public void Setup()
{
this._commandExpressionAst = ParseInput("'PS> '")
.EndBlock
.Statements[0]
.PipelineElements[0];
this._stringConstantExpressionAst = (StringConstantExpressionAst)this._commandExpressionAst.Expression;
}
public override AstVisitAction VisitStringConstantExpression(StringConstantExpressionAst stringConstantExpressionAst)
{
var stringSize = stringConstantExpressionAst.Value.Length;
StringLiteralCount += 1;
StringLiteralCumulativeSize += stringSize;
MaxStringSize = Math.Max(MaxStringSize, stringSize);
return(AstVisitAction.Continue);
}
public static StringConstantExpressionAst Update(
this StringConstantExpressionAst ast,
string value = null,
StringConstantType?stringConstantType = null)
{
return(new StringConstantExpressionAst(
ast.Extent,
value ?? ast.Value,
stringConstantType ?? ast.StringConstantType));
}
public void SingleStatementInBlockTest()
{
StringConstantExpressionAst command = ParseStatement("{ Get-ChildItem }")
.PipelineElements[0]
.Expression
.ScriptBlock
.EndBlock
.Statements[0]
.PipelineElements[0]
.CommandElements[0];
Assert.AreEqual("Get-ChildItem", command.Value);
}
public void InstanceProperty()
{
var memberExpressionAst = ParseStatement(@"'abc'.Length")
.PipelineElements[0]
.Expression;
StringConstantExpressionAst expressionAst = memberExpressionAst.Expression;
StringConstantExpressionAst memberAst = memberExpressionAst.Member;
Assert.AreEqual("abc", expressionAst.Value);
Assert.AreEqual(StringConstantType.SingleQuoted, expressionAst.StringConstantType);
Assert.AreEqual("Length", memberAst.Value);
Assert.AreEqual(StringConstantType.BareWord, memberAst.StringConstantType);
}
public void HashTable1()
{
HashtableAst hashtableAst = ParseStatement("@{ 'a' = 'b' }")
.PipelineElements[0]
.Expression;
Assert.AreEqual(1, hashtableAst.KeyValuePairs.Count);
dynamic keyValuePair = hashtableAst.KeyValuePairs.Single();
StringConstantExpressionAst nameAst = keyValuePair.Item1;
StringConstantExpressionAst valueAst = keyValuePair.Item2.PipelineElements[0].Expression;
Assert.AreEqual("a", nameAst.Value);
Assert.AreEqual("b", valueAst.Value);
}
public override object VisitStringConstantExpression(StringConstantExpressionAst stringConstantExpressionAst)
{
if (dict_.ContainsKey(stringConstantExpressionAst.Value.ToLower()))
{
var newName = dict_[stringConstantExpressionAst.Value.ToLower()];
if (stringConstantExpressionAst.Value.StartsWith("global:"))
{
newName = "global:" + newName;
}
return(new StringConstantExpressionAst(stringConstantExpressionAst.Extent, newName,
stringConstantExpressionAst.StringConstantType));
}
return(new StringConstantExpressionAst(stringConstantExpressionAst.Extent, stringConstantExpressionAst.Value,
stringConstantExpressionAst.StringConstantType));
}
private DiagnosticRecord GetDiagnosticRecord(StringConstantExpressionAst stringConstantExpressionAst,
string suggestedCorrection)
{
return(new DiagnosticRecord(
Strings.AvoidUsingDoubleQuotesForConstantStringError,
stringConstantExpressionAst.Extent,
GetName(),
GetDiagnosticSeverity(),
stringConstantExpressionAst.Extent.File,
suggestedCorrections: new[] {
new CorrectionExtent(
stringConstantExpressionAst.Extent,
suggestedCorrection,
stringConstantExpressionAst.Extent.File
)
}
));
}
//public static void MeasureAddType(string ScriptBlock)
//{
// Token[] token;
// ParseError[] error;
// ScriptBlockAst ScriptBlockAst = Parser.ParseInput(ScriptBlock, out token, out error);
//
// Func<Ast, bool> predicate = delegate (Ast ast)
// {
// var derpVar = new VariableExpressionAst(ast.Extent, "Derp", splatted: false);
// CommandAst targetAst = new CommandAst(ast.Extent, new[] { derpVar }, TokenKind.Unknown, Enumerable.Empty<RedirectionAst>());
// if (targetAst.CommandElements[0].Extent.Text == "Add-Type")
// {
// var addTypeParameters = StaticParameterBinder.BindCommand(targetAst);
// var typeDefinitionParameter = addTypeParameters.BoundParameters.TypeDefinition;
// if (typeDefinitionParameter.ConstantValue)
// {
// if (addTypeParameters.BoundParameters.TypeDefinition.ValueSystem.Management.Automation.Language.VariableExpressionAst)
// {
// var variableName = addTypeParameters.BoundParameters.TypeDefinition.Value.VariablePath.UserPath;
// var constantAssignmentForVariable = ScriptBlockAst.FindAll(tempvar => tempvar is Ast, true);
// if (assignmentAst && assignmentAst.Left.VariablePath.UserPath == variableName && assignmentAst.Right.ExpressionSystem.Management.Automation.Language.ConstantExpressionAst)
// {
// return true;
// }
// if (constantAssignmentForVariable != null)
// {
// return false;
// }
// else
// {
// return true;
// }
// }
// return true;
// }
// }
// return false;
// };
//
// var foundNode = ScriptBlockAst.Find(predicate, true);
// if (foundNode != null)
// {
// Console.WriteLine("[+] Possible injection vulnerability found");
// Console.WriteLine(String.Format(@"Possible code injection risk via the Add-Type cmdlet. Untrusted input can cause arbitrary Win32 code to be run..
//RuleName = InjectionRisk.AddType
//Severity = Warning", foundNode.Extent
// ));
// }
//}
public static void MeasureDangerousMethod(string ScriptBlock)
{
Token[] token;
ParseError[] error;
ScriptBlockAst ScriptBlockAst = Parser.ParseInput(ScriptBlock, out token, out error);
Func <Ast, bool> predicate = delegate(Ast ast)
{
var derpVar = new VariableExpressionAst(ast.Extent, "Derp", splatted: false);
var derpVar2 = new StringConstantExpressionAst(ast.Extent, "derbvar2", StringConstantType.BareWord);
InvokeMemberExpressionAst targetAst = new InvokeMemberExpressionAst(ast.Extent, derpVar, derpVar2, Enumerable.Empty <ExpressionAst>(), false);
if (targetAst != null)
{
if (targetAst.Member.Extent.Text.In(false, new List <string> {
"invokescript", "createnestedpipeline", "addscript", "newscriptblock", "expandstring"
}))
{
return(true);
}
if (targetAst.Member.Extent.Text.In(false, new List <string> {
"create"
}) && targetAst.Expression.Extent.Text.In(false, new List <string> {
"scriptblock"
}))
{
return(true);
}
}
return(false);
};
var foundNode = ScriptBlockAst.Find(predicate, true);
if (foundNode != null)
{
Console.WriteLine("[+] Possible injection vulnerability found");
Console.WriteLine(String.Format(@"Possible script injection risk via the a dangerous method. Untrusted input can cause arbitrary PowerShell expressions to be run.
The PowerShell.AddCommand().AddParameter() APIs should be used instead.
RuleName = {1}
Severity = Warning", foundNode.Extent, foundNode.Extent.Text)
);
}
}
public void ArrayArgument()
{
var commandElementAsts = ParseStatement("Write-Host 3,$true")
.PipelineElements[0]
.CommandElements;
StringConstantExpressionAst stringConstantExpressionAst = commandElementAsts[0];
Assert.AreEqual("Write-Host", stringConstantExpressionAst.Value);
var expressionAst = commandElementAsts[1];
ConstantExpressionAst value0 = expressionAst.Elements[0];
Assert.AreEqual(3, value0.Value);
VariableExpressionAst value1 = expressionAst.Elements[1];
Assert.AreEqual("true", value1.VariablePath.UserPath);
}
/// <summary>
/// Checks to see if the command invocation is a dot
/// in order to find a dot sourced file
/// </summary>
/// <param name="commandAst">A CommandAst object in the script's AST</param>
/// <returns>A decision to stop searching if the right commandAst was found,
/// or a decision to continue if it wasn't found</returns>
public override AstVisitAction VisitCommand(CommandAst commandAst)
{
CommandElementAst commandElementAst = commandAst.CommandElements[0];
if (commandAst.InvocationOperator.Equals(TokenKind.Dot))
{
string path = commandElementAst switch
{
StringConstantExpressionAst stringConstantExpressionAst => stringConstantExpressionAst.Value,
ExpandableStringExpressionAst expandableStringExpressionAst => GetPathFromExpandableStringExpression(expandableStringExpressionAst),
_ => null,
};
if (!string.IsNullOrWhiteSpace(path))
{
DotSourcedFiles.Add(PathUtils.NormalizePathSeparators(path));
}
}
return(base.VisitCommand(commandAst));
}
private static bool IsCommandImportDscResource(Ast ast)
{
CommandAst commandAst = ast as CommandAst;
if (commandAst == null)
{
return(false);
}
if (commandAst.CommandElements.Count == 0)
{
return(false);
}
StringConstantExpressionAst constantExpressionAst = commandAst.CommandElements[0] as StringConstantExpressionAst;
if (constantExpressionAst != null &&
String.Compare(constantExpressionAst.Value, "Import-DscResource", StringComparison.InvariantCultureIgnoreCase) == 0)
{
return(true);
}
return(false);
}
private static bool IsLegacyAstConfiguration(Ast node)
{
CommandAst commandNode = node as CommandAst;
if (commandNode == null)
{
return(false);
}
// TODO: Add case when configuration name is not a StringConstant, but a variable.
StringConstantExpressionAst commandParameter = (commandNode.CommandElements[0] as StringConstantExpressionAst);
if (commandParameter == null)
{
return(false);
}
// Find the AST nodes defining configurations. These nodes will be CommandAst nodes
// with 7 or 8 command elements (8 if the configuration requires any custom modules.)
return
(commandNode.CommandElements.Count >= 7 &&
String.Equals(commandParameter.Extent.Text, "configuration", StringComparison.OrdinalIgnoreCase) &&
String.Equals(commandParameter.Value, @"PSDesiredStateConfiguration\Configuration",
StringComparison.OrdinalIgnoreCase));
}
public override AstVisitAction VisitStringConstantExpression(StringConstantExpressionAst ast)
{
return(AstVisitAction.Continue);
}
/// <summary/> public virtual AstVisitAction VisitStringConstantExpression(StringConstantExpressionAst stringConstantExpressionAst) => DefaultVisit(stringConstantExpressionAst);
public virtual object VisitStringConstantExpression(StringConstantExpressionAst stringConstantExpressionAst)
{
return(stringConstantExpressionAst);
}
public override AstVisitAction VisitStringConstantExpression(StringConstantExpressionAst stringConstantExpressionAst)
{
this._pipelineCommandRuntime.outputResults.Write(stringConstantExpressionAst.Value);
return(AstVisitAction.SkipChildren);
}
public override AstVisitAction VisitStringConstantExpression(StringConstantExpressionAst stringConstantExpressionAst)
{
throw new NotImplementedException(); //VisitStringConstantExpression(stringConstantExpressionAst);
}
public override AstVisitAction VisitStringConstantExpression(StringConstantExpressionAst ast)
{
return(DoNextAction(ast));
}
public override ExpressionAst VisitStringConstantExpression(StringConstantExpressionAst stringConstantExpressionAst) => VisitExpression(base.VisitStringConstantExpression(stringConstantExpressionAst));
