fixed tests, comments were put on wrong line ty copilot

chanel-y · chanel-y · commit ce35618f9a3d · 2026-04-17T12:41:31.000-07:00
diff --git a/powershell/ql/test/query-tests/security/UseOfReservedCmdletChar/test.ps1 b/powershell/ql/test/query-tests/security/UseOfReservedCmdletChar/test.ps1
@@ -1,2 +1,2 @@
-function MyFunction[1] # $ Alert Alert
-{...}
+function MyFunction[1]
+{...} # $ Alert Alert
diff --git a/powershell/ql/test/query-tests/security/cwe-022/test.ps1 b/powershell/ql/test/query-tests/security/cwe-022/test.ps1
@@ -3,27 +3,27 @@ Add-Type -AssemblyName System.IO.Compression.FileSystem
 $zip = [System.IO.Compression.ZipFile]::OpenRead("MyPath\to\archive.zip")
 
 foreach ($entry in $zip.Entries) {
-    $targetPath = Join-Path $extractPath $entry.FullName # $ Source
+    $targetPath = Join-Path $extractPath $entry.FullName # $ Alert
     $fullTargetPath = [System.IO.Path]::GetFullPath($targetPath)
 
-    [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $fullTargetPath) # $ Alert
+    [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $fullTargetPath) # $ Sink
 }
 
 foreach ($entry in $zip.Entries) {
-    $targetPath = Join-Path $extractPath $entry.FullName # $ Source
+    $targetPath = Join-Path $extractPath $entry.FullName # $ Alert
     $fullTargetPath = [System.IO.Path]::GetFullPath($targetPath)
 
-    $stream = [System.IO.File]::Open($fullTargetPath, 'Create') # $ Alert
+    $stream = [System.IO.File]::Open($fullTargetPath, 'Create') # $ Sink
     $entry.Open().CopyTo($stream)
     $stream.Close()
 }
 
 foreach ($entry in $zip.Entries) {
-    $targetPath = Join-Path $extractPath $entry.FullName # $ Source
+    $targetPath = Join-Path $extractPath $entry.FullName # $ Alert
     $fullTargetPath = [System.IO.Path]::GetFullPath($targetPath)
 
     $extractRoot = [System.IO.Path]::GetFullPath($extractPath)
     if ($fullTargetPath.StartsWith($extractRoot)) {
-        [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $fullTargetPath) # $ Alert
+        [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $fullTargetPath) # $ Sink
     }
 }
diff --git a/powershell/ql/test/query-tests/security/cwe-078/CommandInjection/test.ps1 b/powershell/ql/test/query-tests/security/cwe-078/CommandInjection/test.ps1
@@ -1,51 +1,51 @@
 function Invoke-InvokeExpressionInjection1
 {
     param($UserInput)
-    Invoke-Expression "Get-Process -Name $UserInput" # BAD
+    Invoke-Expression "Get-Process -Name $UserInput" # $ Alert
 }
 
 function Invoke-InvokeExpressionInjection2
 {
     param($UserInput)
-    iex "Get-Process -Name $UserInput" # BAD
+    iex "Get-Process -Name $UserInput" # $ Alert
 }
 
 function Invoke-InvokeExpressionInjection3
 {
     param($UserInput)
-    $executionContext.InvokeCommand.InvokeScript("Get-Process -Name $UserInput") # BAD
+    $executionContext.InvokeCommand.InvokeScript("Get-Process -Name $UserInput") # $ Alert
 }
 
 function Invoke-InvokeExpressionInjection4
 {
     param($UserInput)
-    $host.Runspace.CreateNestedPipeline("Get-Process -Name $UserInput", $false).Invoke() # BAD
+    $host.Runspace.CreateNestedPipeline("Get-Process -Name $UserInput", $false).Invoke() # $ Alert
 }
 
 function Invoke-InvokeExpressionInjection5
 {
     param($UserInput)
-    [PowerShell]::Create().AddScript("Get-Process -Name $UserInput").Invoke() # BAD
+    [PowerShell]::Create().AddScript("Get-Process -Name $UserInput").Invoke() # $ Alert
 }
 
 function Invoke-InvokeExpressionInjection6
 {
     param($UserInput)
-    Add-Type "public class Foo { $UserInput }" # BAD
+    Add-Type "public class Foo { $UserInput }" # $ Alert
 }
 
 function Invoke-InvokeExpressionInjection7
 {
     param($UserInput)
-    Add-Type -TypeDefinition "public class Foo { $UserInput }" # BAD
+    Add-Type -TypeDefinition "public class Foo { $UserInput }" # $ Alert
 }
 
 function Invoke-InvokeExpressionInjection8
 {
     param($UserInput)
 
     $code = "public class Foo { $UserInput }"
-    Add-Type -TypeDefinition $code # BAD
+    Add-Type -TypeDefinition $code # $ Alert
 }
 
 function Invoke-InvokeExpressionInjectionFP
@@ -72,21 +72,21 @@ function Invoke-ExploitableCommandInjection1
 {
     param($UserInput)
 
-    powershell -command "Get-Process -Name $UserInput" # BAD
+    powershell -command "Get-Process -Name $UserInput" # $ Alert
 }
 
 function Invoke-ExploitableCommandInjection2
 {
     param($UserInput)
 
-    powershell "Get-Process -Name $UserInput" # BAD
+    powershell "Get-Process -Name $UserInput" # $ Alert
 }
 
 function Invoke-ExploitableCommandInjection3
 {
     param($UserInput)
 
-    cmd /c "ping $UserInput" # BAD
+    cmd /c "ping $UserInput" # $ Alert
 }
 
 function Invoke-ScriptBlockInjection1
@@ -95,7 +95,7 @@ function Invoke-ScriptBlockInjection1
 
     ## Often used when making remote connections
 
-    $sb = [ScriptBlock]::Create("Get-Process -Name $UserInput") # BAD
+    $sb = [ScriptBlock]::Create("Get-Process -Name $UserInput") # $ Alert
     Invoke-Command RemoteServer $sb
 }
 
@@ -105,63 +105,63 @@ function Invoke-ScriptBlockInjection2
 
     ## Often used when making remote connections
 
-    $sb = $executionContext.InvokeCommand.NewScriptBlock("Get-Process -Name $UserInput") # BAD
+    $sb = $executionContext.InvokeCommand.NewScriptBlock("Get-Process -Name $UserInput") # $ Alert
     Invoke-Command RemoteServer $sb
 }
 
 function Invoke-MethodInjection1
 {
     param($UserInput)
 
-    Get-Process | Foreach-Object $UserInput # BAD
+    Get-Process | Foreach-Object $UserInput # $ Alert
 }
 
 function Invoke-MethodInjection2
 {
     param($UserInput)
 
-    (Get-Process -Id $pid).$UserInput() # BAD
+    (Get-Process -Id $pid).$UserInput() # $ Alert
 }
 
 
 function Invoke-MethodInjection3
 {
     param($UserInput)
 
-    (Get-Process -Id $pid).$UserInput.Invoke() # BAD
+    (Get-Process -Id $pid).$UserInput.Invoke() # $ Alert
 }
 
 function Invoke-ExpandStringInjection1
 {
     param($UserInput)
 
     ## Used to attempt a variable resolution
-    $executionContext.InvokeCommand.ExpandString($UserInput) # BAD
+    $executionContext.InvokeCommand.ExpandString($UserInput) # $ Alert
 }
 
 function Invoke-ExpandStringInjection2
 {
     param($UserInput)
 
     ## Used to attempt a variable resolution
-    $executionContext.SessionState.InvokeCommand.ExpandString($UserInput) # BAD
+    $executionContext.SessionState.InvokeCommand.ExpandString($UserInput) # $ Alert
 }
 
 function Invoke-InvokeExpressionInjectionCmdletBinding
 {
     [CmdletBinding()]
     param($UserInput)
-    Invoke-Expression "Get-Process -Name $UserInput" # BAD
+    Invoke-Expression "Get-Process -Name $UserInput" # $ Alert
 }
 
 function Invoke-StartProcessInjection
 {
     param($UserInput)
-    Start-Process -FilePath $UserInput # BAD
+    Start-Process -FilePath $UserInput # $ Alert
 }
 
 
-$input = Read-Host "enter input"
+$input = Read-Host "enter input" # $ Source
 
 Invoke-InvokeExpressionInjection1 -UserInput $input  
 Invoke-InvokeExpressionInjection2 -UserInput $input  
@@ -251,20 +251,20 @@ Invoke-InvokeExpressionInjectionSafe5 -UserInput $input
 
 function false-positive-in-call-operator($d)
 {
-    $o = Read-Host "enter input"
+    $o = Read-Host "enter input" # $ Source
     & unzip -o "$o" -d $d # GOOD
 
-    . "$o" # BAD
+    . "$o" # $ Alert
 }
 
 function flow-through-env-var() {
     $x = $env:foo
 
     . "$x" # GOOD # we don't consider environment vars flow sources
 
-    $input = Read-Host "enter input"
+    $input = Read-Host "enter input" # $ Source
     $env:bar = $input
 
     $y = $env:bar
-    . "$y" # BAD # but we have flow through them
+    . "$y" # $ Alert # but we have flow through them
 }

Original file line number	Diff line number	Diff line change
`@@ -1,51 +1,51 @@`
`1`	`1`	`function Invoke-InvokeExpressionInjection1`
`2`	`2`	`{`
`3`	`3`	`param($UserInput)`
`4`		`- Invoke-Expression "Get-Process -Name $UserInput" # BAD`
	`4`	`+ Invoke-Expression "Get-Process -Name $UserInput" # $ Alert`
`5`	`5`	`}`
`6`	`6`
`7`	`7`	`function Invoke-InvokeExpressionInjection2`
`8`	`8`	`{`
`9`	`9`	`param($UserInput)`
`10`		`- iex "Get-Process -Name $UserInput" # BAD`
	`10`	`+ iex "Get-Process -Name $UserInput" # $ Alert`
`11`	`11`	`}`
`12`	`12`
`13`	`13`	`function Invoke-InvokeExpressionInjection3`
`14`	`14`	`{`
`15`	`15`	`param($UserInput)`
`16`		`- $executionContext.InvokeCommand.InvokeScript("Get-Process -Name $UserInput") # BAD`
	`16`	`+ $executionContext.InvokeCommand.InvokeScript("Get-Process -Name $UserInput") # $ Alert`
`17`	`17`	`}`
`18`	`18`
`19`	`19`	`function Invoke-InvokeExpressionInjection4`
`20`	`20`	`{`
`21`	`21`	`param($UserInput)`
`22`		`- $host.Runspace.CreateNestedPipeline("Get-Process -Name $UserInput", $false).Invoke() # BAD`
	`22`	`+ $host.Runspace.CreateNestedPipeline("Get-Process -Name $UserInput", $false).Invoke() # $ Alert`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`function Invoke-InvokeExpressionInjection5`
`26`	`26`	`{`
`27`	`27`	`param($UserInput)`
`28`		`- [PowerShell]::Create().AddScript("Get-Process -Name $UserInput").Invoke() # BAD`
	`28`	`+ [PowerShell]::Create().AddScript("Get-Process -Name $UserInput").Invoke() # $ Alert`
`29`	`29`	`}`
`30`	`30`
`31`	`31`	`function Invoke-InvokeExpressionInjection6`
`32`	`32`	`{`
`33`	`33`	`param($UserInput)`
`34`		`- Add-Type "public class Foo { $UserInput }" # BAD`
	`34`	`+ Add-Type "public class Foo { $UserInput }" # $ Alert`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`function Invoke-InvokeExpressionInjection7`
`38`	`38`	`{`
`39`	`39`	`param($UserInput)`
`40`		`- Add-Type -TypeDefinition "public class Foo { $UserInput }" # BAD`
	`40`	`+ Add-Type -TypeDefinition "public class Foo { $UserInput }" # $ Alert`
`41`	`41`	`}`
`42`	`42`
`43`	`43`	`function Invoke-InvokeExpressionInjection8`
`44`	`44`	`{`
`45`	`45`	`param($UserInput)`
`46`	`46`
`47`	`47`	`$code = "public class Foo { $UserInput }"`
`48`		`- Add-Type -TypeDefinition $code # BAD`
	`48`	`+ Add-Type -TypeDefinition $code # $ Alert`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`function Invoke-InvokeExpressionInjectionFP`
`@@ -72,21 +72,21 @@ function Invoke-ExploitableCommandInjection1`
`72`	`72`	`{`
`73`	`73`	`param($UserInput)`
`74`	`74`
`75`		`- powershell -command "Get-Process -Name $UserInput" # BAD`
	`75`	`+ powershell -command "Get-Process -Name $UserInput" # $ Alert`
`76`	`76`	`}`
`77`	`77`
`78`	`78`	`function Invoke-ExploitableCommandInjection2`
`79`	`79`	`{`
`80`	`80`	`param($UserInput)`
`81`	`81`
`82`		`- powershell "Get-Process -Name $UserInput" # BAD`
	`82`	`+ powershell "Get-Process -Name $UserInput" # $ Alert`
`83`	`83`	`}`
`84`	`84`
`85`	`85`	`function Invoke-ExploitableCommandInjection3`
`86`	`86`	`{`
`87`	`87`	`param($UserInput)`
`88`	`88`
`89`		`- cmd /c "ping $UserInput" # BAD`
	`89`	`+ cmd /c "ping $UserInput" # $ Alert`
`90`	`90`	`}`
`91`	`91`
`92`	`92`	`function Invoke-ScriptBlockInjection1`
`@@ -95,7 +95,7 @@ function Invoke-ScriptBlockInjection1`
`95`	`95`
`96`	`96`	`## Often used when making remote connections`
`97`	`97`
`98`		`- $sb = [ScriptBlock]::Create("Get-Process -Name $UserInput") # BAD`
	`98`	`+ $sb = [ScriptBlock]::Create("Get-Process -Name $UserInput") # $ Alert`
`99`	`99`	`Invoke-Command RemoteServer $sb`
`100`	`100`	`}`
`101`	`101`
`@@ -105,63 +105,63 @@ function Invoke-ScriptBlockInjection2`
`105`	`105`
`106`	`106`	`## Often used when making remote connections`
`107`	`107`
`108`		`- $sb = $executionContext.InvokeCommand.NewScriptBlock("Get-Process -Name $UserInput") # BAD`
	`108`	`+ $sb = $executionContext.InvokeCommand.NewScriptBlock("Get-Process -Name $UserInput") # $ Alert`
`109`	`109`	`Invoke-Command RemoteServer $sb`
`110`	`110`	`}`
`111`	`111`
`112`	`112`	`function Invoke-MethodInjection1`
`113`	`113`	`{`
`114`	`114`	`param($UserInput)`
`115`	`115`
`116`		`- Get-Process \| Foreach-Object $UserInput # BAD`
	`116`	`+ Get-Process \| Foreach-Object $UserInput # $ Alert`
`117`	`117`	`}`
`118`	`118`
`119`	`119`	`function Invoke-MethodInjection2`
`120`	`120`	`{`
`121`	`121`	`param($UserInput)`
`122`	`122`
`123`		`- (Get-Process -Id $pid).$UserInput() # BAD`
	`123`	`+ (Get-Process -Id $pid).$UserInput() # $ Alert`
`124`	`124`	`}`
`125`	`125`
`126`	`126`
`127`	`127`	`function Invoke-MethodInjection3`
`128`	`128`	`{`
`129`	`129`	`param($UserInput)`
`130`	`130`
`131`		`- (Get-Process -Id $pid).$UserInput.Invoke() # BAD`
	`131`	`+ (Get-Process -Id $pid).$UserInput.Invoke() # $ Alert`
`132`	`132`	`}`
`133`	`133`
`134`	`134`	`function Invoke-ExpandStringInjection1`
`135`	`135`	`{`
`136`	`136`	`param($UserInput)`
`137`	`137`
`138`	`138`	`## Used to attempt a variable resolution`
`139`		`- $executionContext.InvokeCommand.ExpandString($UserInput) # BAD`
	`139`	`+ $executionContext.InvokeCommand.ExpandString($UserInput) # $ Alert`
`140`	`140`	`}`
`141`	`141`
`142`	`142`	`function Invoke-ExpandStringInjection2`
`143`	`143`	`{`
`144`	`144`	`param($UserInput)`
`145`	`145`
`146`	`146`	`## Used to attempt a variable resolution`
`147`		`- $executionContext.SessionState.InvokeCommand.ExpandString($UserInput) # BAD`
	`147`	`+ $executionContext.SessionState.InvokeCommand.ExpandString($UserInput) # $ Alert`
`148`	`148`	`}`
`149`	`149`
`150`	`150`	`function Invoke-InvokeExpressionInjectionCmdletBinding`
`151`	`151`	`{`
`152`	`152`	`[CmdletBinding()]`
`153`	`153`	`param($UserInput)`
`154`		`- Invoke-Expression "Get-Process -Name $UserInput" # BAD`
	`154`	`+ Invoke-Expression "Get-Process -Name $UserInput" # $ Alert`
`155`	`155`	`}`
`156`	`156`
`157`	`157`	`function Invoke-StartProcessInjection`
`158`	`158`	`{`
`159`	`159`	`param($UserInput)`
`160`		`- Start-Process -FilePath $UserInput # BAD`
	`160`	`+ Start-Process -FilePath $UserInput # $ Alert`
`161`	`161`	`}`
`162`	`162`
`163`	`163`
`164`		`-$input = Read-Host "enter input"`
	`164`	`+$input = Read-Host "enter input" # $ Source`
`165`	`165`
`166`	`166`	`Invoke-InvokeExpressionInjection1 -UserInput $input`
`167`	`167`	`Invoke-InvokeExpressionInjection2 -UserInput $input`
`@@ -251,20 +251,20 @@ Invoke-InvokeExpressionInjectionSafe5 -UserInput $input`
`251`	`251`
`252`	`252`	`function false-positive-in-call-operator($d)`
`253`	`253`	`{`
`254`		`- $o = Read-Host "enter input"`
	`254`	`+ $o = Read-Host "enter input" # $ Source`
`255`	`255`	`& unzip -o "$o" -d $d # GOOD`
`256`	`256`
`257`		`- . "$o" # BAD`
	`257`	`+ . "$o" # $ Alert`
`258`	`258`	`}`
`259`	`259`
`260`	`260`	`function flow-through-env-var() {`
`261`	`261`	`$x = $env:foo`
`262`	`262`
`263`	`263`	`. "$x" # GOOD # we don't consider environment vars flow sources`
`264`	`264`
`265`		`- $input = Read-Host "enter input"`
	`265`	`+ $input = Read-Host "enter input" # $ Source`
`266`	`266`	`$env:bar = $input`
`267`	`267`
`268`	`268`	`$y = $env:bar`
`269`		`- . "$y" # BAD # but we have flow through them`
	`269`	`+ . "$y" # $ Alert # but we have flow through them`
`270`	`270`	`}`