Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CodeQL PowerShell Support #2366

Open
StartAutomating opened this issue Jul 9, 2024 · 2 comments
Open

CodeQL PowerShell Support #2366

StartAutomating opened this issue Jul 9, 2024 · 2 comments

Comments

@StartAutomating
Copy link

CodeQL does not currently support PowerShell. Given that PowerShell is quite a potent language that has been used to great effect by red team and blue team alike, this lack of functionality hurts both CodeQL and PowerShell.

I am deeply familiar with the PowerShell AST and would likely be able to make CodeQL PowerShell language support work, if the team can help provide the right guidance on integration.

Please provide more information about how one can write new CodeQL bindings, so that I might turn this issue into a more useful pull request.

@dilanbhalla
Copy link

dilanbhalla commented Jul 12, 2024

Awesome to hear this! We have developed an open source PowerShell extractor actually, which allows PowerShell source code to be converted to a CodeQL database. The extractor can be found here: https://github.com/microsoft/codeql/releases. It doesn't matter if the release version is a bit behind, you can just grab the latest powershell.zip and unzip that folder next to your codeql executable. Once you do this, you should be able to run any commands related to extraction/db creation with "powershell" as the language.

What we really need now to enable analysis is the core CodeQL libraries for PowerShell. We have built out a bunch of these already (which we can open source as well), but core libraries related to the AST such as AST.qll, Cfg.qll, and Dataflow.qll need to be populated so that we can start building out qlls on top of them. Here is a repository that has been set up recently that shows how this is done for a simple/demo language, kaleidoscope: https://github.com/aibaars/codeql-kaleidoscope/tree/main (go to ql/lib/codeql/kaleidoscope). Some of these core libraries can probably be shared libraries now (and we can update the kaleidoscope repo to reflect that), @aibaars can explain further there.

@StartAutomating
Copy link
Author

@dilanbhalla @aibaars Thanks for providing some context. Please provide a bit more :-)

  • This looks somewhat workable (I would appreciate setting up a call to understand the implementation, as I am not a codeQL expert).
    • Please link to building instructions for a *.qll file
    • Please link to whatever specification you have (EBNF,ANTLR, etc) for the syntax
    • Please set up time if you are able.

Additionally, if I'm reading the kaleidoscope example correctly, what you're doing is synergistically aligned with a metaprogramming language I build, Pipescript. A major component of that language is AST manipulation. Another major component is an open-ended definition of languages. Here are a couple of items I believe we should also look at:

  • Using a code QL as a selector for any programming language (aka "select a class named this, regardless of language")
  • Denoting transformations of code (aka, "find any foldable region named 'Internal', and remove it")

Please let me know what you think of these scenarios, and if you'd expect either of them to be "natively" handled by CodeQL in the near/mid future.

Forgive me if these are foolish questions; I'm a PowerShell expert, not a CodeQL expert.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants