With the release of Windows Management Framework 5.0 April Preview, we are excited to announce that PowerShell ScriptAnalyzer development has moved to GitHub for greater collaboration & community involvement.
https://github.com/PowerShell/PSScriptAnalyzer
Also, we have published v1.0 of ScriptAnalyzer to PSGallery.
https://www.powershellgallery.com/packages/PSScriptAnalyzer/
Here are the significant changes in this release:
Features:
- “Recursive” switch to analyze a folderpath in Invoke-ScriptAnalyzer
- Three levels of Severity – Error/Warning/Informational
- Robust Engine that does emits non-terminating errors (Ex: for failed ast parse) and continues rule application when running on multiple scripts
- Add wild card supports for rules in Invoke-ScriptAnalyzer and Get-ScriptAnalyzerRule. Eg. Invoke-ScriptAnalyzer -IncludeRule PSAvoid* will apply all rules starting with PSAvoid* in built in rule assemblies.
- Add -Severity to Get-ScriptAnalyzerRules. Get-ScriptAnalyzer -Severity will filter rules based on the severity given.
- Suppression functionality. Users are now able to specify suppression on certain parts of the scripts by specifying “SupressMessageAttribute”. Also comes with this feature is the ability for users to display a list of suppressed messages.
Rules:
- DSC Rules for resources – Parameter validation, Usage of standard DSC functions, return type validation, support for DSC classes
- Detecting the usage of positional parameters as opposed to using named parameters
- Detect DSC configuration/resource files and disable default rule checkings on DSC configuration and resource files.
- UseShouldProcessForStateChangingFunctions – If an advanced function has Verbs like New/Start/Stop/Restart/Reset/Set- that will change system state, it should support ShouldProcess attribute.
- AvoidUsingWMIObjectCmdlet – For PowerShell 3.0 and above, usage of WMIObject is not recommended. This rule is to detect WMIObject usage in scripts that are written for PS 3.0 and above.
Fixes:
- Better heuristics to detect usage of Username and Password instead of PSCredential type
- Better accuracy in the detection of uninitialized variables
- Better error messages, added error line numbers and file names
- Identifying usage of PSBound parameters and PowerShell supplied variables such as $MyInvocation
- Fixed terminating errors including “Illegal characters in Path”
- Display properties in output are now consistent with the object properties so it would be easy to do property accessing
Thanks,
Raghu Shantha
PowerShell ScriptAnalyzer Team
0 comments