Skip to content

PS: Handle more flow sources #200

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Apr 16, 2025
Merged

PS: Handle more flow sources #200

merged 11 commits into from
Apr 16, 2025

Conversation

MathiasVP
Copy link
Collaborator

@MathiasVP MathiasVP commented Apr 10, 2025
edited
Loading

This PR does a couple of things to add more flow sources to PowerShell:

  • It adds a Stored.qll file containing a subclass of local flow sources that represents file reads. It turns out we already have some flow sources belonging to this kind since we stole them from C#:

    codeql/powershell/ql/lib/semmle/code/powershell/frameworks/SystemIOFile/model.yml

    Line 10 in 1637df0

    - ["system.io.file!", "Method[Open].ReturnValue", "file"]
    . We just didn't have a QL class to make them part of SourceNode 😅

  • Then, I also discovered two sources of user flow recently. For example, Select-XML, which can read user input when given an -Path argument. So this PR also adds MaD syntax for specifying "the return value of a call when there is a specific named argument". After adding this functionality, this PR also models calls to Select-XML and Format-Hex as remote flow sources of this kind.

  • It fixes a bunch of incorrect models for flow sources. I had incorrectly marked some of them as static method calls, where they should have been non-static method calls.

  • Field/Propertys should have been Member all along in the type models. I've done a mass-renaming to fix this. I've also made all the method names lower-case.

  • It adds testcases for all the currently flow sources. Most of the above fixes are motivated by these tests which were written by a combination of me and Bing 😅

@MathiasVP MathiasVP changed the title Files reads as flow sources PS: Files reads as flow sources Apr 10, 2025
@MathiasVP MathiasVP changed the title PS: Files reads as flow sources PS: Handle more flow sources Apr 15, 2025
@MathiasVP MathiasVP marked this pull request as draft April 15, 2025 17:16
@MathiasVP MathiasVP force-pushed the files-reads-as-flow-sources branch from f3351e3 to 396a283 Compare April 15, 2025 21:47
@MathiasVP MathiasVP marked this pull request as ready for review April 15, 2025 21:48
chanel-y
chanel-y approved these changes Apr 16, 2025
View reviewed changes
Copy link

@chanel-y chanel-y left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

whoops opened the window but then forgot to approve mb

@chanel-y chanel-y merged commit c9b1356 into main Apr 16, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chanel-y chanel-y chanel-y approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MathiasVP @chanel-y