Merge pull request #350 from microsoft/guid-sanitizer-ps

PS: Add GUID as simple sanitizers

Author: MathiasVP

powershell/ql/lib/semmle/code/powershell/security/Sanitizers.qll

@@ -4,11 +4,11 @@ private import semmle.code.powershell.dataflow.DataFlow
 /**
  * A dataflow node that is guarenteed to have a "simple" type.
  *
- * Simple types include integers, floats, characters, booleans, and `datetime`.
+ * Simple types include integers, floats, characters, booleans, `datetime`, and `guid`.
  */
 class SimpleTypeSanitizer extends DataFlow::Node {
   SimpleTypeSanitizer() {
     this.asParameter().getStaticType() =
-      ["int32", "int64", "single", "double", "decimal", "char", "boolean", "datetime"]
+      ["int32", "int64", "single", "double", "decimal", "char", "boolean", "datetime", "guid"]
   }
 }

powershell/ql/test/query-tests/security/cwe-089/test.ps1

@@ -138,4 +138,13 @@ $QueryConn3 = @{
 
 Invoke-Sqlcmd @QueryConn3 # GOOD
 
-&sqlcmd -e -S $userinput -U "Login" -P "MyPassword" -d "MyDBName" -i "input_file.sql" # GOOD
+&sqlcmd -e -S $userinput -U "Login" -P "MyPassword" -d "MyDBName" -i "input_file.sql" # GOOD
+
+function WithGuid {
+    PARAM([Parameter(Mandatory = $true)] [guid] $r)
+
+    $query = "SELECT * FROM MyTable WHERE MyColumn = '$r'"
+    Invoke-Sqlcmd -ServerInstance "MyServer" -Database "MyDatabase" -q $query # GOOD
+}
+
+WithGuid $userinput