PS: Fixup PowerShell after github#21051.

MathiasVP · MathiasVP · commit 80deee81f8e8 · 2026-02-23T20:03:18.000Z
diff --git a/powershell/ql/lib/semmle/code/powershell/dataflow/FlowSummary.qll b/powershell/ql/lib/semmle/code/powershell/dataflow/FlowSummary.qll
@@ -18,32 +18,48 @@ private module Summaries {
   import EngineIntrinsics
 }
 
-/** A callable with a flow summary, identified by a unique string. */
-abstract class SummarizedCallable extends LibraryCallable, Impl::Public::SummarizedCallable {
-  bindingset[this]
-  SummarizedCallable() { any() }
-
-  override predicate propagatesFlow(
-    string input, string output, boolean preservesValue, string model
-  ) {
-    this.propagatesFlow(input, output, preservesValue) and model = ""
-  }
+class Provenance = Impl::Public::Provenance;
+
+/** Provides the `Range` class used to define the extent of `SummarizedCallable`. */
+module SummarizedCallable {
+  /** A callable with a flow summary, identified by a unique string. */
+  abstract class Range extends LibraryCallable, Impl::Public::SummarizedCallable {
+    bindingset[this]
+    Range() { any() }
+
+    override predicate propagatesFlow(
+      string input, string output, boolean preservesValue, Provenance p, boolean isExact,
+      string model
+    ) {
+      this.propagatesFlow(input, output, preservesValue) and
+      p = "manual" and
+      isExact = true and
+      model = ""
+    }
 
-  /**
-   * Holds if data may flow from `input` to `output` through this callable.
-   *
-   * `preservesValue` indicates whether this is a value-preserving step or a taint-step.
-   */
-  predicate propagatesFlow(string input, string output, boolean preservesValue) { none() }
-
-  /**
-   * Gets the synthesized parameter that results from an input specification
-   * that starts with `Argument[s]` for this library callable.
-   */
-  DataFlow::ParameterNode getParameter(string s) {
-    exists(ParameterPosition pos |
-      DataFlowImplCommon::parameterNode(result, TLibraryCallable(this), pos) and
-      s = Impl::Input::encodeParameterPosition(pos)
-    )
+    /**
+     * Holds if data may flow from `input` to `output` through this callable.
+     *
+     * `preservesValue` indicates whether this is a value-preserving step or a taint-step.
+     */
+    predicate propagatesFlow(string input, string output, boolean preservesValue) { none() }
+
+    /**
+     * Gets the synthesized parameter that results from an input specification
+     * that starts with `Argument[s]` for this library callable.
+     */
+    DataFlow::ParameterNode getParameter(string s) {
+      exists(ParameterPosition pos |
+        DataFlowImplCommon::parameterNode(result, TLibraryCallable(this), pos) and
+        s = Impl::Input::encodeParameterPosition(pos)
+      )
+    }
   }
 }
+
+final private class SummarizedCallableFinal = SummarizedCallable::Range;
+
+/** A callable with a flow summary, identified by a unique string. */
+final class SummarizedCallable extends SummarizedCallableFinal,
+  Impl::Public::RelevantSummarizedCallable
+{ }
diff --git a/powershell/ql/lib/semmle/code/powershell/dataflow/internal/FlowSummaryImpl.qll b/powershell/ql/lib/semmle/code/powershell/dataflow/internal/FlowSummaryImpl.qll
@@ -18,6 +18,8 @@ module Input implements InputSig<Location, DataFlowImplSpecific::PowershellDataF
 
   class SinkBase = Void;
 
+  predicate callableFromSource(SummarizedCallableBase c) { none() }
+
   ArgumentPosition callbackSelfParameterPosition() { none() }
 
   ReturnKind getStandardReturnValueKind() { result instanceof NormalReturnKind }
diff --git a/powershell/ql/lib/semmle/code/powershell/frameworks/data/ModelsAsData.qll b/powershell/ql/lib/semmle/code/powershell/frameworks/data/ModelsAsData.qll
@@ -21,7 +21,7 @@ private class RemoteFlowSourceFromCsv extends RemoteFlowSource::Range {
   override string getSourceType() { result = "Remote flow (from model)" }
 }
 
-private class SummarizedCallableFromModel extends SummarizedCallable {
+private class SummarizedCallableFromModel extends SummarizedCallable::Range {
   string type;
   string path;
 
@@ -38,9 +38,13 @@ private class SummarizedCallableFromModel extends SummarizedCallable {
   }
 
   override predicate propagatesFlow(
-    string input, string output, boolean preservesValue, string model
+    string input, string output, boolean preservesValue, Provenance p, boolean isExact, string model
   ) {
-    exists(string kind | ModelOutput::relevantSummaryModel(type, path, input, output, kind, model) |
+    exists(string kind |
+      ModelOutput::relevantSummaryModel(type, path, input, output, kind, model) and
+      p = "manual" and
+      isExact = true
+    |
       kind = "value" and
       preservesValue = true
       or
diff --git a/powershell/ql/lib/semmle/code/powershell/typetracking/internal/TypeTrackingImpl.qll b/powershell/ql/lib/semmle/code/powershell/typetracking/internal/TypeTrackingImpl.qll
@@ -118,7 +118,7 @@ private module SummaryTypeTrackerInput implements SummaryTypeTracker::Input {
     predicate propagatesFlow(
       SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue
     ) {
-      super.propagatesFlow(input, output, preservesValue, _)
+      super.propagatesFlow(input, output, preservesValue, _, _, _)
     }
   }
 

Original file line number	Diff line number	Diff line change
`@@ -118,7 +118,7 @@ private module SummaryTypeTrackerInput implements SummaryTypeTracker::Input {`
`118`	`118`	`predicate propagatesFlow(`
`119`	`119`	`SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue`
`120`	`120`	`) {`
`121`		`- super.propagatesFlow(input, output, preservesValue, _)`
	`121`	`+ super.propagatesFlow(input, output, preservesValue, _, _, _)`
`122`	`122`	`}`
`123`	`123`	`}`
`124`	`124`