PS: Add false negative.

MathiasVP · MathiasVP · commit 670ad745ca9a · 2025-07-16T14:32:42.000+01:00
diff --git a/powershell/ql/test/query-tests/security/cwe-078/CommandInjection/test.ps1 b/powershell/ql/test/query-tests/security/cwe-078/CommandInjection/test.ps1
@@ -213,4 +213,6 @@ function false-positive-in-call-operator($d)
 {
     $o = Read-Host "enter input"
     & unzip -o "$o" -d $d # GOOD
+
+    . "$o" # BAD [NOT DETECTED]
 }

Original file line number	Diff line number	Diff line change
`@@ -213,4 +213,6 @@ function false-positive-in-call-operator($d)`
`213`	`213`	`{`
`214`	`214`	`$o = Read-Host "enter input"`
`215`	`215`	`& unzip -o "$o" -d $d # GOOD`
	`216`	`+`
	`217`	`+ . "$o" # BAD [NOT DETECTED]`
`216`	`218`	`}`