QHelp Fix: InsecureExecutionPolicy.qhelp#20019
Closed
ropwareJB wants to merge 1005 commits intogithub:mainfrom
Closed
QHelp Fix: InsecureExecutionPolicy.qhelp#20019ropwareJB wants to merge 1005 commits intogithub:mainfrom
ropwareJB wants to merge 1005 commits intogithub:mainfrom
Conversation
Sync Main: More Misc Bugs
Sync Main (autogenerated)
PS: Add autogenerated summary models
Sync Main Error Handling Improvement
PS: Fix a couple of missing local flow sources
…shell-injectionhunter-port
PS: Actually implement `localExprTaint`
PS: Add flow sources from `System.Net.WebClient`
…' test. We will fix that in the next commit.
…s-query PS: Add query for insecure uses of `Set-ExecutionPolicy`
PS: Add more flow sources
Manual merge upstream
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a new PowerShell extractor for CodeQL that adds comprehensive parsing and extraction capabilities for PowerShell scripts. The main purpose is to enable static analysis of PowerShell code by providing C# extraction tools and related infrastructure.
- Adds complete PowerShell extractor infrastructure including a C# .NET extraction library and standalone extraction tool
- Implements comprehensive AST parsing for PowerShell syntax elements including expressions, statements, commands, and metadata
- Provides CodeQL database schema, build scripts, and configuration files for multi-platform PowerShell analysis
Reviewed Changes
Copilot reviewed 254 out of 4160 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| powershell/extractor/* | Core PowerShell extraction library with C# entity classes for AST parsing |
| powershell/downgrades/* | Database schema versioning and upgrade infrastructure |
| powershell/build-*.ps1 | Multi-platform build scripts for Windows, Linux, and macOS |
| powershell/codeql-extractor.yml | PowerShell extractor configuration and file type definitions |
| misc/scripts/prepare-db-upgrade.sh | Updated script to include PowerShell in schema upgrade process |
| javascript/ql/lib/* | Removal of deprecated annotations from JavaScript codebase (cleanup) |
Comments suppressed due to low confidence (1)
powershell/extractor/Microsoft.Extractor.Tests/Traps.cs:182
- The property 'x' should be renamed to 'Item2' for consistency with the tuple structure used elsewhere in the method.
if (expected.Item1 is null || expected.x is null)
| <RootNamespace>Semmle.Extraction.PowerShell.Standalone</RootNamespace> | ||
| <GenerateAssemblyInfo>false</GenerateAssemblyInfo> | ||
| <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers> | ||
| <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers> |
There was a problem hiding this comment.
The RuntimeIdentifiers property is duplicated on lines 9 and 10. Remove the duplicate entry to avoid potential build configuration issues.
Suggested change
| <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Terminates an unterminated
ptag.