Skip to content

Commit 71fec26

Browse files
MathiasVPMathiasVP
committed
PS: Lower case all parameter types.
1 parent f9c3bde commit 71fec26

File tree

5 files changed

+4
-76
lines changed

5 files changed

+4
-76
lines changed

powershell/ql/lib/semmle/code/powershell/ast/internal/ObjectCreation.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ class DotNetObjectCreation extends AbstractObjectCreation, CmdCall {
3131
DotNetObjectCreation() { this.getLowerCaseName() = "new-object" }
3232

3333
final override string getConstructedTypeName() {
34-
result = this.getConstructedTypeExpr().(StringConstExpr).getValueString()
34+
result = this.getConstructedTypeExpr().(StringConstExpr).getValueString().toLowerCase()
3535
}
3636

3737
final override Expr getConstructedTypeExpr() {

powershell/ql/lib/semmle/code/powershell/ast/internal/Synthesis.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -345,7 +345,7 @@ private module ParameterSynth {
345345
// has a static type.
346346
this.parameter(parent, i, p, _) and
347347
n = TVariableSynth(parent, i) and
348-
type = p.getStaticType()
348+
type = p.getStaticType().toLowerCase()
349349
)
350350
}
351351
}

powershell/ql/lib/semmle/code/powershell/ast/internal/TypeExpression.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ class TypeNameExpr extends Expr, TTypeNameExpr {
1717
string getName() { this.parseName(_, result) }
1818

1919
/** If any */
20-
string getPossiblyQualifiedName() { result = getRawAst(this).(Raw::TypeNameExpr).getName() }
20+
string getPossiblyQualifiedName() { result = getRawAst(this).(Raw::TypeNameExpr).getName().toLowerCase() }
2121

2222
// TODO: What to do when System is omitted?
2323
string getNamespace() { this.parseName(result, _) }

powershell/ql/lib/semmle/code/powershell/security/CommandInjectionCustomizations.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -212,7 +212,7 @@ module CommandInjection {
212212
TypedParameterSanitizer() {
213213
exists(Function f, Parameter p |
214214
p = f.getAParameter() and
215-
p.getStaticType() != "Object" and
215+
p.getStaticType() != "object" and
216216
this.asParameter() = p
217217
)
218218
}

powershell/ql/test/query-tests/security/cwe-089/SqlInjection.expected

Lines changed: 0 additions & 72 deletions
Original file line numberDiff line numberDiff line change
@@ -4,44 +4,12 @@ edges
44
| test.ps1:1:1:1:10 | userinput | test.ps1:17:24:17:76 | SELECT * FROM MyTable WHERE MyColumn = '$userinput' | provenance | |
55
| test.ps1:1:1:1:10 | userinput | test.ps1:28:24:28:76 | SELECT * FROM MyTable WHERE MyColumn = '$userinput' | provenance | |
66
| test.ps1:1:1:1:10 | userinput | test.ps1:78:13:78:22 | userinput | provenance | |
7-
| test.ps1:1:1:1:10 | userinput | test.ps1:109:22:109:31 | userinput | provenance | |
8-
| test.ps1:1:1:1:10 | userinput | test.ps1:109:33:109:42 | userinput | provenance | |
9-
| test.ps1:1:1:1:10 | userinput | test.ps1:109:44:109:53 | userinput | provenance | |
10-
| test.ps1:1:1:1:10 | userinput | test.ps1:109:55:109:64 | userinput | provenance | |
11-
| test.ps1:1:1:1:10 | userinput | test.ps1:109:66:109:75 | userinput | provenance | |
12-
| test.ps1:1:1:1:10 | userinput | test.ps1:109:77:109:86 | userinput | provenance | |
13-
| test.ps1:1:1:1:10 | userinput | test.ps1:109:88:109:97 | userinput | provenance | |
14-
| test.ps1:1:1:1:10 | userinput | test.ps1:109:99:109:108 | userinput | provenance | |
157
| test.ps1:1:14:1:45 | Call to read-host | test.ps1:1:1:1:10 | userinput | provenance | Src:MaD:0 |
168
| test.ps1:4:1:4:6 | query | test.ps1:5:72:5:77 | query | provenance | |
179
| test.ps1:8:1:8:6 | query | test.ps1:9:72:9:77 | query | provenance | |
1810
| test.ps1:72:1:72:11 | QueryConn2 [element Query] | test.ps1:81:15:81:25 | QueryConn2 | provenance | |
1911
| test.ps1:72:15:79:1 | ${...} [element Query] | test.ps1:72:1:72:11 | QueryConn2 [element Query] | provenance | |
2012
| test.ps1:78:13:78:22 | userinput | test.ps1:72:15:79:1 | ${...} [element Query] | provenance | |
21-
| test.ps1:83:31:83:37 | i | test.ps1:84:5:84:11 | query1 | provenance | |
22-
| test.ps1:83:40:83:47 | l | test.ps1:87:5:87:11 | query2 | provenance | |
23-
| test.ps1:83:50:83:58 | f | test.ps1:90:5:90:11 | query3 | provenance | |
24-
| test.ps1:83:61:83:70 | d | test.ps1:93:5:93:11 | query4 | provenance | |
25-
| test.ps1:83:73:83:85 | dec | test.ps1:96:5:96:11 | query5 | provenance | |
26-
| test.ps1:83:88:83:95 | c | test.ps1:99:5:99:11 | query6 | provenance | |
27-
| test.ps1:83:98:83:105 | b | test.ps1:102:5:102:11 | query7 | provenance | |
28-
| test.ps1:83:108:83:120 | dt | test.ps1:105:5:105:11 | query8 | provenance | |
29-
| test.ps1:84:5:84:11 | query1 | test.ps1:85:76:85:82 | query1 | provenance | |
30-
| test.ps1:87:5:87:11 | query2 | test.ps1:88:76:88:82 | query2 | provenance | |
31-
| test.ps1:90:5:90:11 | query3 | test.ps1:91:76:91:82 | query3 | provenance | |
32-
| test.ps1:93:5:93:11 | query4 | test.ps1:94:76:94:82 | query4 | provenance | |
33-
| test.ps1:96:5:96:11 | query5 | test.ps1:97:76:97:82 | query5 | provenance | |
34-
| test.ps1:99:5:99:11 | query6 | test.ps1:100:76:100:82 | query6 | provenance | |
35-
| test.ps1:102:5:102:11 | query7 | test.ps1:103:76:103:82 | query7 | provenance | |
36-
| test.ps1:105:5:105:11 | query8 | test.ps1:106:76:106:82 | query8 | provenance | |
37-
| test.ps1:109:22:109:31 | userinput | test.ps1:83:31:83:37 | i | provenance | |
38-
| test.ps1:109:33:109:42 | userinput | test.ps1:83:40:83:47 | l | provenance | |
39-
| test.ps1:109:44:109:53 | userinput | test.ps1:83:50:83:58 | f | provenance | |
40-
| test.ps1:109:55:109:64 | userinput | test.ps1:83:61:83:70 | d | provenance | |
41-
| test.ps1:109:66:109:75 | userinput | test.ps1:83:73:83:85 | dec | provenance | |
42-
| test.ps1:109:77:109:86 | userinput | test.ps1:83:88:83:95 | c | provenance | |
43-
| test.ps1:109:88:109:97 | userinput | test.ps1:83:98:83:105 | b | provenance | |
44-
| test.ps1:109:99:109:108 | userinput | test.ps1:83:108:83:120 | dt | provenance | |
4513
nodes
4614
| test.ps1:1:1:1:10 | userinput | semmle.label | userinput |
4715
| test.ps1:1:14:1:45 | Call to read-host | semmle.label | Call to read-host |
@@ -55,50 +23,10 @@ nodes
5523
| test.ps1:72:15:79:1 | ${...} [element Query] | semmle.label | ${...} [element Query] |
5624
| test.ps1:78:13:78:22 | userinput | semmle.label | userinput |
5725
| test.ps1:81:15:81:25 | QueryConn2 | semmle.label | QueryConn2 |
58-
| test.ps1:83:31:83:37 | i | semmle.label | i |
59-
| test.ps1:83:40:83:47 | l | semmle.label | l |
60-
| test.ps1:83:50:83:58 | f | semmle.label | f |
61-
| test.ps1:83:61:83:70 | d | semmle.label | d |
62-
| test.ps1:83:73:83:85 | dec | semmle.label | dec |
63-
| test.ps1:83:88:83:95 | c | semmle.label | c |
64-
| test.ps1:83:98:83:105 | b | semmle.label | b |
65-
| test.ps1:83:108:83:120 | dt | semmle.label | dt |
66-
| test.ps1:84:5:84:11 | query1 | semmle.label | query1 |
67-
| test.ps1:85:76:85:82 | query1 | semmle.label | query1 |
68-
| test.ps1:87:5:87:11 | query2 | semmle.label | query2 |
69-
| test.ps1:88:76:88:82 | query2 | semmle.label | query2 |
70-
| test.ps1:90:5:90:11 | query3 | semmle.label | query3 |
71-
| test.ps1:91:76:91:82 | query3 | semmle.label | query3 |
72-
| test.ps1:93:5:93:11 | query4 | semmle.label | query4 |
73-
| test.ps1:94:76:94:82 | query4 | semmle.label | query4 |
74-
| test.ps1:96:5:96:11 | query5 | semmle.label | query5 |
75-
| test.ps1:97:76:97:82 | query5 | semmle.label | query5 |
76-
| test.ps1:99:5:99:11 | query6 | semmle.label | query6 |
77-
| test.ps1:100:76:100:82 | query6 | semmle.label | query6 |
78-
| test.ps1:102:5:102:11 | query7 | semmle.label | query7 |
79-
| test.ps1:103:76:103:82 | query7 | semmle.label | query7 |
80-
| test.ps1:105:5:105:11 | query8 | semmle.label | query8 |
81-
| test.ps1:106:76:106:82 | query8 | semmle.label | query8 |
82-
| test.ps1:109:22:109:31 | userinput | semmle.label | userinput |
83-
| test.ps1:109:33:109:42 | userinput | semmle.label | userinput |
84-
| test.ps1:109:44:109:53 | userinput | semmle.label | userinput |
85-
| test.ps1:109:55:109:64 | userinput | semmle.label | userinput |
86-
| test.ps1:109:66:109:75 | userinput | semmle.label | userinput |
87-
| test.ps1:109:77:109:86 | userinput | semmle.label | userinput |
88-
| test.ps1:109:88:109:97 | userinput | semmle.label | userinput |
89-
| test.ps1:109:99:109:108 | userinput | semmle.label | userinput |
9026
subpaths
9127
#select
9228
| test.ps1:5:72:5:77 | query | test.ps1:1:14:1:45 | Call to read-host | test.ps1:5:72:5:77 | query | This SQL query depends on a $@. | test.ps1:1:14:1:45 | Call to read-host | read from stdin |
9329
| test.ps1:9:72:9:77 | query | test.ps1:1:14:1:45 | Call to read-host | test.ps1:9:72:9:77 | query | This SQL query depends on a $@. | test.ps1:1:14:1:45 | Call to read-host | read from stdin |
9430
| test.ps1:17:24:17:76 | SELECT * FROM MyTable WHERE MyColumn = '$userinput' | test.ps1:1:14:1:45 | Call to read-host | test.ps1:17:24:17:76 | SELECT * FROM MyTable WHERE MyColumn = '$userinput' | This SQL query depends on a $@. | test.ps1:1:14:1:45 | Call to read-host | read from stdin |
9531
| test.ps1:28:24:28:76 | SELECT * FROM MyTable WHERE MyColumn = '$userinput' | test.ps1:1:14:1:45 | Call to read-host | test.ps1:28:24:28:76 | SELECT * FROM MyTable WHERE MyColumn = '$userinput' | This SQL query depends on a $@. | test.ps1:1:14:1:45 | Call to read-host | read from stdin |
9632
| test.ps1:81:15:81:25 | QueryConn2 | test.ps1:1:14:1:45 | Call to read-host | test.ps1:81:15:81:25 | QueryConn2 | This SQL query depends on a $@. | test.ps1:1:14:1:45 | Call to read-host | read from stdin |
97-
| test.ps1:85:76:85:82 | query1 | test.ps1:1:14:1:45 | Call to read-host | test.ps1:85:76:85:82 | query1 | This SQL query depends on a $@. | test.ps1:1:14:1:45 | Call to read-host | read from stdin |
98-
| test.ps1:88:76:88:82 | query2 | test.ps1:1:14:1:45 | Call to read-host | test.ps1:88:76:88:82 | query2 | This SQL query depends on a $@. | test.ps1:1:14:1:45 | Call to read-host | read from stdin |
99-
| test.ps1:91:76:91:82 | query3 | test.ps1:1:14:1:45 | Call to read-host | test.ps1:91:76:91:82 | query3 | This SQL query depends on a $@. | test.ps1:1:14:1:45 | Call to read-host | read from stdin |
100-
| test.ps1:94:76:94:82 | query4 | test.ps1:1:14:1:45 | Call to read-host | test.ps1:94:76:94:82 | query4 | This SQL query depends on a $@. | test.ps1:1:14:1:45 | Call to read-host | read from stdin |
101-
| test.ps1:97:76:97:82 | query5 | test.ps1:1:14:1:45 | Call to read-host | test.ps1:97:76:97:82 | query5 | This SQL query depends on a $@. | test.ps1:1:14:1:45 | Call to read-host | read from stdin |
102-
| test.ps1:100:76:100:82 | query6 | test.ps1:1:14:1:45 | Call to read-host | test.ps1:100:76:100:82 | query6 | This SQL query depends on a $@. | test.ps1:1:14:1:45 | Call to read-host | read from stdin |
103-
| test.ps1:103:76:103:82 | query7 | test.ps1:1:14:1:45 | Call to read-host | test.ps1:103:76:103:82 | query7 | This SQL query depends on a $@. | test.ps1:1:14:1:45 | Call to read-host | read from stdin |
104-
| test.ps1:106:76:106:82 | query8 | test.ps1:1:14:1:45 | Call to read-host | test.ps1:106:76:106:82 | query8 | This SQL query depends on a $@. | test.ps1:1:14:1:45 | Call to read-host | read from stdin |

0 commit comments

Comments
 (0)