Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add CodeQL suppressions for PowerShell intended behavior #25359

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
TravisEz13 merged 2 commits into from
Apr 15, 2025
Merged

Add CodeQL suppressions for PowerShell intended behavior #25359

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ef82fcb
Add CodeQL suppressions for PowerShell intended behavior being flagged
anamnavi Apr 14, 2025
07b7ab3
remove space between codeql and rulename
anamnavi Apr 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/Microsoft.PowerShell.Commands.Utility/commands/utility/AddType.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -684,6 +684,7 @@ private void LoadAssemblies(IEnumerable<string> assemblies)
{
// CoreCLR doesn't allow re-load TPA assemblies with different API (i.e. we load them by name and now want to load by path).
// LoadAssemblyHelper helps us avoid re-loading them, if they already loaded.
// codeql[cs/dll-injection-remote] - This is expected PowerShell behavior and integral to the purpose of the class. It allows users to load any C# dependencies they need for their PowerShell application and add other types they require.
Assembly assembly = LoadAssemblyHelper(assemblyName) ?? Assembly.LoadFrom(ResolveAssemblyName(assemblyName, false));

if (PassThru)
Expand Down
1 change: 1 addition & 0 deletions ...owerShell.Commands.Utility/commands/utility/WebCmdlet/Common/WebRequestPSCmdlet.Common.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1771,6 +1771,7 @@ private static StringContent GetMultipartStringContent(object fieldName, object
ContentDispositionHeaderValue contentDisposition = new("form-data");
contentDisposition.Name = LanguagePrimitives.ConvertTo<string>(fieldName);

// codeql[cs/information-exposure-through-exception] - PowerShell is an on-premise product, meaning local users would already have access to the binaries and stack traces. Therefore, the information would not be exposed in the same way it would be for an ASP .NET service.
StringContent result = new(LanguagePrimitives.ConvertTo<string>(fieldValue));
result.Headers.ContentDisposition = contentDisposition;

Expand Down
1 change: 1 addition & 0 deletions src/System.Management.Automation/engine/ExecutionContext.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1385,6 +1385,7 @@ private static Assembly LoadAssembly(string name, string filePath, out Exception
{
try
{
// codeql[cs/dll-injection-remote] - The dll is loaded during the initial state setup, which is expected behavior. This allows users hosting PowerShell to load additional C# types to enable their specific scenarios.
loadedAssembly = Assembly.LoadFrom(filePath);
return loadedAssembly;
}
Expand Down
Loading