From 1dd5e34e0e2d74f3adc2b7e02fde581bad8879a6 Mon Sep 17 00:00:00 2001
From: dilanbhalla <35575727+dilanbhalla@users.noreply.github.com>
Date: Wed, 20 Nov 2024 12:04:11 -0800
Subject: [PATCH 1/6] Create powershell-pr-check.yml

---
 .github/workflows/powershell-pr-check.yml | 28 +++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 .github/workflows/powershell-pr-check.yml

diff --git a/.github/workflows/powershell-pr-check.yml b/.github/workflows/powershell-pr-check.yml
new file mode 100644
index 000000000000..87be4ece4971
--- /dev/null
+++ b/.github/workflows/powershell-pr-check.yml
@@ -0,0 +1,28 @@
+name: PowerShell PR Check
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "powershell/**"
+  workflow_dispatch:
+
+jobs:
+  powershell-pr-check:
+    name: powershell-pr-check
+    runs-on: ubuntu-latest
+    if: github.repository == 'microsoft/codeql'
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.WORKFLOW_TOKEN }}
+      - name: Setup CodeQL
+        uses: ./.github/actions/fetch-codeql
+      - name: Compile PowerShell Queries
+        run: |
+          codeql query compile --check-only --keep-going powershell/ql/src

From 7257b4a0a2787a681576d366b092424b661fab2a Mon Sep 17 00:00:00 2001
From: dilanbhalla <35575727+dilanbhalla@users.noreply.github.com>
Date: Wed, 20 Nov 2024 12:08:15 -0800
Subject: [PATCH 2/6] Update powershell-pr-check.yml

---
 .github/workflows/powershell-pr-check.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/powershell-pr-check.yml b/.github/workflows/powershell-pr-check.yml
index 87be4ece4971..7783401973af 100644
--- a/.github/workflows/powershell-pr-check.yml
+++ b/.github/workflows/powershell-pr-check.yml
@@ -1,6 +1,9 @@
 name: PowerShell PR Check
 
 on:
+  push:
+    branches:
+      - dilan/powershell-pr-check
   pull_request:
     branches:
       - main

From 147784a1022b1498d5e2041405027beb37f60a02 Mon Sep 17 00:00:00 2001
From: dilanbhalla <35575727+dilanbhalla@users.noreply.github.com>
Date: Wed, 20 Nov 2024 12:11:39 -0800
Subject: [PATCH 3/6] Create test.ql

---
 .../ql/src/queries/security/cwe-078/test.ql   | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 powershell/ql/src/queries/security/cwe-078/test.ql

diff --git a/powershell/ql/src/queries/security/cwe-078/test.ql b/powershell/ql/src/queries/security/cwe-078/test.ql
new file mode 100644
index 000000000000..c2e9745a603c
--- /dev/null
+++ b/powershell/ql/src/queries/security/cwe-078/test.ql
@@ -0,0 +1,25 @@
+/**
+ * @name Uncontrolled command line
+ * @description Using externally controlled strings in a command line may allow a malicious
+ *              user to change the meaning of the command.
+ * @kind path-problem
+ * @problem.severity error
+ * @security-severity 9.8
+ * @precision high
+ * @id powershell/command-injection-test
+ * @tags correctness
+ *       security
+ *       external/cwe/cwe-078
+ *       external/cwe/cwe-088
+ */
+
+import powershell
+import semmle.code.powershell.security.CommandInjectionQuery
+import CommandInjectionFlow::PathGraph
+
+from CommandInjectionFlow::PathNode source, CommandInjectionFlow::PathNode sink, Source sourceNode
+where
+  CommandInjetionFlow::flowPath(source, sink) and
+  sourceNode = source.getNode()
+select sink.getNode(), source, sink, "This command depends on a $@.", sourceNode,
+  sourceNode.getSourceType()

From 105f7395d76556a3ec85b68108ad1dd4fbafe61d Mon Sep 17 00:00:00 2001
From: dilanbhalla <35575727+dilanbhalla@users.noreply.github.com>
Date: Wed, 20 Nov 2024 12:14:08 -0800
Subject: [PATCH 4/6] Delete powershell/ql/src/queries/security/cwe-078/test.ql

---
 .../ql/src/queries/security/cwe-078/test.ql   | 25 -------------------
 1 file changed, 25 deletions(-)
 delete mode 100644 powershell/ql/src/queries/security/cwe-078/test.ql

diff --git a/powershell/ql/src/queries/security/cwe-078/test.ql b/powershell/ql/src/queries/security/cwe-078/test.ql
deleted file mode 100644
index c2e9745a603c..000000000000
--- a/powershell/ql/src/queries/security/cwe-078/test.ql
+++ /dev/null
@@ -1,25 +0,0 @@
-/**
- * @name Uncontrolled command line
- * @description Using externally controlled strings in a command line may allow a malicious
- *              user to change the meaning of the command.
- * @kind path-problem
- * @problem.severity error
- * @security-severity 9.8
- * @precision high
- * @id powershell/command-injection-test
- * @tags correctness
- *       security
- *       external/cwe/cwe-078
- *       external/cwe/cwe-088
- */
-
-import powershell
-import semmle.code.powershell.security.CommandInjectionQuery
-import CommandInjectionFlow::PathGraph
-
-from CommandInjectionFlow::PathNode source, CommandInjectionFlow::PathNode sink, Source sourceNode
-where
-  CommandInjetionFlow::flowPath(source, sink) and
-  sourceNode = source.getNode()
-select sink.getNode(), source, sink, "This command depends on a $@.", sourceNode,
-  sourceNode.getSourceType()

From 514285c2fccb3d32172a1811cd521eeeca280076 Mon Sep 17 00:00:00 2001
From: dilanbhalla <35575727+dilanbhalla@users.noreply.github.com>
Date: Wed, 20 Nov 2024 12:16:38 -0800
Subject: [PATCH 5/6] Update sync-main.yml

---
 .github/workflows/sync-main.yml | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/sync-main.yml b/.github/workflows/sync-main.yml
index 6a5735e8f6ac..79190b194a36 100644
--- a/.github/workflows/sync-main.yml
+++ b/.github/workflows/sync-main.yml
@@ -21,17 +21,22 @@ jobs:
         run: |
           git config user.name Dilan Bhalla
           git config user.email dilanbhalla@microsoft.com
-      - name: Fetch
+      - name: Sync Main
         shell: bash
         run: |
           set -x
           git fetch
           git remote add upstream https://github.com/github/codeql.git
           git fetch upstream --tags --force
-      - name: Sync Main
+          git merge codeql-cli/latest
+      - name: Setup CodeQL
+        uses: ./.github/actions/fetch-codeql
+      - name: Compile PowerShell Queries
+        run: |
+          codeql query compile --check-only --keep-going powershell/ql/src
+      - name: Complete Sync
         shell: bash
         run: |
-          git merge codeql-cli/latest
           git push origin main
           git push origin --tags --force
 

From 44e48a758826a53ee1b3cf78fb92d15d4857b9cc Mon Sep 17 00:00:00 2001
From: dilanbhalla <35575727+dilanbhalla@users.noreply.github.com>
Date: Wed, 20 Nov 2024 12:17:06 -0800
Subject: [PATCH 6/6] Update powershell-pr-check.yml

---
 .github/workflows/powershell-pr-check.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/workflows/powershell-pr-check.yml b/.github/workflows/powershell-pr-check.yml
index 7783401973af..87be4ece4971 100644
--- a/.github/workflows/powershell-pr-check.yml
+++ b/.github/workflows/powershell-pr-check.yml
@@ -1,9 +1,6 @@
 name: PowerShell PR Check
 
 on:
-  push:
-    branches:
-      - dilan/powershell-pr-check
   pull_request:
     branches:
       - main