PSScriptAnalyzer (PSSA) 1.21.0 has been released
Overview
We are happy to announce the release of PSScriptAnalyzer 1.21. This minor version update includes:
- Three new rules
- Enhances one rule
- Pipeline support to
Invoke-Formatter
- Four bug fixes
- Improved message details in
PSUseCorrectCasing
- Lots of documentation updates
- Updated system requirements
A big portion of changes are in less visible areas such as the maintenance of dependencies and CI.
System requirements
Starting with this version the minimum requirements are changing as follows:
- For PowerShell ‘Core’ users (
$PSVersionTable.PSEdition -eq 'Core'
):The minimum required PowerShell version increases from
7.0.3
to7.0.11
. With PowerShell 7.0reached end of life this December, the next version of PSScriptAnalyzer will require7.2
.Use
$PSVersionTable.PSVersion
to see which version of PowerShell you are using. For moreinformation about supported versions of PowerShell, see thePowerShell support lifecycle. - For Windows PowerShell users (version 3 to 5.1 or (
$PSVersionTable.PSEdition -ne 'Core')
)The minimum required version of the .NET Framework runtime increased from
4.5.2
to4.6.2
.Versions4.5.2.
,4.6
and4.6.1
have reached end of support this year. This change should notimpact the majority of users on supported and patched OS versions.For more details about .NET support, see.NET Framework blog post.
For more information, see the full changelog.
New Rules
AvoidMultipleTypeAttributes
This rule is to call out the usage of multiple type attributes in a function that the parser acceptsas valid syntax but can later cause unexpected behavior or an error at runtime.
For example, the following function
function foo { [switch][string] $Param1 }
will throw the following error when the function is invoked:
Cannot convert the “” value of type “System.String” to type “System.Management.Automation.SwitchParameter”
Thanks to GitHub user hankyi95 for contributing this rule.
AvoidSemicolonsAsLineTerminators
The rule detects the usage of a trailing semicolon at the end of a line, which is not required inmost PowerShell scripts and can be omitted. This rule is not enabled by default and can be used byInvoke-Formatter
.
The latest Preview version of the PowerShell extension for Visual Studio Code already includesPSScriptAnalyzer 1.21.0 and can control this formatting rule via a newpowershell.codeFormatting.avoidSemicolonsAsLineTerminators
setting. This should soon be availablein the non-preview version of the extension as well.
Thanks to Aliaksei (GitHub user tempora-mutantur) for contributing this rule.
AvoidUsingBrokenHashAlgorithms
This rule inspects the Get-FileHash cmdlet for usage of either MD5
or SHA-1
as the valueto the -Algorithm parameter since those algorithms are no longer considered secure. Usersshould consider replacing the value with SHA256
, SHA384
, SHA512
, or other safer algorithmswhere possible. It is understood there will be legacy or backwards compatibility cases where thiscannot be done. PSScriptAnalyzer has a suppression feature that can be used to document thereason for it in your code.
Thanks to Michael Van Leeuwen (GitHub user MJVL) for contributing this rule.
Enhancements
Invoke-Formatter
now accepts input via the pipeline, either just as a string or[pscustomobject]
with parameter values.
The AvoidUsingPlainTextForPassword rule is the first built-in rule to now return more than onesuggestion for correction. In addition to suggesting the usage of SecureString, it now offersan alternative suggestion with PSCredential.
With version 2.40.0 of the az
CLI, its entrypoint changed from a batch script to an az.ps1
script. Since this script just passed its received arguments as $args
as-is to python, it is stilla CLI and not a script with parameters. But it causes now a AvoidUsingPositionalParameterswarning, which is a false positive. We therefore added a CommandAllowList
configuration to it,which has az
in it by default.
Documentation changes
In order to keep documentation all consolidated in one location, we have moved the documentation inthe repo to the repo of docs.microsoft.com. Please see the documentation notice in therepo in order to get more specific details.
Outlook
Expect more formatting rules and options in the next release and continue giving us feedback. We arelooking to increase our release frequency now that the Microsoft internal build has moved to a newsystem, which is what caused some delay to this release. To reduce maintenance, we are looking todrop support for PowerShell version 3 and 4 in future versions of PSScriptAnalyzer, which would alsoalign it with the PowerShell extension for Visual Studio Code where this change was successful. Thefirst step could be to increase the value of the PowerShellVersion
property in the module manifestbut still ship the version specific binaries so that it would still work if one changed its value inthe manifest.
On behalf of the Script Analyzer team,
Christoph Bergmeister, Project Maintainer from the community, Avanade
Jim Truher, Senior Software Engineer, PowerShell Team, Microsoft
3 comments
Hello, Jim Truher, inventor of PowerShell!
The language you’ve invented hates square brackets. Simple commands like
cd '[1]'
don’t work in it. And if report anything to GitHub, I get an incomprehensible answer containing the name of some Unix shell, before getting closed.Square brackets are wildcard patterns in PowerShell. See about_Wildcards –
https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_wildcards.
You must either escape the brackets or use the –LiteralPath parameter.
cd ‘.\`[1`]’
# or
cd -l .\[1]
Mr. Wheeler, GitHub has already given me such simple-minded answers. I’ve responded with complications arising from input coming from pipeline, complications of
cd -
andcd +
commands, etc.Try this:
cd ‘.\`[1`]’; cd -; cd +
I often end up deconstructing simple
Get-ChildItem | Where-Object
chains into complexGet-ChildItem | ForEach-Object
chains to account for square brackets. Long story short, there is a big difference between “feature” and “nuisance.”I think the PowerShell team will not understand my exasperation unless they all spend a month judiciously using files and folders that have square brackets in their names. Navigate them, list them, filter them, select them, and copy their properties…