Fix a bug where avoidusernameandpasswordparam is too noisy

Quoc Truong · Quoc Truong · commit 776f40d5877f · 2016-02-08T13:12:37.000-08:00
diff --git a/Rules/AvoidUserNameAndPasswordParams.cs b/Rules/AvoidUserNameAndPasswordParams.cs
@@ -61,16 +61,21 @@ public IEnumerable<DiagnosticRecord> AnalyzeScript(Ast ast, string fileName)
 
                     String paramName = paramAst.Name.VariablePath.ToString();
 
-                    // if this is pscredential type with credential attribute where pscredential type comes first
-                    if (psCredentialType != null && credentialAttribute != null && psCredentialType.Extent.EndOffset < credentialAttribute.Extent.StartOffset)
-                    {
-                        continue;
-                    }
-
+                    // check that the type is securestring
+                    var secureStringType = paramAst.Attributes.FirstOrDefault(paramAttribute =>
+                        (paramAttribute.TypeName.IsArray && (paramAttribute.TypeName as ArrayTypeName).ElementType.GetReflectionType() == typeof (System.Security.SecureString))
+                        || paramAttribute.TypeName.GetReflectionType() == typeof(System.Security.SecureString));
+                    
                     foreach (String password in passwords)
                     {
                         if (paramName.IndexOf(password, StringComparison.OrdinalIgnoreCase) != -1)
                         {
+                            // if this is a secure string, pscredential or credential attribute, don't count
+                            if (secureStringType != null || credentialAttribute != null || psCredentialType != null)
+                            {
+                                continue;
+                            }
+
                             hasPwd = true;
                             break;
                         }
diff --git a/Tests/Rules/AvoidUserNameAndPasswordParams.tests.ps1 b/Tests/Rules/AvoidUserNameAndPasswordParams.tests.ps1
@@ -1,15 +1,15 @@
 ﻿Import-Module PSScriptAnalyzer
 
-$violationMessage = "Function 'Verb-Noun' has both username and password parameters. A credential parameter of type PSCredential with a CredentialAttribute where PSCredential comes before CredentialAttribute should be used."
+$violationMessage = "Function 'TestFunction' has both username and password parameters. A credential parameter of type PSCredential with a CredentialAttribute where PSCredential comes before CredentialAttribute should be used."
 $violationName = "PSAvoidUsingUserNameAndPasswordParams"
 $directory = Split-Path -Parent $MyInvocation.MyCommand.Path
 $violations = Invoke-ScriptAnalyzer $directory\AvoidUserNameAndPasswordParams.ps1 | Where-Object {$_.RuleName -eq $violationName}
 $noViolations = Invoke-ScriptAnalyzer $directory\AvoidUserNameAndPasswordParamsNoViolations.ps1 | Where-Object {$_.RuleName -eq $violationName}
 
 Describe "AvoidUserNameAndPasswordParams" {
     Context "When there are violations" {
-        It "has 3 avoid username and password parameter violations" {
-            $violations.Count | Should Be 3
+        It "has 1 avoid username and password parameter violations" {
+            $violations.Count | Should Be 1
         }
 
         It "has the correct violation message" {
