Skip to content

Commit f882af9

Browse files
chanel-ychanel-y
committed
update to invokesink
1 parent 64bc3ed commit f882af9

File tree

3 files changed

+4
-17
lines changed

3 files changed

+4
-17
lines changed

powershell/ql/lib/semmle/code/powershell/security/CommandInjectionCustomizations.qll

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -142,9 +142,9 @@ module CommandInjection {
142142
class InvokeSink extends Sink {
143143
InvokeSink() {
144144
exists(InvokeMemberExpr ie |
145-
this.asExpr().getExpr() = ie.getCallee() or
146-
this.asExpr().getExpr() = ie.getQualifier().getAChild*()
147-
)
145+
this.asExpr().getExpr() = ie.getCallee() or
146+
this.asExpr().getExpr() = ie.getQualifier()
147+
)
148148
}
149149

150150
override string getSinkType() { result = "call to Invoke" }

powershell/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected

Lines changed: 0 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,7 @@ edges
33
| test.ps1:9:11:9:20 | userinput | test.ps1:10:9:10:38 | Get-Process -Name $UserInput | provenance | |
44
| test.ps1:15:11:15:20 | userinput | test.ps1:16:50:16:79 | Get-Process -Name $UserInput | provenance | |
55
| test.ps1:21:11:21:20 | userinput | test.ps1:22:41:22:70 | Get-Process -Name $UserInput | provenance | |
6-
| test.ps1:21:11:21:20 | userinput | test.ps1:22:60:22:69 | UserInput | provenance | |
76
| test.ps1:27:11:27:20 | userinput | test.ps1:28:38:28:67 | Get-Process -Name $UserInput | provenance | |
8-
| test.ps1:27:11:27:20 | userinput | test.ps1:28:57:28:66 | UserInput | provenance | |
97
| test.ps1:33:11:33:20 | userinput | test.ps1:34:14:34:46 | public class Foo { $UserInput } | provenance | |
108
| test.ps1:39:11:39:20 | userinput | test.ps1:40:30:40:62 | public class Foo { $UserInput } | provenance | |
119
| test.ps1:45:11:45:20 | userinput | test.ps1:48:30:48:34 | code | provenance | |
@@ -16,7 +14,6 @@ edges
1614
| test.ps1:104:11:104:20 | userinput | test.ps1:108:58:108:87 | Get-Process -Name $UserInput | provenance | |
1715
| test.ps1:114:11:114:20 | userinput | test.ps1:116:34:116:43 | UserInput | provenance | |
1816
| test.ps1:121:11:121:20 | userinput | test.ps1:123:28:123:37 | UserInput | provenance | |
19-
| test.ps1:128:11:128:20 | userinput | test.ps1:130:28:130:37 | UserInput | provenance | |
2017
| test.ps1:136:11:136:20 | userinput | test.ps1:139:50:139:59 | UserInput | provenance | |
2118
| test.ps1:144:11:144:20 | userinput | test.ps1:147:63:147:72 | UserInput | provenance | |
2219
| test.ps1:152:10:152:32 | Call to read-host | test.ps1:154:46:154:51 | input | provenance | Src:MaD:0 |
@@ -34,7 +31,6 @@ edges
3431
| test.ps1:152:10:152:32 | Call to read-host | test.ps1:167:41:167:46 | input | provenance | Src:MaD:0 |
3532
| test.ps1:152:10:152:32 | Call to read-host | test.ps1:168:36:168:41 | input | provenance | Src:MaD:0 |
3633
| test.ps1:152:10:152:32 | Call to read-host | test.ps1:169:36:169:41 | input | provenance | Src:MaD:0 |
37-
| test.ps1:152:10:152:32 | Call to read-host | test.ps1:170:36:170:41 | input | provenance | Src:MaD:0 |
3834
| test.ps1:152:10:152:32 | Call to read-host | test.ps1:172:42:172:47 | input | provenance | Src:MaD:0 |
3935
| test.ps1:152:10:152:32 | Call to read-host | test.ps1:173:42:173:47 | input | provenance | Src:MaD:0 |
4036
| test.ps1:154:46:154:51 | input | test.ps1:3:11:3:20 | userinput | provenance | |
@@ -52,7 +48,6 @@ edges
5248
| test.ps1:167:41:167:46 | input | test.ps1:104:11:104:20 | userinput | provenance | |
5349
| test.ps1:168:36:168:41 | input | test.ps1:114:11:114:20 | userinput | provenance | |
5450
| test.ps1:169:36:169:41 | input | test.ps1:121:11:121:20 | userinput | provenance | |
55-
| test.ps1:170:36:170:41 | input | test.ps1:128:11:128:20 | userinput | provenance | |
5651
| test.ps1:172:42:172:47 | input | test.ps1:136:11:136:20 | userinput | provenance | |
5752
| test.ps1:173:42:173:47 | input | test.ps1:144:11:144:20 | userinput | provenance | |
5853
nodes
@@ -64,10 +59,8 @@ nodes
6459
| test.ps1:16:50:16:79 | Get-Process -Name $UserInput | semmle.label | Get-Process -Name $UserInput |
6560
| test.ps1:21:11:21:20 | userinput | semmle.label | userinput |
6661
| test.ps1:22:41:22:70 | Get-Process -Name $UserInput | semmle.label | Get-Process -Name $UserInput |
67-
| test.ps1:22:60:22:69 | UserInput | semmle.label | UserInput |
6862
| test.ps1:27:11:27:20 | userinput | semmle.label | userinput |
6963
| test.ps1:28:38:28:67 | Get-Process -Name $UserInput | semmle.label | Get-Process -Name $UserInput |
70-
| test.ps1:28:57:28:66 | UserInput | semmle.label | UserInput |
7164
| test.ps1:33:11:33:20 | userinput | semmle.label | userinput |
7265
| test.ps1:34:14:34:46 | public class Foo { $UserInput } | semmle.label | public class Foo { $UserInput } |
7366
| test.ps1:39:11:39:20 | userinput | semmle.label | userinput |
@@ -88,8 +81,6 @@ nodes
8881
| test.ps1:116:34:116:43 | UserInput | semmle.label | UserInput |
8982
| test.ps1:121:11:121:20 | userinput | semmle.label | userinput |
9083
| test.ps1:123:28:123:37 | UserInput | semmle.label | UserInput |
91-
| test.ps1:128:11:128:20 | userinput | semmle.label | userinput |
92-
| test.ps1:130:28:130:37 | UserInput | semmle.label | UserInput |
9384
| test.ps1:136:11:136:20 | userinput | semmle.label | userinput |
9485
| test.ps1:139:50:139:59 | UserInput | semmle.label | UserInput |
9586
| test.ps1:144:11:144:20 | userinput | semmle.label | userinput |
@@ -110,7 +101,6 @@ nodes
110101
| test.ps1:167:41:167:46 | input | semmle.label | input |
111102
| test.ps1:168:36:168:41 | input | semmle.label | input |
112103
| test.ps1:169:36:169:41 | input | semmle.label | input |
113-
| test.ps1:170:36:170:41 | input | semmle.label | input |
114104
| test.ps1:172:42:172:47 | input | semmle.label | input |
115105
| test.ps1:173:42:173:47 | input | semmle.label | input |
116106
subpaths
@@ -119,9 +109,7 @@ subpaths
119109
| test.ps1:10:9:10:38 | Get-Process -Name $UserInput | test.ps1:152:10:152:32 | Call to read-host | test.ps1:10:9:10:38 | Get-Process -Name $UserInput | This command depends on a $@. | test.ps1:152:10:152:32 | Call to read-host | user-provided value |
120110
| test.ps1:16:50:16:79 | Get-Process -Name $UserInput | test.ps1:152:10:152:32 | Call to read-host | test.ps1:16:50:16:79 | Get-Process -Name $UserInput | This command depends on a $@. | test.ps1:152:10:152:32 | Call to read-host | user-provided value |
121111
| test.ps1:22:41:22:70 | Get-Process -Name $UserInput | test.ps1:152:10:152:32 | Call to read-host | test.ps1:22:41:22:70 | Get-Process -Name $UserInput | This command depends on a $@. | test.ps1:152:10:152:32 | Call to read-host | user-provided value |
122-
| test.ps1:22:60:22:69 | UserInput | test.ps1:152:10:152:32 | Call to read-host | test.ps1:22:60:22:69 | UserInput | This command depends on a $@. | test.ps1:152:10:152:32 | Call to read-host | user-provided value |
123112
| test.ps1:28:38:28:67 | Get-Process -Name $UserInput | test.ps1:152:10:152:32 | Call to read-host | test.ps1:28:38:28:67 | Get-Process -Name $UserInput | This command depends on a $@. | test.ps1:152:10:152:32 | Call to read-host | user-provided value |
124-
| test.ps1:28:57:28:66 | UserInput | test.ps1:152:10:152:32 | Call to read-host | test.ps1:28:57:28:66 | UserInput | This command depends on a $@. | test.ps1:152:10:152:32 | Call to read-host | user-provided value |
125113
| test.ps1:34:14:34:46 | public class Foo { $UserInput } | test.ps1:152:10:152:32 | Call to read-host | test.ps1:34:14:34:46 | public class Foo { $UserInput } | This command depends on a $@. | test.ps1:152:10:152:32 | Call to read-host | user-provided value |
126114
| test.ps1:40:30:40:62 | public class Foo { $UserInput } | test.ps1:152:10:152:32 | Call to read-host | test.ps1:40:30:40:62 | public class Foo { $UserInput } | This command depends on a $@. | test.ps1:152:10:152:32 | Call to read-host | user-provided value |
127115
| test.ps1:48:30:48:34 | code | test.ps1:152:10:152:32 | Call to read-host | test.ps1:48:30:48:34 | code | This command depends on a $@. | test.ps1:152:10:152:32 | Call to read-host | user-provided value |
@@ -132,6 +120,5 @@ subpaths
132120
| test.ps1:108:58:108:87 | Get-Process -Name $UserInput | test.ps1:152:10:152:32 | Call to read-host | test.ps1:108:58:108:87 | Get-Process -Name $UserInput | This command depends on a $@. | test.ps1:152:10:152:32 | Call to read-host | user-provided value |
133121
| test.ps1:116:34:116:43 | UserInput | test.ps1:152:10:152:32 | Call to read-host | test.ps1:116:34:116:43 | UserInput | This command depends on a $@. | test.ps1:152:10:152:32 | Call to read-host | user-provided value |
134122
| test.ps1:123:28:123:37 | UserInput | test.ps1:152:10:152:32 | Call to read-host | test.ps1:123:28:123:37 | UserInput | This command depends on a $@. | test.ps1:152:10:152:32 | Call to read-host | user-provided value |
135-
| test.ps1:130:28:130:37 | UserInput | test.ps1:152:10:152:32 | Call to read-host | test.ps1:130:28:130:37 | UserInput | This command depends on a $@. | test.ps1:152:10:152:32 | Call to read-host | user-provided value |
136123
| test.ps1:139:50:139:59 | UserInput | test.ps1:152:10:152:32 | Call to read-host | test.ps1:139:50:139:59 | UserInput | This command depends on a $@. | test.ps1:152:10:152:32 | Call to read-host | user-provided value |
137124
| test.ps1:147:63:147:72 | UserInput | test.ps1:152:10:152:32 | Call to read-host | test.ps1:147:63:147:72 | UserInput | This command depends on a $@. | test.ps1:152:10:152:32 | Call to read-host | user-provided value |

powershell/ql/test/query-tests/security/cwe-078/CommandInjection/test.ps1

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -123,14 +123,14 @@ function Invoke-MethodInjection2
123123
(Get-Process -Id $pid).$UserInput()
124124
}
125125

126+
#TODO: currently a FN
126127
function Invoke-MethodInjection3
127128
{
128129
param($UserInput)
129130

130131
(Get-Process -Id $pid).$UserInput.Invoke()
131132
}
132133

133-
#TODO: currently a FN
134134
function Invoke-ExpandStringInjection1
135135
{
136136
param($UserInput)

0 commit comments

Comments
 (0)