Overview
We’re glad to announce the discharge of PSScriptAnalyzer 1.21. This minor model replace contains:
- Three new guidelines
- Enhances one rule
- Pipeline assist to
Invoke-Formatter - 4 bug fixes
- Improved message particulars in
PSUseCorrectCasing - A lot of documentation updates
- Up to date system necessities
An enormous portion of modifications are in much less seen areas comparable to the upkeep of dependencies and CI.
System necessities
Beginning with this model the minimal necessities are altering as follows:
- For PowerShell ‘Core’ customers (
$PSVersionTable.PSEdition -eq 'Core'):The minimal required PowerShell model will increase from
7.0.3to7.0.11. With PowerShell 7.0
reached finish of life this December, the following model of PSScriptAnalyzer would require7.2.Use
$PSVersionTable.PSVersionto see which model of PowerShell you’re utilizing. For extra
details about supported variations of PowerShell, see the
PowerShell assist lifecycle. - For Home windows PowerShell customers (model 3 to five.1 or (
$PSVersionTable.PSEdition -ne 'Core'))The minimal required model of the .NET Framework runtime elevated from
4.5.2to4.6.2.
Variations4.5.2.,4.6and4.6.1have reached finish of assist this yr. This transformation shouldn’t
influence nearly all of customers on supported and patched OS variations.For extra particulars about .NET assist, see
.NET Framework weblog submit.
For extra data, see the total changelog.
New Guidelines
AvoidMultipleTypeAttributes
This rule is to name out the utilization of a number of sort attributes in a perform that the parser accepts
as legitimate syntax however can later trigger surprising habits or an error at runtime.
For instance, the next perform
perform foo { [switch][string] $Param1 }will throw the next error when the perform is invoked:
Can’t convert the “” worth of sort “System.String” to sort “System.Administration.Automation.SwitchParameter”
Because of GitHub consumer hankyi95 for contributing this rule.
AvoidSemicolonsAsLineTerminators
The rule detects the utilization of a trailing semicolon on the finish of a line, which isn’t required in
most PowerShell scripts and may be omitted. This rule shouldn’t be enabled by default and can be utilized by
Invoke-Formatter.
The newest Preview model of the PowerShell extension for Visible Studio Code already contains
PSScriptAnalyzer 1.21.0 and may management this formatting rule by way of a brand new
powershell.codeFormatting.avoidSemicolonsAsLineTerminators setting. This could quickly be obtainable
within the non-preview model of the extension as nicely.
Because of Aliaksei (GitHub consumer tempora-mutantur) for contributing this rule.
AvoidUsingBrokenHashAlgorithms
This rule inspects the Get-FileHash cmdlet for utilization of both MD5 or SHA-1 as the worth
to the -Algorithm parameter since these algorithms are not thought-about safe. Customers
ought to contemplate changing the worth with SHA256, SHA384, SHA512, or different safer algorithms
the place potential. It’s understood there can be legacy or backwards compatibility circumstances the place this
can’t be carried out. PSScriptAnalyzer has a suppression characteristic that can be utilized to doc the
cause for it in your code.
Because of Michael Van Leeuwen (GitHub consumer MJVL) for contributing this rule.
Enhancements
Invoke-Formatter now accepts enter by way of the pipeline, both simply as a string or
[pscustomobject] with parameter values.
The AvoidUsingPlainTextForPassword rule is the primary built-in rule to now return a couple of
suggestion for correction. Along with suggesting the utilization of SecureString, it now gives
an alternate suggestion with PSCredential.
With model 2.40.0 of the az CLI, its entrypoint modified from a batch script to an az.ps1
script. Since this script simply handed its obtained arguments as $args as-is to python, it’s nonetheless
a CLI and never a script with parameters. Nevertheless it causes now a AvoidUsingPositionalParameters
warning, which is a false optimistic. We due to this fact added a CommandAllowList configuration to it,
which has az in it by default.
Documentation modifications
As a way to hold documentation all consolidated in a single location, we now have moved the documentation in
the repo to the repo of docs.microsoft.com. Please see the documentation discover within the
repo with the intention to get extra particular particulars.
Outlook
Count on extra formatting guidelines and choices within the subsequent launch and proceed giving us suggestions. We’re
trying to improve our launch frequency now that the Microsoft inside construct has moved to a brand new
system, which is what prompted some delay to this launch. To cut back upkeep, we wish to
drop assist for PowerShell model 3 and 4 in future variations of PSScriptAnalyzer, which might additionally
align it with the PowerShell extension for Visible Studio Code the place this modification was profitable. The
first step might be to extend the worth of the PowerShellVersion property within the module manifest
however nonetheless ship the model particular binaries in order that it will nonetheless work if one modified its worth in
the manifest.
On behalf of the Script Analyzer workforce,
Christoph Bergmeister, Mission Maintainer from the group, Avanade
Jim Truher, Senior Software program Engineer, PowerShell Workforce, Microsoft
