Rule Request: `AvoidPlaintextParameterPasswords`

[iRon7]

Similar to the rule AvoidUsingPlainTextForPassword, passing plaintext passwords to external/binary cmdlets should be avoided.

This includes cmdlets as e.g.:

PS C:\> Get-Command -ParameterName Password

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Function        Register-ScheduledTask                             1.0.0.0    ScheduledTasks
Function        Set-ScheduledTask                                  1.0.0.0    ScheduledTasks

But could potentially any imported (binary) cmdlet with a bound parameter named Password and of type String
Knowing that the AvoidUsingPlainTextForPassword rule might not capture the security risk when using a different variable name(e.g. -Password $Wachtwoord) or a password that is statically provided:

Invoke-ScriptAnalyzer -ScriptDefinition {
Set-ScheduledTask -TaskName 'SoftwareScan' -Trigger $Time -User 'User' -Password 'P@ssw0rd'
}.ToString()

Related:

• Rule request: AvoidSecureStringDisclosure Rule request: AvoidSecureStringDisclosure #1997
• PowerShell issue: No Category for Windows PowerShell 5.1 Feedback (Feedback Hub) PowerShell#26366 and Set-ScheduledTask shouldn't accept a plain text Password PowerShell#16502
• Document issue: Plaintext Password parameter warning for cmdlets along with Set-ScheduledTask MicrosoftDocs/windows-powershell-docs#4051