Merge pull request #207 from microsoft/switch-parameters

MathiasVP · web-flow · commit 6a5d0877c404 · 2025-04-22T16:41:40.000+01:00
PS: Proper AST support for switch arguments
diff --git a/powershell/ql/lib/semmle/code/powershell/ast/internal/Constant.qll b/powershell/ql/lib/semmle/code/powershell/ast/internal/Constant.qll
@@ -1,4 +1,5 @@
 private import AstImport
+private import codeql.util.Boolean
 
 private newtype TConstantValue =
   TConstInteger(int value) {
@@ -12,15 +13,7 @@ private newtype TConstantValue =
     )
   } or
   TConstString(string value) { exists(Raw::StringLiteral sl | sl.getValue() = value) } or
-  TConstBoolean(boolean value) {
-    exists(Raw::VarAccess va |
-      value = true and
-      va.getUserPath() = "true"
-      or
-      value = false and
-      va.getUserPath() = "false"
-    )
-  } or
+  TConstBoolean(Boolean b) or
   TNull()
 
 /** A constant value. */
@@ -61,9 +54,7 @@ class ConstInteger extends ConstantValue, TConstInteger {
 
   final override string serialize() { result = this.getValue() }
 
-  final override ConstExpr getAnExpr() {
-    result.getValueString() = this.getValue()
-  }
+  final override ConstExpr getAnExpr() { result.getValueString() = this.getValue() }
 }
 
 /** A constant floating point value. */
diff --git a/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/Command.qll b/powershell/ql/lib/semmle/code/powershell/ast/internal/Raw/Command.qll
@@ -53,9 +53,15 @@ class Cmd extends @command, CmdBase {
 
   Redirection getARedirection() { result = this.getRedirection(_) }
 
-  Expr getArgument(int i) {
+  /**
+   * Gets the `i`th argument to this command.
+   *
+   * This is either an expression, or a CmdParameter with no expression.
+   * The latter is only used to denote switch parameters.
+   */
+  CmdElement getArgument(int i) {
     result =
-      rank[i + 1](CmdElement e, Expr r, int j |
+      rank[i + 1](CmdElement e, CmdElement r, int j |
         (
           // For most commands the 0'th element is the command name ...
           j > 0
@@ -71,7 +77,25 @@ class Cmd extends @command, CmdBase {
           not e instanceof CmdParameter and
           r = e
           or
-          r = e.(CmdParameter).getExpr()
+          exists(CmdParameter p | e = p |
+            // If it has an expression, use that
+            p.getExpr() = r
+            or
+            // Otherwise, if it doesn't have an expression it's either
+            // because it's of the form (1) `-Name x`, (2) `-Name -SomethingElse`,
+            // or (3) `-Name` (with no other elements).
+            // In (1) we use `x` as the argument, and in (2) and (3) we use
+            // `-Name` as the argument.
+            not exists(p.getExpr()) and
+            (
+              this.getElement(j + 1) instanceof CmdParameter and
+              p = r
+              or
+              // Case 3
+              not exists(this.getElement(j + 1)) and
+              r = p
+            )
+          )
         )
       |
         r order by j
@@ -80,16 +104,23 @@ class Cmd extends @command, CmdBase {
 
   Expr getNamedArgument(string name) {
     exists(CmdParameter p, int index |
-      result = this.getArgument(index) and
-      p.getName() = name
+      p = this.getElement(index) and
+      p.getName().toLowerCase() = name
     |
-      p.getExpr() = result
+      result = p.getExpr()
       or
-      exists(int jndex |
-        not exists(p.getExpr()) and
-        this.getElement(jndex) = p and
-        this.getElement(jndex + 1) = result
-      )
+      not exists(p.getExpr()) and
+      // `not result instanceof CmdParameter` is implied
+      result = this.getElement(index + 1)
+    )
+  }
+
+  CmdParameter getSwitchArgument(string name) {
+    not exists(this.getNamedArgument(name)) and
+    exists(int index |
+      result = this.getElement(index) and
+      result.getName().toLowerCase() = name and
+      not exists(result.getExpr())
     )
   }
 }
diff --git a/powershell/ql/lib/semmle/code/powershell/ast/internal/Synthesis.qll b/powershell/ql/lib/semmle/code/powershell/ast/internal/Synthesis.qll
@@ -550,33 +550,49 @@ private module CmdExprRemoval {
 private module CmdArguments {
   private class CmdParameterRemoval extends Synthesis {
     override predicate child(Raw::Ast parent, ChildIndex i, Child child) {
-      exists(Raw::Expr e |
-        this.rawChild(parent, i, e) and
-        child = childRef(getResultAst(e))
+      exists(Raw::CmdElement elem | this.rawChild(parent, i, elem) |
+        elem instanceof Raw::Expr and
+        child = childRef(getResultAst(elem))
+        or
+        // By construction of `Cmd::getArgument` this `CmdParameter` does not
+        // have an expression attached to it.
+        elem instanceof Raw::CmdParameter and
+        child = SynthChild(BoolLiteralKind(true))
       )
     }
 
-    private predicate rawChild(Raw::Cmd cmd, ChildIndex i, Raw::Expr child) {
+    private predicate rawChild(Raw::Cmd cmd, ChildIndex i, Raw::CmdElement child) {
       exists(int index |
         i = cmdArgument(index) and
         child = cmd.getArgument(index)
       )
     }
 
     override predicate isNamedArgument(CmdCall call, int i, string name) {
-      exists(Raw::Cmd cmd, Raw::Expr e, Raw::CmdParameter p |
-        this.rawChild(cmd, cmdArgument(i), e) and
+      exists(Raw::Cmd cmd, Raw::CmdElement elem |
         call = getResultAst(cmd) and
-        p.getName().toLowerCase() = name
+        cmd.getArgument(i) = elem
       |
-        p.getExpr() = e
-        or
-        exists(ChildIndex j, int jndex |
-          j = cmdElement_(jndex) and
-          not exists(p.getExpr()) and
-          cmd.getChild(toRawChildIndex(j)) = p and
-          cmd.getChild(toRawChildIndex(cmdElement_(jndex + 1))) = e
-        )
+        elem = cmd.getNamedArgument(name) or cmd.getSwitchArgument(name) = elem
+      )
+    }
+
+    final override predicate isRelevant(Raw::Ast a) {
+      a instanceof Raw::CmdParameter and
+      this.rawChild(_, _, a)
+    }
+
+    final override Expr getResultAstImpl(Raw::Ast r) {
+      exists(Raw::Cmd cmd, ChildIndex i |
+        this.rawChild(cmd, i, r) and
+        result = TBoolLiteral(cmd, i)
+      )
+    }
+
+    final override predicate booleanValue(BoolLiteral b, boolean value) {
+      exists(Raw::Ast parent, ChildIndex i |
+        b = TBoolLiteral(parent, i) and
+        this.child(parent, i, SynthChild(BoolLiteralKind(value)))
       )
     }
   }
diff --git a/powershell/ql/test/library-tests/ast/Arguments/arguments.expected b/powershell/ql/test/library-tests/ast/Arguments/arguments.expected
@@ -0,0 +1,12 @@
+positionalArguments
+| arguments.ps1:1:5:1:5 | 1 | 0 |
+namedArguments
+| arguments.ps1:2:8:2:8 | 1 | x |
+| arguments.ps1:3:8:3:8 | 1 | x |
+| arguments.ps1:4:5:4:6 | true | x |
+| arguments.ps1:6:5:6:6 | true | x |
+| arguments.ps1:6:8:6:9 | true | y |
+| arguments.ps1:7:8:7:8 | 1 | x |
+| arguments.ps1:7:13:7:13 | 2 | y |
+| arguments.ps1:8:8:8:8 | 1 | x |
+| arguments.ps1:8:13:8:13 | 2 | y |
diff --git a/powershell/ql/test/library-tests/ast/Arguments/arguments.ps1 b/powershell/ql/test/library-tests/ast/Arguments/arguments.ps1
@@ -0,0 +1,8 @@
+Foo 1
+Foo -x 1
+Foo -x:1
+Foo -x
+
+Bar -x -y
+Bar -x 1 -y 2
+Bar -x:1 -y:2
diff --git a/powershell/ql/test/library-tests/ast/Arguments/arguments.ql b/powershell/ql/test/library-tests/ast/Arguments/arguments.ql
@@ -0,0 +1,5 @@
+import powershell
+
+query predicate positionalArguments(Argument a, int p) { p = a.getPosition() }
+
+query predicate namedArguments(Argument a, string name) { name = a.getName() }
diff --git a/powershell/ql/test/library-tests/ast/parent.expected b/powershell/ql/test/library-tests/ast/parent.expected
@@ -1,3 +1,36 @@
+| Arguments/arguments.ps1:1:1:1:3 | Foo | Arguments/arguments.ps1:1:1:1:5 | Call to Foo |
+| Arguments/arguments.ps1:1:1:1:5 | Call to Foo | Arguments/arguments.ps1:1:1:1:5 | [Stmt] Call to Foo |
+| Arguments/arguments.ps1:1:1:1:5 | [Stmt] Call to Foo | Arguments/arguments.ps1:1:1:8:13 | {...} |
+| Arguments/arguments.ps1:1:1:8:13 | {...} | Arguments/arguments.ps1:1:1:8:13 | toplevel function for arguments.ps1 |
+| Arguments/arguments.ps1:1:1:8:13 | {...} | Arguments/arguments.ps1:1:1:8:13 | {...} |
+| Arguments/arguments.ps1:1:5:1:5 | 1 | Arguments/arguments.ps1:1:1:1:5 | Call to Foo |
+| Arguments/arguments.ps1:2:1:2:3 | Foo | Arguments/arguments.ps1:2:1:2:8 | Call to Foo |
+| Arguments/arguments.ps1:2:1:2:8 | Call to Foo | Arguments/arguments.ps1:2:1:2:8 | [Stmt] Call to Foo |
+| Arguments/arguments.ps1:2:1:2:8 | [Stmt] Call to Foo | Arguments/arguments.ps1:1:1:8:13 | {...} |
+| Arguments/arguments.ps1:2:8:2:8 | 1 | Arguments/arguments.ps1:2:1:2:8 | Call to Foo |
+| Arguments/arguments.ps1:3:1:3:3 | Foo | Arguments/arguments.ps1:3:1:3:8 | Call to Foo |
+| Arguments/arguments.ps1:3:1:3:8 | Call to Foo | Arguments/arguments.ps1:3:1:3:8 | [Stmt] Call to Foo |
+| Arguments/arguments.ps1:3:1:3:8 | [Stmt] Call to Foo | Arguments/arguments.ps1:1:1:8:13 | {...} |
+| Arguments/arguments.ps1:3:8:3:8 | 1 | Arguments/arguments.ps1:3:1:3:8 | Call to Foo |
+| Arguments/arguments.ps1:4:1:4:3 | Foo | Arguments/arguments.ps1:4:1:4:6 | Call to Foo |
+| Arguments/arguments.ps1:4:1:4:6 | Call to Foo | Arguments/arguments.ps1:4:1:4:6 | [Stmt] Call to Foo |
+| Arguments/arguments.ps1:4:1:4:6 | [Stmt] Call to Foo | Arguments/arguments.ps1:1:1:8:13 | {...} |
+| Arguments/arguments.ps1:4:5:4:6 | true | Arguments/arguments.ps1:4:1:4:6 | Call to Foo |
+| Arguments/arguments.ps1:6:1:6:3 | Bar | Arguments/arguments.ps1:6:1:6:9 | Call to Bar |
+| Arguments/arguments.ps1:6:1:6:9 | Call to Bar | Arguments/arguments.ps1:6:1:6:9 | [Stmt] Call to Bar |
+| Arguments/arguments.ps1:6:1:6:9 | [Stmt] Call to Bar | Arguments/arguments.ps1:1:1:8:13 | {...} |
+| Arguments/arguments.ps1:6:5:6:6 | true | Arguments/arguments.ps1:6:1:6:9 | Call to Bar |
+| Arguments/arguments.ps1:6:8:6:9 | true | Arguments/arguments.ps1:6:1:6:9 | Call to Bar |
+| Arguments/arguments.ps1:7:1:7:3 | Bar | Arguments/arguments.ps1:7:1:7:13 | Call to Bar |
+| Arguments/arguments.ps1:7:1:7:13 | Call to Bar | Arguments/arguments.ps1:7:1:7:13 | [Stmt] Call to Bar |
+| Arguments/arguments.ps1:7:1:7:13 | [Stmt] Call to Bar | Arguments/arguments.ps1:1:1:8:13 | {...} |
+| Arguments/arguments.ps1:7:8:7:8 | 1 | Arguments/arguments.ps1:7:1:7:13 | Call to Bar |
+| Arguments/arguments.ps1:7:13:7:13 | 2 | Arguments/arguments.ps1:7:1:7:13 | Call to Bar |
+| Arguments/arguments.ps1:8:1:8:3 | Bar | Arguments/arguments.ps1:8:1:8:13 | Call to Bar |
+| Arguments/arguments.ps1:8:1:8:13 | Call to Bar | Arguments/arguments.ps1:8:1:8:13 | [Stmt] Call to Bar |
+| Arguments/arguments.ps1:8:1:8:13 | [Stmt] Call to Bar | Arguments/arguments.ps1:1:1:8:13 | {...} |
+| Arguments/arguments.ps1:8:8:8:8 | 1 | Arguments/arguments.ps1:8:1:8:13 | Call to Bar |
+| Arguments/arguments.ps1:8:13:8:13 | 2 | Arguments/arguments.ps1:8:1:8:13 | Call to Bar |
 | Arrays/Arrays.ps1:0:0:0:-1 | {...} | Arrays/Arrays.ps1:14:41:14:43 | @(...) |
 | Arrays/Arrays.ps1:1:1:1:7 | array1 | Arrays/Arrays.ps1:1:1:1:36 | ...=... |
 | Arrays/Arrays.ps1:1:1:1:7 | array1 | Arrays/Arrays.ps1:1:1:15:14 | {...} |
@@ -189,6 +222,8 @@
 | Expressions/ConvertWithSecureString.ps1:2:19:2:40 | ConvertTo-SecureString | Expressions/ConvertWithSecureString.ps1:2:19:2:79 | Call to ConvertTo-SecureString |
 | Expressions/ConvertWithSecureString.ps1:2:19:2:79 | Call to ConvertTo-SecureString | Expressions/ConvertWithSecureString.ps1:2:1:2:79 | ...=... |
 | Expressions/ConvertWithSecureString.ps1:2:50:2:59 | UserInput | Expressions/ConvertWithSecureString.ps1:2:19:2:79 | Call to ConvertTo-SecureString |
+| Expressions/ConvertWithSecureString.ps1:2:61:2:72 | true | Expressions/ConvertWithSecureString.ps1:2:19:2:79 | Call to ConvertTo-SecureString |
+| Expressions/ConvertWithSecureString.ps1:2:74:2:79 | true | Expressions/ConvertWithSecureString.ps1:2:19:2:79 | Call to ConvertTo-SecureString |
 | Expressions/ExpandableString.ps1:1:1:1:39 | Date: $([DateTime]::Now)\nName: $name | Expressions/ExpandableString.ps1:1:1:1:39 | [Stmt] Date: $([DateTime]::Now)\nName: $name |
 | Expressions/ExpandableString.ps1:1:1:1:39 | [Stmt] Date: $([DateTime]::Now)\nName: $name | Expressions/ExpandableString.ps1:1:1:1:39 | {...} |
 | Expressions/ExpandableString.ps1:1:1:1:39 | {...} | Expressions/ExpandableString.ps1:1:1:1:39 | toplevel function for ExpandableString.ps1 |
@@ -199,6 +234,14 @@
 | Expressions/ExpandableString.ps1:1:23:1:37 | [Stmt] Now | Expressions/ExpandableString.ps1:1:23:1:37 | {...} |
 | Expressions/ExpandableString.ps1:1:23:1:37 | {...} | Expressions/ExpandableString.ps1:1:21:1:38 | $(...) |
 | Expressions/ExpandableString.ps1:1:35:1:37 | Now | Expressions/ExpandableString.ps1:1:23:1:37 | Now |
+| Expressions/MemberExpression.ps1:1:1:2:14 | [synth] pipeline | Expressions/MemberExpression.ps1:1:1:2:14 | {...} |
+| Expressions/MemberExpression.ps1:1:1:2:14 | {...} | Expressions/MemberExpression.ps1:1:1:2:14 | toplevel function for MemberExpression.ps1 |
+| Expressions/MemberExpression.ps1:1:1:2:14 | {...} | Expressions/MemberExpression.ps1:1:1:2:14 | {...} |
+| Expressions/MemberExpression.ps1:1:7:1:8 | x | Expressions/MemberExpression.ps1:1:1:2:14 | {...} |
+| Expressions/MemberExpression.ps1:2:1:2:10 | DateTime | Expressions/MemberExpression.ps1:2:1:2:14 | ... |
+| Expressions/MemberExpression.ps1:2:1:2:14 | ... | Expressions/MemberExpression.ps1:2:1:2:14 | [Stmt] ... |
+| Expressions/MemberExpression.ps1:2:1:2:14 | [Stmt] ... | Expressions/MemberExpression.ps1:1:1:2:14 | {...} |
+| Expressions/MemberExpression.ps1:2:13:2:14 | x | Expressions/MemberExpression.ps1:2:1:2:14 | ... |
 | Expressions/SubExpression.ps1:1:1:1:11 | $(...) | Expressions/SubExpression.ps1:1:1:1:23 | Call to AddDays |
 | Expressions/SubExpression.ps1:1:1:1:23 | Call to AddDays | Expressions/SubExpression.ps1:1:1:1:23 | [Stmt] Call to AddDays |
 | Expressions/SubExpression.ps1:1:1:1:23 | [Stmt] Call to AddDays | Expressions/SubExpression.ps1:1:1:2:21 | {...} |
