PSScriptAnalyzer

The evaluation of elements in the abstract syntax tree is the method used by the PSScriptAnalyzer tool. The tool can be installed using:

Install-Module PSScriptAnalyzer

PSScriptAnalyzer can be used to inspect a script with the command Invoke-ScriptAnalzyer. For example, the tool will flag warnings and errors about use of the Password parameter and variable, as it is not considered to be a good practice:

[CmdletBinding()] 
param ( 
    [Parameter(Mandatory = $true)] 
    [String]$Password 
) 
 
$Credential = New-Object PSCredential( 
    '.user',  
    $Password | ConvertTo-SecureString -AsPlainText -Force 
) 
$Credential.GetNetworkCredential().Password

The results of running PSScriptAnalyzer are shown as follows:

PS> Invoke-ScriptAnalyzer $psISE.CurrentFile.FullPath | Format-List
RuleName : PSAvoidUsingConvertToSecureStringWithPlainText
Severity : Error
Line     : 8
Column   : 17
Message  : File 'password.ps1' uses ConvertTo-SecureString with plaintext. This will expose secure information. Encrypted standard strings should be used instead.
RuleName : PSAvoidUsingPlainTextForPassword
Severity : Warning
Line     : 3
Column   : 5
Message  : Parameter '$Password' should use SecureString, otherwise this will expose sensitive information. 
See ConvertTo-SecureString for more information.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.129.70.185