Skip to content

Commit a67642c

Browse files
author
Kapil Borle
committed
Update the error messages of UsePSCredentialType and AvoidUsernameAndPasswordParams
1 parent 3e1bc0d commit a67642c

5 files changed

+25
-16
lines changed

Rules/Strings.Designer.cs

Lines changed: 5 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Rules/Strings.resx

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -217,13 +217,13 @@
217217
<value>One Char</value>
218218
</data>
219219
<data name="UsePSCredentialTypeDescription" xml:space="preserve">
220-
<value>Checks if a credential parameter of type PSCredential has a CredentialAttribute attribute such that PSCredential precedes CredentialAttribute. This is not applicable to PowerShell version 5.0 or above. </value>
220+
<value>For PowerShell 4.0 and earlier, a parameter named Credential with type PSCredential must have a credential transformation attribute defined after the PSCredential type attribute. </value>
221221
</data>
222222
<data name="UsePSCredentialTypeError" xml:space="preserve">
223-
<value>The Credential parameter in '{0}' must be of type PSCredential and must have a CredentialAttribute attribute such that PSCredential is placed before CredentialAttribute. This is not applicable to PowerShell version 5.0 or above.</value>
223+
<value>The Credential parameter in '{0}' must be of type PSCredential. For PowerShell 4.0 and earlier, please define a credential transformation attribute, [CredentialAttribute()], after the PSCredential type attribute.</value>
224224
</data>
225225
<data name="UsePSCredentialTypeErrorSB" xml:space="preserve">
226-
<value>The Credential parameter found in the script block must be of type PSCredential and must have a CredentialAttribute attribute such that PSCredential is placed before CredentialAttribute. This is not applicable to PowerShell version 5.0 or above.</value>
226+
<value>The Credential parameter found in the script block must be of type PSCredential. For PowerShell 4.0 and earlier please define a credential transformation attribute, [CredentialAttribute()], after the PSCredential type attribute. </value>
227227
</data>
228228
<data name="UsePSCredentialTypeCommonName" xml:space="preserve">
229229
<value>Use PSCredential type.</value>
@@ -511,10 +511,10 @@
511511
<value>Avoid Using Username and Password Parameters</value>
512512
</data>
513513
<data name="AvoidUsernameAndPasswordParamsDescription" xml:space="preserve">
514-
<value>Functions should take in a credential parameter of type PSCredential with CredentialAttribute or set the password parameter to SecureString type.</value>
514+
<value>Functions should take in a Credential parameter of type PSCredential (with a Credential transformation attribute defined after it in PowerShell 4.0 or earlier) or set the Password parameter to type SecureString.</value>
515515
</data>
516516
<data name="AvoidUsernameAndPasswordParamsError" xml:space="preserve">
517-
<value>Function '{0}' has both username and password parameters. Either set the type of password parameter to SecureString or replace the username and password parameters by a credential parameter of type PSCredential.</value>
517+
<value>Function '{0}' has both Username and Password parameters. Either set the type of the Password parameter to SecureString or replace the Username and Password parameters with a Credential parameter of type PSCredential. If using a Credential parameter in PowerShell 4.0 or earlier, please define a credential transformation attribute after the PSCredential type attribute.</value>
518518
</data>
519519
<data name="AvoidUsernameAndPasswordParamsName" xml:space="preserve">
520520
<value>AvoidUsingUserNameAndPassWordParams</value>

Rules/UsePSCredentialType.cs

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,13 +24,13 @@ namespace Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules
2424
{
2525

2626
/// <summary>
27-
/// UsePSCredentialType: Checks if a credential parameter of type PSCredential has a credential attribute of type CredentialAttribute such that the type precedes the attribute. This is applicable to only to PowerShell Version less than 5.0.
27+
/// UsePSCredentialType: Checks if a parameter named Credential is of type PSCredential. Also checks if there is a credential transformation attribute defined after the PSCredential type attribute. The order between credential transformation attribute and PSCredential type attribute is applicable only to Poweshell 4.0 and earlier.
2828
/// </summary>
2929
[Export(typeof(IScriptRule))]
3030
public class UsePSCredentialType : IScriptRule
3131
{
3232
/// <summary>
33-
/// AnalyzeScript: Analyzes the ast to check if a credential parameter of type PSCredential has a credential attribute of type CredentialAttribute such that the type precedes the attribute. This is applicable to only to PowerShell Version less than 5.0.
33+
/// AnalyzeScript: Analyzes the ast to check if a parameter named Credential is of type PSCredential. Also checks if there is a credential transformation attribute defined after the PSCredential type attribute. The order between the credential transformation attribute and PSCredential type attribute is applicable only to Poweshell 4.0 and earlier.
3434
/// </summary>
3535
/// <param name="ast">The script's ast</param>
3636
/// <param name="fileName">The script's file name</param>
@@ -39,6 +39,15 @@ public IEnumerable<DiagnosticRecord> AnalyzeScript(Ast ast, string fileName)
3939
{
4040
if (ast == null) throw new ArgumentNullException(Strings.NullAstErrorMessage);
4141

42+
var sbAst = ast as ScriptBlockAst;
43+
if (sbAst != null
44+
&& sbAst.ScriptRequirements != null
45+
&& sbAst.ScriptRequirements.RequiredPSVersion != null
46+
&& sbAst.ScriptRequirements.RequiredPSVersion.Major == 5)
47+
{
48+
yield break;
49+
}
50+
4251
IEnumerable<Ast> funcDefAsts = ast.FindAll(testAst => testAst is FunctionDefinitionAst, true);
4352
IEnumerable<Ast> scriptBlockAsts = ast.FindAll(testAst => testAst is ScriptBlockAst, true);
4453

Tests/Rules/AvoidUserNameAndPasswordParams.tests.ps1

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
Import-Module PSScriptAnalyzer
22

3-
$violationMessage = "Function 'TestFunction' has both username and password parameters. Either set the type of password parameter to SecureString or replace the username and password parameters by a credential parameter of type PSCredential."
3+
$violationMessage = "Function 'TestFunction' has both Username and Password parameters. Either set the type of the Password parameter to SecureString or replace the Username and Password parameters with a Credential parameter of type PSCredential. If using a Credential parameter in PowerShell 4.0 or earlier, please define a credential transformation attribute after the PSCredential type attribute."
44
$violationName = "PSAvoidUsingUserNameAndPasswordParams"
55
$directory = Split-Path -Parent $MyInvocation.MyCommand.Path
66
$violations = Invoke-ScriptAnalyzer $directory\AvoidUserNameAndPasswordParams.ps1 | Where-Object {$_.RuleName -eq $violationName}
@@ -13,7 +13,7 @@ Describe "AvoidUserNameAndPasswordParams" {
1313
}
1414

1515
It "has the correct violation message" {
16-
$violations[0].Message | Should Match $violationMessage
16+
$violations[0].Message | Should Be $violationMessage
1717
}
1818
}
1919

Tests/Rules/PSCredentialType.tests.ps1

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
Import-Module PSScriptAnalyzer
2-
$violationMessage = "The Credential parameter in 'Credential' must be of type PSCredential and must have a CredentialAttribute attribute such that PSCredential is placed before CredentialAttribute. This is not applicable to PowerShell version 5.0 or above."
2+
$violationMessage = "The Credential parameter in 'Credential' must be of type PSCredential. For PowerShell 4.0 and earlier, please define a credential transformation attribute, [CredentialAttribute()], after the PSCredential type attribute."
33
$violationName = "PSUsePSCredentialType"
44
$directory = Split-Path -Parent $MyInvocation.MyCommand.Path
55
$violations = Invoke-ScriptAnalyzer $directory\PSCredentialType.ps1 | Where-Object {$_.RuleName -eq $violationName}
@@ -12,7 +12,7 @@ Describe "PSCredentialType" {
1212
}
1313

1414
It "has the correct description message" {
15-
$violations[0].Message | Should Match $violationMessage
15+
$violations[0].Message | Should Be $violationMessage
1616
}
1717
}
1818

0 commit comments

Comments
 (0)