Add CodeQL suppressions for EventLog, TypeCatalogGen, Process methods #26689
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…alogGen, Process methods
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds CodeQL suppression comments to document expected security behaviors in PowerShell and fixes a recurring typo where "Poweshell" was corrected to "PowerShell" in existing suppression comments. The changes clarify that certain potential security issues (command-line injection, SSRF, weak cryptography) are intentional design choices given PowerShell's user trust model. No functional code changes are included.
Changes:
- Added new CodeQL suppression comments for command-line injection scenarios in TypeCatalogGen, NativeCommandProcessor, Process, and EventLog classes
- Corrected spelling of "Poweshell" to "PowerShell" in seven existing CodeQL suppression comments across multiple files
- All suppressions explain why the flagged behavior is expected in PowerShell's context
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| src/TypeCatalogGen/TypeCatalogGen.cs | Added suppression for SHA-1 usage explaining backward compatibility requirement |
| src/System.Management.Automation/namespaces/FileSystemProvider.cs | Fixed typo in existing suppression comment |
| src/System.Management.Automation/help/UpdatableHelpSystem.cs | Fixed typo in two existing SSRF suppression comments |
| src/System.Management.Automation/engine/remoting/common/RunspaceConnectionInfo.cs | Fixed typo in existing suppression comment |
| src/System.Management.Automation/engine/NativeCommandProcessor.cs | Added new suppression and fixed typos in two existing suppressions |
| src/Microsoft.PowerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs | Fixed typo in existing SSRF suppression comment |
| src/Microsoft.PowerShell.Commands.Management/commands/management/Process.cs | Added two new suppressions for working directory paths and fixed typo in existing suppression |
| src/Microsoft.PowerShell.Commands.Management/commands/management/Eventlog.cs | Added new suppression for ComputerName parameter usage |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
TravisEz13
reviewed
Jan 15, 2026
src/Microsoft.PowerShell.Commands.Management/commands/management/Eventlog.cs
Outdated
Show resolved
Hide resolved
TravisEz13
reviewed
Jan 15, 2026
src/Microsoft.PowerShell.Commands.Management/commands/management/Process.cs
Outdated
Show resolved
Hide resolved
TravisEz13
reviewed
Jan 15, 2026
src/System.Management.Automation/engine/NativeCommandProcessor.cs
Outdated
Show resolved
Hide resolved
TravisEz13
reviewed
Jan 15, 2026
src/System.Management.Automation/engine/NativeCommandProcessor.cs
Outdated
Show resolved
Hide resolved
…nt/Process.cs Co-authored-by: Travis Plunk <[email protected]>
…sures the configured location will be returned regardless of if it has been created already
TravisEz13
approved these changes
Jan 28, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add CodeQL suppression comments to clarify that certain potential security issues (such as command-line injection and weak cryptography) are expected behaviors in PowerShell, given its design and user trust model. These comments provide context for static analysis tools and future maintainers. Also fixed typo and updated prior CodeQL suppressions.
Also updated how System special folder is retrieved in EventLog.cs, it calls into the
CorePSPlatform.SafeDeriveFromSpecialFolder()API to ensure the configured location is returned regardless of if it exists.PR Summary
PR Context
PR Checklist
.h,.cpp,.cs,.ps1and.psm1files have the correct copyright header