Skip to content

Commit ace23a9

Browse files
author
Quoc Truong
committed
Merge pull request #442 from PowerShell/FixAvoidUserNameAndPasswordParam
Fix a bug where avoidusernameandpasswordparam is too noisy
2 parents 5dfe070 + 39441ba commit ace23a9

File tree

2 files changed

+16
-9
lines changed

2 files changed

+16
-9
lines changed

Rules/AvoidUserNameAndPasswordParams.cs

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -53,24 +53,31 @@ public IEnumerable<DiagnosticRecord> AnalyzeScript(Ast ast, string fileName)
5353
// Iterates all ParamAsts and check if their names are on the list.
5454
foreach (ParameterAst paramAst in paramAsts)
5555
{
56+
// this will be null if there is no [pscredential] attached to the parameter
5657
var psCredentialType = paramAst.Attributes.FirstOrDefault(paramAttribute =>
5758
(paramAttribute.TypeName.IsArray && (paramAttribute.TypeName as ArrayTypeName).ElementType.GetReflectionType() == typeof(PSCredential))
5859
|| paramAttribute.TypeName.GetReflectionType() == typeof(PSCredential));
5960

61+
// this will be null if there are no [credential()] attribute attached
6062
var credentialAttribute = paramAst.Attributes.FirstOrDefault(paramAttribute => paramAttribute.TypeName.GetReflectionType() == typeof(CredentialAttribute));
6163

62-
String paramName = paramAst.Name.VariablePath.ToString();
64+
// this will be null if there are no [securestring] attached to the parameter
65+
var secureStringType = paramAst.Attributes.FirstOrDefault(paramAttribute =>
66+
(paramAttribute.TypeName.IsArray && (paramAttribute.TypeName as ArrayTypeName).ElementType.GetReflectionType() == typeof (System.Security.SecureString))
67+
|| paramAttribute.TypeName.GetReflectionType() == typeof(System.Security.SecureString));
6368

64-
// if this is pscredential type with credential attribute where pscredential type comes first
65-
if (psCredentialType != null && credentialAttribute != null && psCredentialType.Extent.EndOffset < credentialAttribute.Extent.StartOffset)
66-
{
67-
continue;
68-
}
69+
String paramName = paramAst.Name.VariablePath.ToString();
6970

7071
foreach (String password in passwords)
7172
{
7273
if (paramName.IndexOf(password, StringComparison.OrdinalIgnoreCase) != -1)
7374
{
75+
// if this is a secure string, pscredential or credential attribute, don't count
76+
if (secureStringType != null || credentialAttribute != null || psCredentialType != null)
77+
{
78+
continue;
79+
}
80+
7481
hasPwd = true;
7582
break;
7683
}

Tests/Rules/AvoidUserNameAndPasswordParams.tests.ps1

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,15 @@
11
Import-Module PSScriptAnalyzer
22

3-
$violationMessage = "Function 'Verb-Noun' has both username and password parameters. A credential parameter of type PSCredential with a CredentialAttribute where PSCredential comes before CredentialAttribute should be used."
3+
$violationMessage = "Function 'TestFunction' has both username and password parameters. A credential parameter of type PSCredential with a CredentialAttribute where PSCredential comes before CredentialAttribute should be used."
44
$violationName = "PSAvoidUsingUserNameAndPasswordParams"
55
$directory = Split-Path -Parent $MyInvocation.MyCommand.Path
66
$violations = Invoke-ScriptAnalyzer $directory\AvoidUserNameAndPasswordParams.ps1 | Where-Object {$_.RuleName -eq $violationName}
77
$noViolations = Invoke-ScriptAnalyzer $directory\AvoidUserNameAndPasswordParamsNoViolations.ps1 | Where-Object {$_.RuleName -eq $violationName}
88

99
Describe "AvoidUserNameAndPasswordParams" {
1010
Context "When there are violations" {
11-
It "has 3 avoid username and password parameter violations" {
12-
$violations.Count | Should Be 3
11+
It "has 1 avoid username and password parameter violations" {
12+
$violations.Count | Should Be 1
1313
}
1414

1515
It "has the correct violation message" {

0 commit comments

Comments
 (0)