Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for PowerShell as a supported language in CodeQL #17927

Open
kilasuit opened this issue Nov 7, 2024 · 3 comments
Open

Add support for PowerShell as a supported language in CodeQL #17927

kilasuit opened this issue Nov 7, 2024 · 3 comments
Labels
question Further information is requested

Comments

@kilasuit
Copy link

kilasuit commented Nov 7, 2024

Whilst PowerShell is built on top of C# and can use as well as F# as well as other .NET languages quite easily, it would be nice ot be able to analyse PowerShell using codeql tooling in future

@kilasuit kilasuit added the question Further information is requested label Nov 7, 2024
@jketema
Copy link
Contributor

jketema commented Nov 7, 2024

Hi @kilasuit. Thanks for the suggestion. We'll take it into consideration.

@intrigus-lgtm
Copy link
Contributor

Interestingly, there is a PowerShell extractor in a Microsoft fork of CodeQL:
https://github.com/microsoft/codeql/tree/main/powershell
I guess @MathiasVP can probably tell you more about it.

@MathiasVP
Copy link
Contributor

Interestingly, there is a PowerShell extractor in a Microsoft fork of CodeQL:

https://github.com/microsoft/codeql/tree/main/powershell

I guess @MathiasVP can probably tell you more about it.

Thanks for the ping 🙂

Yes, Microsoft is currently working on supporting PowerShell as a CodeQL language. So far I've open sourced the existing extractor and created most of the required analysis libraries necessary to do global taint-tracking. Very few queries exist at the moment though. That's the next milestone! 🤞

You can find all of that in the repo @intrigus-lgtm linked above.

I imagine it's possible to build everything outside of the Microsoft context, but since this is not an actual GitHub product I would't recommend this as we may make breaking changes without any warnings.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Further information is requested
Projects
None yet
Development

No branches or pull requests

4 participants