Fix AvoidUsingPlainTextForPassword correction extent

Kapil Borle · Kapil Borle · commit 13c5c3fbe95d · 2016-04-22T21:47:42.000-07:00
Handles the following cases
* [string] [Parameter(ValueFromPipeline)] $Password
* [Parameter(ValueFromPipeline)] $Password
* [Parameter(ValueFromPipeline)] [string[]] $Password
* [string] &lt;#whatever#&gt; $Password
diff --git a/Rules/AvoidUsingPlainTextForPassword.cs b/Rules/AvoidUsingPlainTextForPassword.cs
@@ -17,6 +17,7 @@
 using System.ComponentModel.Composition;
 using System.Globalization;
 using System.Reflection;
+using System.Text;
 
 namespace Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules
 {
@@ -71,21 +72,53 @@ public IEnumerable<DiagnosticRecord> AnalyzeScript(Ast ast, string fileName)
 
         private List<CorrectionExtent> GetCorrectionExtent(ParameterAst paramAst)
         {
-            IScriptExtent ext = paramAst.Extent;
-            var corrections = new List<CorrectionExtent>();            
-            string correctionText = string.Format("[SecureString] {0}", paramAst.Name.Extent.Text);
-            string description = string.Format("Set {0} type to SecureString", paramAst.Name.Extent.Text);
+            //Find the parameter type extent and replace that with secure string
+            IScriptExtent extent;
+            var typeAttributeAst = GetTypeAttributeAst(paramAst);
+            var corrections = new List<CorrectionExtent>();
+            string correctionText;
+            if (typeAttributeAst == null)
+            {
+                // cannot find any type attribute
+                extent = paramAst.Name.Extent;
+                correctionText = string.Format("[SecureString] {0}", paramAst.Name.Extent.Text);
+            }
+            else
+            {
+                // replace only the existing type with [SecureString]
+                extent = typeAttributeAst.Extent;
+                correctionText = typeAttributeAst.TypeName.IsArray ? "[SecureString[]]" : "[SecureString]";
+            }
+            string description = string.Format(
+                CultureInfo.CurrentCulture,
+                Strings.AvoidUsingPlainTextForPasswordCorrectionDescription,
+                paramAst.Name.Extent.Text);
             corrections.Add(new CorrectionExtent(
-                ext.StartLineNumber,
-                ext.EndLineNumber,
-                ext.StartColumnNumber,
-                ext.EndColumnNumber,
-                correctionText,
-                ext.File,
+                extent.StartLineNumber,
+                extent.EndLineNumber,
+                extent.StartColumnNumber,
+                extent.EndColumnNumber,
+                correctionText.ToString(),
+                paramAst.Extent.File,
                 description));
             return corrections;
         }
 
+        private TypeConstraintAst GetTypeAttributeAst(ParameterAst paramAst)
+        {
+            if (paramAst.Attributes != null)
+            {
+                foreach(var attr in paramAst.Attributes)
+                {
+                    if (attr.GetType() == typeof(TypeConstraintAst))
+                    {
+                        return attr as TypeConstraintAst;
+                    }
+                }
+            }
+            return null;
+        }
+
         /// <summary>
         /// GetName: Retrieves the name of this rule.
         /// </summary>
diff --git a/Tests/Rules/AvoidUsingPlainTextForPassword.ps1 b/Tests/Rules/AvoidUsingPlainTextForPassword.ps1
@@ -38,4 +38,25 @@
 }
 
 function TestFunction($password, [System.Security.SecureString[]]$passphrases, [string]$passThru){
-}
+}
+
+function TestFunction2
+{
+	 Param(
+		[string] <#some dumb comment#> $password
+	 )
+}
+
+function TestFunction3
+{
+	Param(
+		[string[]] $password
+	)
+}
+
+function TestFunction4
+{
+	Param(
+		[string] [Parameter(ValueFromPipeline)] $Password
+	)
+}
diff --git a/Tests/Rules/AvoidUsingPlainTextForPassword.tests.ps1 b/Tests/Rules/AvoidUsingPlainTextForPassword.tests.ps1
@@ -9,8 +9,9 @@ Import-Module (Join-Path $directory "PSScriptAnalyzerTestHelper.psm1")
 
 Describe "AvoidUsingPlainTextForPassword" {
     Context "When there are violations" {
-        It "has 3 avoid using plain text for password violations" {
-            $violations.Count | Should Be 4
+    $expectedNumViolations = 7
+        It "has $expectedNumViolations violations" {
+            $violations.Count | Should Be $expectedNumViolations
         }
 
 	It "suggests corrections" {
@@ -20,6 +21,9 @@ Describe "AvoidUsingPlainTextForPassword" {
 	    Test-CorrectionExtent $violationFilepath $violations[1] 1 '$passwordparam' '[SecureString] $passwordparam'
 	    Test-CorrectionExtent $violationFilepath $violations[2] 1 '$credential' '[SecureString] $credential'
 	    Test-CorrectionExtent $violationFilepath $violations[3] 1 '$password' '[SecureString] $password'
+	    Test-CorrectionExtent $violationFilepath $violations[4] 1 '[string]' '[SecureString]'
+	    Test-CorrectionExtent $violationFilepath $violations[5] 1 '[string[]]' '[SecureString[]]'
+	    Test-CorrectionExtent $violationFilepath $violations[6] 1 '[string]' '[SecureString]'
 	}
 
         It "has the correct violation message" {
