Merge pull request #683 from PowerShell/kapilmb/FixPSCredentialTypeRule

Fix UsePSCredentialType rule

Author: Kapil Borle

Engine/Commands/InvokeScriptAnalyzerCommand.cs

@@ -26,6 +26,7 @@
 using System.Collections.Concurrent;
 using System.Threading;
 using System.Management.Automation.Runspaces;
+using System.Collections;
 
 namespace Microsoft.Windows.PowerShell.ScriptAnalyzer.Commands
 {
@@ -220,6 +221,12 @@ protected override void BeginProcessing()
                 this);
             Helper.Instance.Initialize();
 
+            var psVersionTable = this.SessionState.PSVariable.GetValue("PSVersionTable") as Hashtable;
+            if (psVersionTable != null)
+            {
+                Helper.Instance.SetPSVersionTable(psVersionTable);
+            }
+
             string[] rulePaths = Helper.ProcessCustomRulePaths(customRulePath,
                 this.SessionState, recurseCustomRulePath);
             if (IsFileParameterSet())

Engine/Helper.cs

@@ -20,6 +20,7 @@
 using System.Globalization;
 using Microsoft.Windows.PowerShell.ScriptAnalyzer.Generic;
 using System.Management.Automation.Runspaces;
+using System.Collections;
 
 namespace Microsoft.Windows.PowerShell.ScriptAnalyzer
 {
@@ -36,6 +37,7 @@ public class Helper
         private Object getCommandLock = new object();
         private readonly static Version minSupportedPSVersion = new Version(3, 0);
         private Dictionary<string, Dictionary<string, object>> ruleArguments;
+        private PSVersionTable psVersionTable;
 
         #endregion
 
@@ -1860,6 +1862,26 @@ public static bool IsModuleManifest(string filepath, Version powershellVersion =
             // check if the keys given in module manifest are a proper subset of Keys
             return map.Keys.All(x => allKeys.Concat(deprecatedKeys).Contains(x, StringComparer.OrdinalIgnoreCase));
         }
+
+        public void SetPSVersionTable(Hashtable psVersionTable)
+        {
+            if (psVersionTable == null)
+            {
+                throw new ArgumentNullException("psVersionTable");
+            }
+
+            this.psVersionTable = new PSVersionTable(psVersionTable);
+        }
+
+#if CORECLR
+        public SemanticVersion GetPSVersion()
+#else
+        public Version GetPSVersion()
+#endif
+        {
+            return psVersionTable == null ? null : psVersionTable.PSVersion;
+        }
+
 #endregion Methods
     }
 
@@ -3802,6 +3824,49 @@ private int GetIndex(T vertex)
             int idx;
             return vertexIndexMap.TryGetValue(vertex, out idx) ? idx : -1;
         }
+    }
+
+    internal class PSVersionTable
+    {
+        private readonly string psVersionKey = "PSVersion";
+        private readonly string psEditionKey = "PSEdition";
+#if CORECLR
+        public SemanticVersion PSVersion { get; private set; }
+#else
+        public Version PSVersion { get; private set; }
+#endif
+        public string PSEdition { get; private set; }
 
+        public PSVersionTable(Hashtable psVersionTable)
+        {
+            if (psVersionTable == null)
+            {
+                throw new ArgumentNullException("psVersionTable");
+            }
+
+            if (!psVersionTable.ContainsKey(psVersionKey))
+            {
+                throw new ArgumentException("Input PSVersionTable does not contain PSVersion key"); // TODO localize
+            }
+
+#if CORECLR
+            PSVersion = psVersionTable[psVersionKey] as SemanticVersion;
+#else
+            PSVersion = psVersionTable[psVersionKey] as Version;
+#endif
+            if (PSVersion == null)
+            {
+                throw new ArgumentException("Input PSVersionTable has invalid PSVersion value type"); // TODO localize
+            }
+
+            if (psVersionTable.ContainsKey(psEditionKey))
+            {
+                PSEdition = psVersionTable[psEditionKey] as string;
+                if (PSEdition == null)
+                {
+                    throw new ArgumentException("Input PSVersionTable has invalid PSEdition value type"); // TODO localize
+                }
+            }
+        }
     }
 }

Rules/UsePSCredentialType.cs

@@ -44,43 +44,51 @@ public IEnumerable<DiagnosticRecord> AnalyzeScript(Ast ast, string fileName)
             if (ast == null) throw new ArgumentNullException(Strings.NullAstErrorMessage);
 
             var sbAst = ast as ScriptBlockAst;
+
+            var requiresTransformationAttribute = false;
+            var psVersion = Helper.Instance.GetPSVersion();
+            if (psVersion != null && psVersion.Major < 5)
+            {
+                requiresTransformationAttribute = true;
+            }
+
+            // do not run the rule if the script requires PS version 5
+            // but PSSA in invoked through PS version < 5
             if (sbAst != null
-                    && sbAst.ScriptRequirements != null
-                    && sbAst.ScriptRequirements.RequiredPSVersion != null
-                    && sbAst.ScriptRequirements.RequiredPSVersion.Major == 5)
+                && sbAst.ScriptRequirements != null
+                && sbAst.ScriptRequirements.RequiredPSVersion != null
+                && sbAst.ScriptRequirements.RequiredPSVersion.Major == 5
+                && requiresTransformationAttribute)
             {
-                    yield break;
+                        yield break;
             }
 
             IEnumerable<Ast> funcDefAsts = ast.FindAll(testAst => testAst is FunctionDefinitionAst, true);
             IEnumerable<Ast> scriptBlockAsts = ast.FindAll(testAst => testAst is ScriptBlockAst, true);
 
-            string funcName;
+            List<DiagnosticRecord> diagnosticRecords = new List<DiagnosticRecord>();
 
             foreach (FunctionDefinitionAst funcDefAst in funcDefAsts)
             {
-                funcName = funcDefAst.Name;
-
+                IEnumerable<ParameterAst> parameterAsts = null;
                 if (funcDefAst.Parameters != null)
                 {
-                    foreach (ParameterAst parameter in funcDefAst.Parameters)
-                    {
-                        if (WrongCredentialUsage(parameter))
-                        {
-                            yield return new DiagnosticRecord(string.Format(CultureInfo.CurrentCulture, Strings.UsePSCredentialTypeError, funcName), funcDefAst.Extent, GetName(), DiagnosticSeverity.Warning, fileName);
-                        }
-                    }
+                    parameterAsts = funcDefAst.Parameters;
                 }
 
-                if (funcDefAst.Body.ParamBlock != null)
+                if (funcDefAst.Body.ParamBlock != null
+                    && funcDefAst.Body.ParamBlock.Parameters != null)
                 {
-                    foreach (ParameterAst parameter in funcDefAst.Body.ParamBlock.Parameters)
-                    {
-                        if (WrongCredentialUsage(parameter))
-                        {
-                            yield return new DiagnosticRecord(string.Format(CultureInfo.CurrentCulture, Strings.UsePSCredentialTypeError, funcName), funcDefAst.Extent, GetName(), DiagnosticSeverity.Warning, fileName);
-                        }
-                    }
+                    parameterAsts = funcDefAst.Body.ParamBlock.Parameters;
+                }
+
+                if (parameterAsts != null)
+                {
+                    diagnosticRecords.AddRange(GetViolations(
+                        parameterAsts,
+                        string.Format(CultureInfo.CurrentCulture, Strings.UsePSCredentialTypeError, funcDefAst.Name),
+                        fileName,
+                        requiresTransformationAttribute));
                 }
             }
 
@@ -94,28 +102,68 @@ public IEnumerable<DiagnosticRecord> AnalyzeScript(Ast ast, string fileName)
 
                 if (scriptBlockAst.ParamBlock != null && scriptBlockAst.ParamBlock.Parameters != null)
                 {
-                    foreach (ParameterAst parameter in scriptBlockAst.ParamBlock.Parameters)
+                    diagnosticRecords.AddRange(GetViolations(
+                        scriptBlockAst.ParamBlock.Parameters,
+                        string.Format(CultureInfo.CurrentCulture, Strings.UsePSCredentialTypeErrorSB),
+                        fileName,
+                        requiresTransformationAttribute));
+                }
+            }
+
+            foreach (var dr in diagnosticRecords)
+            {
+                yield return dr;
+            }
+        }
+
+        private IEnumerable<DiagnosticRecord> GetViolations(
+            IEnumerable<ParameterAst> parameterAsts,
+            string errorMessage,
+            string fileName,
+            bool requiresTransformationAttribute)
+        {
+                foreach (ParameterAst parameter in parameterAsts)
+                {
+                    if (WrongCredentialUsage(parameter, requiresTransformationAttribute))
                     {
-                        if (WrongCredentialUsage(parameter))
-                        {
-                            yield return new DiagnosticRecord(string.Format(CultureInfo.CurrentCulture, Strings.UsePSCredentialTypeErrorSB), scriptBlockAst.Extent, GetName(), DiagnosticSeverity.Warning, fileName);
-                        }
+                        yield return new DiagnosticRecord(
+                            errorMessage,
+                            parameter.Extent,
+                            GetName(),
+                            DiagnosticSeverity.Warning,
+                            fileName);
                     }
                 }
-            }
         }
 
-        private bool WrongCredentialUsage(ParameterAst parameter)
+        private bool WrongCredentialUsage(ParameterAst parameter, bool requiresTransformationAttribute)
         {
             if (parameter.Name.VariablePath.UserPath.Equals("Credential", StringComparison.OrdinalIgnoreCase))
             {
                 var psCredentialType = parameter.Attributes.FirstOrDefault(paramAttribute => (paramAttribute.TypeName.IsArray && (paramAttribute.TypeName as ArrayTypeName).ElementType.GetReflectionType() == typeof(PSCredential))
                     || paramAttribute.TypeName.GetReflectionType() == typeof(PSCredential));
 
-                var credentialAttribute = parameter.Attributes.FirstOrDefault(paramAttribute => paramAttribute.TypeName.GetReflectionType() == typeof(CredentialAttribute));
+                if (psCredentialType == null)
+                {
+                    return true;
+                }
+
+                if (!requiresTransformationAttribute && psCredentialType != null)
+                {
+                    return false;
+                }
+
+                var credentialAttribute = parameter.Attributes.FirstOrDefault(
+                    paramAttribute =>
+                        paramAttribute.TypeName.GetReflectionType() == typeof(CredentialAttribute)
+                        || paramAttribute.TypeName.FullName.Equals(
+                            "System.Management.Automation.Credential",
+                            StringComparison.OrdinalIgnoreCase));
 
                 // check that both exists and pscredentialtype comes before credential attribute
-                if (psCredentialType != null && credentialAttribute != null && psCredentialType.Extent.EndOffset <= credentialAttribute.Extent.StartOffset)
+                if (psCredentialType != null
+                        && credentialAttribute != null
+                        && psCredentialType.Extent.EndOffset <= credentialAttribute.Extent.StartOffset)
                 {
                     return false;
                 }

Tests/Engine/GetScriptAnalyzerRule.tests.ps1

@@ -62,7 +62,7 @@ Describe "Test Name parameters" {
         It "get Rules with no parameters supplied" {
 			$defaultRules = Get-ScriptAnalyzerRule
             $expectedNumRules = 45
-            if ((Test-PSEditionCoreClr) -or (Test-PSVersionV3))
+            if ((Test-PSEditionCoreClr) -or (Test-PSVersionV3) -or (Test-PSVersionV4))
             {
                 # for PSv3 PSAvoidGlobalAliases is not shipped because
                 # it uses StaticParameterBinder.BindCommand which is

Tests/PSScriptAnalyzerTestHelper.psm1

@@ -43,6 +43,11 @@ Function Test-PSVersionV3
 	$PSVersionTable.PSVersion.Major -eq 3
 }
 
+Function Test-PSVersionV4
+{
+	$PSVersionTable.PSVersion.Major -eq 4
+}
+
 Function Get-Count
 {
 	Begin {$count = 0}
@@ -55,4 +60,5 @@ Export-ModuleMember -Function Test-CorrectionExtent
 Export-ModuleMember -Function Test-PSEditionCoreCLR
 Export-ModuleMember -Function Test-PSEditionCoreCLRLinux
 Export-ModuleMember -Function Test-PSVersionV3
+Export-ModuleMember -Function Test-PSVersionV4
 Export-ModuleMember -Function Get-Count

Tests/Rules/AvoidGlobalAliases.tests.ps1

@@ -1,32 +1,27 @@
 $directory = Split-Path -Parent $MyInvocation.MyCommand.Path
 $testRootDirectory = Split-Path -Parent $directory
 Import-Module (Join-Path $testRootDirectory 'PSScriptAnalyzerTestHelper.psm1')
-if ((Test-PSVersionV3))
-{
-    return
-}
-
 Import-Module PSScriptAnalyzer
 
 $AvoidGlobalAliasesError = "Avoid creating aliases with a Global scope."
 $violationName = "PSAvoidGlobalAliases"
 $violations = Invoke-ScriptAnalyzer $directory\AvoidGlobalAliases.psm1 | Where-Object {$_.RuleName -eq $violationName}
 $noViolations = Invoke-ScriptAnalyzer $directory\AvoidGlobalAliasesNoViolations.ps1 | Where-Object {$_.RuleName -eq $violationName}
-
+$IsV3OrV4 = (Test-PSVersionV3) -or (Test-PSVersionV4)
 
 Describe "$violationName " {
     Context "When there are violations" {
-        It "Has 4 avoid global alias violations" {
+        It "Has 4 avoid global alias violations" -Skip:$IsV3OrV4 {
             $violations.Count | Should Be 4
         }
 
-        It "Has the correct description message" {
+        It "Has the correct description message" -Skip:$IsV3OrV4 {
             $violations[0].Message | Should Match $AvoidGlobalAliasesError
         }
     }
 
     Context "When there are no violations" {
-        It "Returns no violations" {
+        It "Returns no violations" -Skip:$IsV3OrV4 {
             $noViolations.Count | Should Be 0
         }
     }

Tests/Rules/PSCredentialType.tests.ps1

@@ -1,14 +1,21 @@
-Import-Module PSScriptAnalyzer
+$directory = Split-Path -Parent $MyInvocation.MyCommand.Path
+$testRootDirectory = Split-Path -Parent $directory
+Import-Module (Join-Path $testRootDirectory 'PSScriptAnalyzerTestHelper.psm1')
+Import-Module PSScriptAnalyzer
+
 $violationMessage = "The Credential parameter in 'Credential' must be of type PSCredential. For PowerShell 4.0 and earlier, please define a credential transformation attribute, e.g. [System.Management.Automation.Credential()], after the PSCredential type attribute."
 $violationName = "PSUsePSCredentialType"
-$directory = Split-Path -Parent $MyInvocation.MyCommand.Path
 $violations = Invoke-ScriptAnalyzer $directory\PSCredentialType.ps1 | Where-Object {$_.RuleName -eq $violationName}
 $noViolations = Invoke-ScriptAnalyzer $directory\PSCredentialTypeNoViolations.ps1 | Where-Object {$_.RuleName -eq $violationName}
 
 Describe "PSCredentialType" {
     Context "When there are violations" {
-        It "has 2 PSCredential type violation" {
-            $violations.Count | Should Be 2
+        $expectedViolations = 1
+        if ((Test-PSVersionV3) -or (Test-PSVersionV4)) {
+            $expectedViolations = 2
+        }
+        It ("has {0} PSCredential type violation" -f $expectedViolations) {
+            $violations.Count | Should Be $expectedViolations
         }
 
         It "has the correct description message" {
@@ -31,14 +38,9 @@ function Get-Credential
 
     }
 
-    $expectedViolationCount = 0
-    if ($PSVersionTable.PSVersion -lt [Version]'5.0.0')
-    {
-        $expectedViolationCount = 1
-    }
-    Context ("When there are {0} violations" -f $expectedViolationCount) {
-        It ("returns {0} violations" -f $expectedViolationCount) {
-            $noViolations.Count | Should Be $expectedViolationCount
+    Context ("When there are no violations") {
+        It "returns no violations" {
+            $noViolations.Count | Should Be 0
         }
     }
 }