Skip to content

PS: Remove environment variables from powershell/microsoft/public/sql-injection #263

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MathiasVP merged 3 commits into from
Jul 24, 2025
Merged

PS: Remove environment variables from powershell/microsoft/public/sql-injection #263

MathiasVP merged 3 commits into from
Jul 24, 2025

Conversation

@MathiasVP
Copy link
Collaborator

@MathiasVP MathiasVP commented Jul 24, 2025

... and also make the paths outputted in dataflow queries more readable.

This PR does two things (each in their own commit):

  1. It removes environment variables as sources in the PowerShell SQL injection query. This matches the change we did in b72af27 for the command-line injection query.
  2. It fixes a bug related to how we hide/unhide certain nodes in dataflow paths. The dataflow library has two "hooks" that decides which nodes to never show in a path (the nodeIsHidden predicate) and which nodes to always show in a path (the neverSkipInPathGraph). We had a bug in nodeIsHidden which always hid uses of local variables. This meant that paths were way too compressed to be readable. Furthermore, I chose to follow C# and always show definitions in the path.

The combination of these two fixes in (2) mean that paths are much more readable 🎉

@MathiasVP MathiasVP merged commit ae4b3e8 into main Jul 24, 2025
3 checks passed
dilanbhalla pushed a commit that referenced this pull request Aug 8, 2025
@MathiasVP
Merge pull request #263 from microsoft/remove-env-reads-from-sql-inje…
81bb5f8 
…ction

PS: Remove environment variables from `powershell/microsoft/public/sql-injection`
dilanbhalla pushed a commit that referenced this pull request Aug 8, 2025
@MathiasVP
Merge pull request #263 from microsoft/remove-env-reads-from-sql-inje…
3e208fb 
…ction

PS: Remove environment variables from `powershell/microsoft/public/sql-injection`
dilanbhalla pushed a commit that referenced this pull request Aug 8, 2025
@MathiasVP
Merge pull request #263 from microsoft/remove-env-reads-from-sql-inje…
596acdb 
…ction

PS: Remove environment variables from `powershell/microsoft/public/sql-injection`
@dilanbhalla dilanbhalla mentioned this pull request Aug 8, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chanel-y chanel-y chanel-y approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MathiasVP @chanel-y