PS: Fix missing AST child.

MathiasVP · MathiasVP · commit 398d27b779e0 · 2025-07-07T19:15:18.000+01:00
diff --git a/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/ChildIndex.qll b/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/ChildIndex.qll
@@ -14,6 +14,7 @@ newtype ChildIndex =
   CatchClauseBody() or
   CatchClauseType(int i) { exists(any(CatchClause c).getCatchType(i)) } or
   CmdElement_(int i) { exists(any(Cmd cmd).getElement(i)) } or // TODO: Get rid of this?
+  CmdParameterExpr() or
   CmdCallee() or
   CmdRedirection(int i) { exists(any(Cmd cmd).getRedirection(i)) } or
   CmdExprExpr() or
@@ -127,6 +128,8 @@ string stringOfChildIndex(ChildIndex i) {
   or
   i = CmdElement_(_) and result = "CmdElement"
   or
+  i = CmdParameterExpr() and result = "CmdParameterExpr"
+  or
   i = CmdCallee() and result = "CmdCallee"
   or
   i = CmdRedirection(_) and result = "CmdRedirection"
diff --git a/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/CommandParameter.qll b/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/CommandParameter.qll
@@ -5,8 +5,11 @@ class CmdParameter extends @command_parameter, CmdElement {
 
   string getName() { command_parameter(this, result) }
 
-  Ast getExpr() {
-    command_parameter_argument(this, result)
+  Ast getExpr() { command_parameter_argument(this, result) }
+
+  final override Ast getChild(ChildIndex i) {
+    i instanceof CmdParameterExpr and
+    result = this.getExpr()
   }
 
   Cmd getCmd() { result.getElement(_) = this }
diff --git a/powershell/ql/test/query-tests/security/cwe-250/InsecureExecutionPolicy.expected b/powershell/ql/test/query-tests/security/cwe-250/InsecureExecutionPolicy.expected
@@ -1,2 +1,3 @@
 | test.ps1:1:1:1:33 | Call to set-executionpolicy | Insecure use of 'Set-ExecutionPolicy'. |
 | test.ps1:5:1:5:54 | Call to set-executionpolicy | Insecure use of 'Set-ExecutionPolicy'. |
+| test.ps1:7:1:7:39 | Call to set-executionpolicy | Insecure use of 'Set-ExecutionPolicy'. |
diff --git a/powershell/ql/test/query-tests/security/cwe-250/test.ps1 b/powershell/ql/test/query-tests/security/cwe-250/test.ps1
@@ -4,7 +4,7 @@ Set-ExecutionPolicy Bypass -Scope Process -Force # GOOD
 Set-ExecutionPolicy RemoteSigned -Scope Process -Force # GOOD
 Set-ExecutionPolicy Bypass -Scope MachinePolicy -Force # BAD
 
-Set-ExecutionPolicy Bypass -Force:$true # BAD [NOT DETECTED]
+Set-ExecutionPolicy Bypass -Force:$true # BAD
 Set-ExecutionPolicy Bypass -Force:$false # GOOD
 
 Set-ExecutionPolicy Bypass # GOOD

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
`1`	`1`	`\| test.ps1:1:1:1:33 \| Call to set-executionpolicy \| Insecure use of 'Set-ExecutionPolicy'. \|`
`2`	`2`	`\| test.ps1:5:1:5:54 \| Call to set-executionpolicy \| Insecure use of 'Set-ExecutionPolicy'. \|`
	`3`	`+\| test.ps1:7:1:7:39 \| Call to set-executionpolicy \| Insecure use of 'Set-ExecutionPolicy'. \|`