PS: Add tests.

microsoft · Nov 8, 2024 · b3de6a2 · b3de6a2
1 parent 40cf8dd
commit b3de6a2
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 0 deletions.
diff --git a/powershell/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected b/powershell/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.expected
@@ -0,0 +1,12 @@
+edges
+| test.ps1:1:8:1:10 | x | test.ps1:3:28:3:48 | Get-Process -Id $x | provenance |  |
+| test.ps1:5:10:5:21 | Env:MY_VAR | test.ps1:7:3:7:20 | $code --enabled | provenance |  |
+nodes
+| test.ps1:1:8:1:10 | x | semmle.label | x |
+| test.ps1:3:28:3:48 | Get-Process -Id $x | semmle.label | Get-Process -Id $x |
+| test.ps1:5:10:5:21 | Env:MY_VAR | semmle.label | Env:MY_VAR |
+| test.ps1:7:3:7:20 | $code --enabled | semmle.label | $code --enabled |
+subpaths
+#select
+| test.ps1:3:28:3:48 | Get-Process -Id $x | test.ps1:1:8:1:10 | x | test.ps1:3:28:3:48 | Get-Process -Id $x | This command depends on a $@. | test.ps1:1:8:1:10 | x | user-provided value |
+| test.ps1:7:3:7:20 | $code --enabled | test.ps1:5:10:5:21 | Env:MY_VAR | test.ps1:7:3:7:20 | $code --enabled | This command depends on a $@. | test.ps1:5:10:5:21 | Env:MY_VAR | user-provided value |
diff --git a/powershell/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.qlref b/powershell/ql/test/query-tests/security/cwe-078/CommandInjection/CommandInjection.qlref
@@ -0,0 +1 @@
+queries/security/cwe-078/CommandInjection.ql
diff --git a/powershell/ql/test/query-tests/security/cwe-078/CommandInjection/test.ps1 b/powershell/ql/test/query-tests/security/cwe-078/CommandInjection/test.ps1
@@ -0,0 +1,7 @@
+param ($x)
+
+Invoke-Expression -Command "Get-Process -Id $x" # BAD
+
+$code = "$Env:MY_VAR"
+
+& "$code --enabled" # BAD