import powershell
+private import internal.ExplicitWrite
 
 class IndexExpr extends @index_expression, Expr {
   override string toString() { result = "...[...]" }
@@ -11,3 +12,19 @@ class IndexExpr extends @index_expression, Expr {
 
   predicate isNullConditional() { index_expression(this, _, _, true) }
 }
+
+private predicate isImplicitIndexWrite(Expr e) { none() }
+
+/** An index expression that is being written to. */
+class IndexExprWrite extends IndexExpr {
+  IndexExprWrite() { isExplicitWrite(this, _) or isImplicitIndexWrite(this) }
+
+  predicate isExplicit(AssignStmt assign) { isExplicitWrite(this, assign) }
+
+  predicate isImplicit() { isImplicitIndexWrite(this) }
+}
+
+/** An index expression that is being read from. */
+class IndexExprRead extends IndexExpr {
+  IndexExprRead() { not this instanceof IndexExprWrite }
+}

powershell/ql/lib/semmle/code/powershell/VariableExpression.qll

@@ -1,4 +1,5 @@
 import powershell
+private import internal.ExplicitWrite
 
 private predicate isParameterName(@variable_expression ve) { parameter(_, ve, _, _) }
 
@@ -34,24 +35,16 @@ class VarAccess extends @variable_expression, Expr {
   Variable getVariable() { result.getAnAccess() = this }
 }
 
-private predicate isExplicitVariableWriteAccess(Expr e, AssignStmt assign) {
-  e = assign.getLeftHandSide()
-  or
-  e = any(ConvertExpr convert | isExplicitVariableWriteAccess(convert, assign)).getExpr()
-  or
-  e = any(ArrayLiteral array | isExplicitVariableWriteAccess(array, assign)).getAnElement()
-}
-
 private predicate isImplicitVariableWriteAccess(Expr e) { none() }
 
 class VarReadAccess extends VarAccess {
   VarReadAccess() { not this instanceof VarWriteAccess }
 }
 
 class VarWriteAccess extends VarAccess {
-  VarWriteAccess() { isExplicitVariableWriteAccess(this, _) or isImplicitVariableWriteAccess(this) }
+  VarWriteAccess() { isExplicitWrite(this, _) or isImplicitVariableWriteAccess(this) }
 
-  predicate isExplicit(AssignStmt assign) { isExplicitVariableWriteAccess(this, assign) }
+  predicate isExplicit(AssignStmt assign) { isExplicitWrite(this, assign) }
 
   predicate isImplicit() { isImplicitVariableWriteAccess(this) }
 }

powershell/ql/lib/semmle/code/powershell/controlflow/CfgNodes.qll

@@ -325,12 +325,41 @@ module ExprNodes {
   /** A control-flow node that wraps a `MemberExpr` expression that is being written to. */
   class MemberCfgWriteAccessNode extends MemberCfgNode {
     MemberCfgWriteAccessNode() { this.getExpr() instanceof MemberExprWriteAccess }
+
+    StmtNodes::AssignStmtCfgNode getAssignStmt() { result.getLeftHandSide() = this }
   }
 
   /** A control-flow node that wraps a `MemberExpr` expression that is being read from. */
   class MemberCfgReadAccessNode extends MemberCfgNode {
     MemberCfgReadAccessNode() { this.getExpr() instanceof MemberExprReadAccess }
   }
+
+  class IndexChildMapping extends ExprChildMapping, IndexExpr {
+    override predicate relevantChild(Ast n) { n = this.getBase() or n = this.getIndex() }
+  }
+
+  /** A control-flow node that wraps a `MemberExpr` expression. */
+  class IndexCfgNode extends ExprCfgNode {
+    override string getAPrimaryQlClass() { result = "IndexCfgNode" }
+
+    override IndexChildMapping e;
+
+    final ExprCfgNode getBase() { e.hasCfgChild(e.getBase(), this, result) }
+
+    final ExprCfgNode getIndex() { e.hasCfgChild(e.getIndex(), this, result) }
+  }
+
+  /** A control-flow node that wraps a `MemberExpr` expression that is being written to. */
+  class IndexCfgWriteNode extends IndexCfgNode {
+    IndexCfgWriteNode() { this.getExpr() instanceof IndexExprWrite }
+
+    StmtNodes::AssignStmtCfgNode getAssignStmt() { result.getLeftHandSide() = this }
+  }
+
+  /** A control-flow node that wraps a `MemberExpr` expression that is being read from. */
+  class IndexCfgReadNode extends IndexCfgNode {
+    IndexCfgReadNode() { this.getExpr() instanceof IndexExprRead }
+  }
 }
 
 module StmtNodes {

powershell/ql/lib/semmle/code/powershell/internal/ExplicitWrite.qll

@@ -0,0 +1,15 @@
+private import powershell
+
+/**
+ * Holds if `e` is written to by `assign`.
+ *
+ * Note there may be more than one `e` for which `isExplicitWrite(e, assign)`
+ * holds if the left-hand side is an array literal.
+ */
+predicate isExplicitWrite(Expr e, AssignStmt assign) {
+  e = assign.getLeftHandSide()
+  or
+  e = any(ConvertExpr convert | isExplicitWrite(convert, assign)).getExpr()
+  or
+  e = any(ArrayLiteral array | isExplicitWrite(array, assign)).getAnElement()
+}

powershell/ql/lib/semmle/code/powershell/internal/Internal.qll

@@ -1 +1,2 @@
-import Parameter
+import Parameter
+import ExplicitWrite