PS: Implicitly read any element content at sinks when doing taint flow.

Author: MathiasVP

powershell/ql/lib/semmle/code/powershell/dataflow/internal/TaintTrackingPrivate.qll

@@ -15,7 +15,10 @@ predicate defaultTaintSanitizer(DataFlow::Node node) { none() }
  * of `c` at sinks and inputs to additional taint steps.
  */
 bindingset[node]
-predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { none() }
+predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) {
+  node instanceof ArgumentNode and
+  c.isAnyElement()
+}
 
 cached
 private module Cached {