PS: Add AST and CFG nodes for operator &.

MathiasVP · MathiasVP · commit aaa01820e024 · 2024-11-08T14:59:56.000Z
diff --git a/powershell/ql/lib/semmle/code/powershell/Command.qll b/powershell/ql/lib/semmle/code/powershell/Command.qll
@@ -1,4 +1,5 @@
 import powershell
+
 private predicate parseCommandName(Cmd cmd, string namespace, string name) {
   exists(string qualified | command(cmd, qualified, _, _, _) |
     namespace = qualified.regexpCapture("([^\\\\]+)\\\\([^\\\\]+)", 1) and
@@ -11,6 +12,7 @@ private predicate parseCommandName(Cmd cmd, string namespace, string name) {
   )
 }
 
+/** A call to a command. */
 class Cmd extends @command, CmdBase {
   override string toString() { result = "call to " + this.getQualifiedCommandName() }
 
@@ -88,3 +90,8 @@ class Cmd extends @command, CmdBase {
 
   Redirection getARedirection() { result = this.getRedirection(_) }
 }
+
+/** A call to operator `&`. */
+class CallOperator extends Cmd {
+  CallOperator() { this.getKind() = 28 }
+}
diff --git a/powershell/ql/lib/semmle/code/powershell/controlflow/CfgNodes.qll b/powershell/ql/lib/semmle/code/powershell/controlflow/CfgNodes.qll
@@ -597,6 +597,11 @@ module StmtNodes {
     final override string getName() { result = s.getCmdName().getValue().getValue() }
   }
 
+  /** A control-flow node that wraps a call to operator `&` */
+  class CallOperatorCfgNode extends CmdCfgNode {
+    CallOperatorCfgNode() { this.getStmt() instanceof CallOperator }
+  }
+
   private class AssignStmtChildMapping extends PipelineBaseChildMapping, AssignStmt {
     override predicate relevantChild(Ast n) {
       n = this.getLeftHandSide() or n = this.getRightHandSide()
diff --git a/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPublic.qll b/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPublic.qll
@@ -448,9 +448,30 @@ class CallNode extends AstNode {
 
   Node getQualifier() { result.asExpr() = call.getQualifier() }
 
+  /** Gets the i'th argument to this call. */
+  Node getArgument(int i) { result.asExpr() = call.getArgument(i) }
+
+  /** Gets the i'th positional argument to this call. */
+  Node getPositionalArgument(int i) { result.asExpr() = call.getPositionalArgument(i) }
+
+  /** Gets the argument with the name `name`, if any. */
+  Node getNamedArgument(string name) { result.asExpr() = call.getNamedArgument(name) }
+
+  /**
+   * Gets any argument of this call.
+   *
+   * Note that this predicate doesn't get the pipeline argument, if any.
+   */
+  Node getAnArgument() { result.asExpr() = call.getAnArgument() }
+
   int getNumberOfArguments() { result = call.getNumberOfArguments() }
 }
 
+/** A call to operator `&`, viwed as a node in a data flow graph. */
+class CallOperatorNode extends CallNode {
+  CallOperatorNode() { this.getCallNode() instanceof CfgNodes::StmtNodes::CallOperatorCfgNode }
+}
+
 /** A use of a type name, viewed as a node in a data flow graph. */
 class TypeNameNode extends ExprNode {
   override CfgNodes::ExprNodes::TypeNameCfgNode n;

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`import powershell`
	`2`	`+`
`2`	`3`	`private predicate parseCommandName(Cmd cmd, string namespace, string name) {`
`3`	`4`	`exists(string qualified \| command(cmd, qualified, _, _, _) \|`
`4`	`5`	`namespace = qualified.regexpCapture("([^\\\\]+)\\\\([^\\\\]+)", 1) and`
`@@ -11,6 +12,7 @@ private predicate parseCommandName(Cmd cmd, string namespace, string name) {`
`11`	`12`	`)`
`12`	`13`	`}`
`13`	`14`
	`15`	`+/** A call to a command. */`
`14`	`16`	`class Cmd extends @command, CmdBase {`
`15`	`17`	`override string toString() { result = "call to " + this.getQualifiedCommandName() }`
`16`	`18`
`@@ -88,3 +90,8 @@ class Cmd extends @command, CmdBase {`
`88`	`90`
`89`	`91`	`Redirection getARedirection() { result = this.getRedirection(_) }`
`90`	`92`	`}`
	`93`	`+`
	`94`	+/** A call to operator `&`. */
	`95`	`+class CallOperator extends Cmd {`
	`96`	`+ CallOperator() { this.getKind() = 28 }`
	`97`	`+}`