{"id":14145,"date":"2018-06-14T12:55:50","date_gmt":"2018-06-14T20:55:50","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/powershell\/?p=14145"},"modified":"2022-05-23T09:43:41","modified_gmt":"2022-05-23T17:43:41","slug":"powershell-script-analyzer-1-17-1-released","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/powershell\/powershell-script-analyzer-1-17-1-released\/","title":{"rendered":"PowerShell Script Analyzer 1.17.1 Released!"},"content":{"rendered":"<p><strong>Summary<\/strong>: A new version of<span>\u00a0<\/span><a href=\"https:\/\/github.com\/PowerShell\/PSScriptAnalyzer\">PSScriptAnalyzer<\/a><span>\u00a0<\/span>is now available with many new features, rules, fixes and improvements.<\/p>\n<p>You might remember me from my previous<span>\u00a0<\/span><a href=\"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2017\/12\/29\/cross-platform-powershell-remoting-in-action\/\" rel=\"nofollow\">cross-platform remoting blog post<\/a>, but just to introduce myself: I am Christoph Bergmeister, a full stack .Net developer in the London area and since the start of this year I am now also an official PSScriptAnalyzer maintainer although I do not work at Microsoft.\nOn GitHub, you can find me as<span>\u00a0<\/span><a href=\"https:\/\/github.com\/bergmeister\">@bergmeister<\/a>.<\/p>\n<p>After half a year, a new version of PSScriptAnalyzer (also known as PSSA) has been published and is now available on the<span>\u00a0<\/span><a href=\"https:\/\/www.powershellgallery.com\/packages\/PSScriptAnalyzer\/1.17.1\" rel=\"nofollow\">PSGallery<\/a>.\nSome of you might have been wondering what has happened.\nFirst, the former maintainer has switched projects, therefore it took some time for finding and arranging a hand over.\nPSScriptAnalyzer is now mainly being maintained by<span>\u00a0<\/span><a href=\"https:\/\/github.com\/JamesWTruher\">@JamesWTruher<\/a><span>\u00a0<\/span>from the Microsoft side and myself as a community maintainer.\nAfter having already contributed to the PowerShell Core project, I started doing development on PSScriptAnalyzer last autumn and since then have added a lot of new features.<\/p>\n<h2>New Parameters<\/h2>\n<p><strong>Invoke-ScriptAnalyzer<\/strong><span>\u00a0<\/span>now has 3 new switch parameters:<\/p>\n<ul>\n<li>-Fix (only on the -Path parameter set)<\/li>\n<li>-ReportSummary<\/li>\n<li>-EnableExit<\/li>\n<\/ul>\n<p>The<span>\u00a0<\/span><strong>-Fix<\/strong><span>\u00a0<\/span>switch was the first and probably most challenging feature that I added.\nSimilar to how one can already get fixes for a subset of warnings (e.g. for<span>\u00a0<\/span><em>AvoidUsingCmdletAlias<\/em>) in VSCode, this feature allows to auto-fix the analysed files, which can be useful to tidy up a big code base.\nWhen using this switch, one must still inspect the result and possibly make adaptions.\nThe<span>\u00a0<\/span><em>AvoidUsingConvertToSecureStringWithPlainText<\/em><span>\u00a0<\/span>rule for example will change a String to a SecureString, which means that you must create or get it in the first place.\nA small warning should be given about encoding: Due to the way how the engine works, it was not possible to always conserve the encoding, therefore before checking in the changes, it is also recommended to check for a change in that in case scripts are sensitive to that.<\/p>\n<p>The<span>\u00a0<\/span><strong>-ReportSummary<\/strong><span>\u00a0<\/span>switch was implemented first by the community member<span>\u00a0<\/span><a href=\"https:\/\/github.com\/stingyjack\">@StingyJack<\/a>, thanks for that.\nThe idea is to see a summary, like Pester but since it writes to host, we decided to not enable it by default but rather have a switch for it to start with.\nIt got refined a bit later to use the same colouring for warnings\/errors as currently configured in the PowerShell host.<\/p>\n<p>The<span>\u00a0<\/span><strong>-EnableExit<\/strong><span>\u00a0<\/span>was an idea being proposed by the community member<span>\u00a0<\/span><a href=\"https:\/\/github.com\/batmanama\">@BatmanAMA<\/a><span>\u00a0<\/span>as well and the idea is to have a simpler, faster to write CI integration.\nThe switch will return an exit code equivalent to the number of rule violations to signal success\/failure to the CI system.\nOf course, it is still best practice to have a Pester test (for each file and\/or rule) for it due Pester&#8217;s ability to produce result files that can be interpreted by CI systems for more detailed analysis.<\/p>\n<h2>New Rules<\/h2>\n<h3>AvoidAssignmentToAutomaticVariable<\/h3>\n<p>PowerShell has built-in variables, also known as automatic variables.\nSome of them are read-only and PowerShell would throw an error at runtime.\nTherefore, the rule warns against assignment of those variables.\nSome of them, like e.g.<span>\u00a0<\/span><code>$error<\/code><span>\u00a0<\/span>are very easy to assign to by mistake, especially for new users who are not aware.\nIn the future more automatic variables will be added to the &#8216;naughty&#8217; list but since some automatic variables can be assigned to (by design), the process of determining the ones to warn against is still in process and subject to future improvement.<\/p>\n<h3>PossibleIncorrectUsageOfRedirectionOperator and PossibleIncorrectUsageOfAssignmentOperator<\/h3>\n<p>I have written those rules mainly for myself because as a C# programmer, I have to switch between different languages quite often and it happened to me and my colleagues quite often that we forgot simple syntax and were using e.g.<span>\u00a0<\/span><code>if ($a &gt; $b)<\/code><span>\u00a0<\/span>when in fact what we meant was<span>\u00a0<\/span><code>if ($a -gt $b)<\/code><span>\u00a0<\/span>and similar for the ambiguity of the assignment operator = that can easily be used by accident instead of the equality operator that was probably intended.\nSince this only applies to if\/elseif\/while\/do-while statements, I could limit the search scope for it.\nTo avoid false positives, a lot of intelligent logic went into it.\nFor example, the rule is clever enough to know that<span>\u00a0<\/span><code>if ($a = Get-Something)<\/code><span>\u00a0<\/span>is assignment by design as this is a common coding pattern and therefore excluded from this rule.\nI received some interesting<span>\u00a0<\/span><a href=\"https:\/\/twitter.com\/ChristophBergm\/status\/966777114413404160\" rel=\"nofollow\">feedback<\/a><span>\u00a0<\/span>from the community and because PSSA does not support suppression on a per line basis at the moment, the rule offers implicit suppression in<span>\u00a0<\/span><a href=\"https:\/\/github.com\/Microsoft\/clang\/blob\/349091162fcf2211a2e55cf81db934978e1c4f0c\/test\/SemaCXX\/warn-assignment-condition.cpp#L15-L18\">CLANG<\/a><span>\u00a0<\/span>style whereby wrapping the expression in extra parenthesis tells the rule that the assignment is by design.\nThanks for this idea, which came from the community by<span>\u00a0<\/span><a href=\"https:\/\/github.com\/imfrancisd\">@imfrancisd<\/a><\/p>\n<h3>AvoidTrailingWhiteSpace<\/h3>\n<p>This rule was implemented by the well known community member<span>\u00a0<\/span><a href=\"https:\/\/github.com\/dlwyatt\">@dlwyatt<\/a><span>\u00a0<\/span>and really does what it says on the tin.\nThe idea behind this was especially to prevent problems that can be caused by whitespace after the backtick.\nPersonally, I have the following setting in my settings.json for VSCode file that trims trailing whitespace automatically upon saving the file.<\/p>\n<pre><code>    \"[powershell]\": {\n        \"files.trimTrailingWhitespace\": true\n    },\n\n<\/code><\/pre>\n<h2>AvoidUsingCmdletAliases<\/h2>\n<p>This rule is not new but a new feature has been added:\nIf one types a command like e.g. &#8216;verb&#8217; and PowerShell cannot find it, it will try to add a &#8216;Get-&#8216; to the beginning of it and search again.\nThis feature was already present in PowerShell v1 by the way.\nHowever, although &#8216;service&#8217; might work on Windows, but on Linux &#8216;service&#8217; is a native binary that PowerShell would call.\nTherefore it is not only the implicit aliasing that makes it dangerous to omit &#8216;Get-&#8216;, but also the ambiguity on different operating systems that can cause undesired behavior.\nThe rule is intelligent enough to check if the native binary is present on the given OS and therefore warns when using &#8216;service&#8217; on Windows only.<\/p>\n<h2>Miscellaneous engine improvements and fixes<\/h2>\n<p>A lot of fixes for thrown exception, false positives, false negatives, etc. are part of this release as well.\nSome are notable:<\/p>\n<ul>\n<li>The PowerShell extension of VSCode uses<span>\u00a0<\/span><a href=\"https:\/\/github.com\/PowerShell\/PowerShellEditorServices\">PowerShellEditorServices<\/a>, which in turn calls into PSScriptAnalyzer for displaying the warnings using squiggles and also uses its formatting capabilities (shortcut:<span>\u00a0<\/span><strong>Ctrl+K+F<\/strong><span>\u00a0<\/span>on the selection).\nThere was one bug whereby if a comment was at the end of e.g. an if statement and the statement got changed to have the brace on the same line, the formatter placed the comment before the brace, which resulted in invalid syntax.\nThis is fixed now.\nThe PSUseConsistentWhiteSpace was also tweaked to take unary operators into account to have formatting that naturally looks better to humans rather than having a strict rule.<\/li>\n<li>The engine is now being built using the .Net Core SDK version 2 and targets .Net Standard 2.0 for PowerShell Core builds.\nThe used referenced for the PowerShell Parser also got updated to the latest version or the corresponding reference assemblies for Windows PowerShell, which highly improved the behaviour of PSScriptAnalyzer on PowerShell 3.<\/li>\n<li>Various parsing issues existed with the<span>\u00a0<\/span><strong>-Settings<\/strong><span>\u00a0<\/span>parameter when it was not a string that was already resolved.\nThis got fixed and should now work in any scenario.<\/li>\n<li>PSSA has a<span>\u00a0<\/span><a href=\"https:\/\/github.com\/PowerShell\/PSScriptAnalyzer\/blob\/development\/RuleDocumentation\/UseCompatibleCmdlets.md\">UseCompatibleCmdlet<\/a><span>\u00a0<\/span>rule and command data files are now present for all versions of Windows PowerShell and even OS specific for PowerShell Core 6.0.2.\nIn effect the rule allows you to get warnings when calling cmdlets that are not present in the chosen PowerShell versions.\nMore improvements to analyse type usage as well is planned.<\/li>\n<li>The PSUseDeclaredVarsMoreThanAssignments rule has been a pet peeve for many in the past due to its many false positves.\nThe rule received a few improvements.\nSome of its limitations (it is e.g. not aware of the scriptblock scope) are still present but overall, there should be less false positives.<\/li>\n<li>Lots of internal build and packaging improvements were made and PSScriptAnalyzer pushed the envelope as far as using AppVeyor&#8217;s Ubuntu builds, which are currently in private Beta.\nMany thanks to<span>\u00a0<\/span><a href=\"https:\/\/github.com\/IlyaFinkelshteyn\">@IlyaFinkelshteyn<\/a><span>\u00a0<\/span>for allowing us to use it and the great support.\nWe are now testing against PowerShell 4, 5.1 and 6.0 (Windows and Ubuntu) in CI.<\/li>\n<li>Many community members added documentation fixes, thank you all for that!<\/li>\n<li>Parser errors are now returned as diagnostic messages<\/li>\n<li>Using ScriptAnalyzer with PowerShell Core requires at least version 6.0.2<\/li>\n<\/ul>\n<p>Enjoy the new release and let us know how you find it.\nPSScriptAnalyzer is also open to PRs if you want to add features or fix something.\nLet me know if there are other PSScriptAnalyzer topics that you would like me to write about, such as e.g. custom rules or PSScriptAnalyzer setting files and VSCode integration.<\/p>\n<p>Christopher Bergmeister\nPSScriptAnalyzer Maintainer<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary: A new version of\u00a0PSScriptAnalyzer\u00a0is now available with many new features, rules, fixes and improvements. You might remember me from my previous\u00a0cross-platform remoting blog post, but just to introduce myself: I am Christoph Bergmeister, a full stack .Net developer in the London area and since the start of this year I am now also an [&hellip;]<\/p>\n","protected":false},"author":612,"featured_media":13641,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[3182],"class_list":["post-14145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-powershell","tag-psscriptanalyzer"],"acf":[],"blog_post_summary":"<p>Summary: A new version of\u00a0PSScriptAnalyzer\u00a0is now available with many new features, rules, fixes and improvements. You might remember me from my previous\u00a0cross-platform remoting blog post, but just to introduce myself: I am Christoph Bergmeister, a full stack .Net developer in the London area and since the start of this year I am now also an [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts\/14145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/users\/612"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/comments?post=14145"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts\/14145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/media\/13641"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/media?parent=14145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/categories?post=14145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/tags?post=14145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}