From 34f6e267a4a779616f0f441ee034dbf4747c482b Mon Sep 17 00:00:00 2001
From: Anam Navied <anam.naviyou@gmail.com>
Date: Mon, 2 Feb 2026 19:45:16 -0500
Subject: [PATCH] Add CodeQL suppressions for NativeCommandProcessor (#26729)

---
 .../engine/NativeCommandProcessor.cs                         | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/System.Management.Automation/engine/NativeCommandProcessor.cs b/src/System.Management.Automation/engine/NativeCommandProcessor.cs
index 75e3b468814..145fe968fda 100644
--- a/src/System.Management.Automation/engine/NativeCommandProcessor.cs
+++ b/src/System.Management.Automation/engine/NativeCommandProcessor.cs
@@ -831,6 +831,7 @@ private void InitNativeProcess()
                             bool useSpecialArgumentPassing = UseSpecialArgumentPassing(oldFileName);
                             if (useSpecialArgumentPassing)
                             {
+                                // codeql[cs/microsoft/command-line-injection] - This is expected PowerShell behavior where user inputted paths are supported for the context of this method and the path portion of the argument is escaped. The user assumes trust for the file path specified on the user's system to start process for, and in the case of remoting, restricted remoting security guidelines should be used.
                                 startInfo.Arguments = "\"" + oldFileName + "\" " + startInfo.Arguments;
                             }
                             else
@@ -855,7 +856,7 @@ private void InitNativeProcess()
                                     startInfo.ArgumentList.RemoveAt(0);
                                 }
 
-                                // codeql[cs/microsoft/command-line-injection-shell-execution] - This is expected Poweshell behavior where user inputted paths are supported for the context of this method. The user assumes trust for the file path specified on the user's system to retrieve process info for, and in the case of remoting, restricted remoting security guidelines should be used.
+                                // codeql[cs/microsoft/command-line-injection-shell-execution] - This is expected PowerShell behavior where user inputted paths are supported for the context of this method. The user assumes trust for the file path specified on the user's system to retrieve process info for, and in the case of remoting, restricted remoting security guidelines should be used.
                                 startInfo.FileName = oldFileName;
                             }
                         }
@@ -1607,7 +1608,7 @@ private ProcessStartInfo GetProcessStartInfo(
         {
             var startInfo = new ProcessStartInfo
             {
-                // codeql[cs/microsoft/command-line-injection-shell-execution] - This is expected Poweshell behavior where user inputted paths are supported for the context of this method. The user assumes trust for the file path specified on the user's system to retrieve process info for, and in the case of remoting, restricted remoting security guidelines should be used.
+                // codeql[cs/microsoft/command-line-injection-shell-execution] - This is expected PowerShell behavior where user inputted paths are supported for the context of this method. The user assumes trust for the file path specified on the user's system to retrieve process info for, and in the case of remoting, restricted remoting security guidelines should be used.
                 FileName = this.Path
             };