Merge pull request #120 from PowerShell/master

Forward Integrate: Master to BugFixes

Author: raghushantha

CHANGELOG.MD

@@ -0,0 +1,46 @@
+## Unreleased (May.7, 2015)
+###Features:
+- Integrated with waffle.io for Project Management.
+- Added documentation for writing script rules.
+
+###Rules:
+- AvoidUsingWMICmdlet rule: For PowerShell 3.0 and above, usage of WMI cmdlets is not recommended. This rule is to detect WMI cmdlet usage in scripts that are written for PS 3.0 and above.
+- DSCTestsPresent rule: Resource module contains Tests folder with tests for given resource.
+- UseOutputTypeCorrectly rule: If we can identify the type of an object that is outputted to the pipeline by a cmdlet, then that type must be listed in the OutputType attribute.
+
+###Fixes:
+
+- PSProvideVerboseMessage only throws warnings in non-advanced functions.
+- Fix the issue in importing customized rule
+
+
+
+
+##Relesed on Apr.24, 2015
+
+###Features:
+- Finalized three levels of Severity - Error/Warning/Information. 
+- Improved PSScriptAnalyzer engine behavior: emits non-terminating errors (Ex: for failed ast parse) and continues rule application when running on multiple scripts.
+- Added wild card supports for rules in Invoke-ScriptAnalyzer and Get-ScriptAnalyzer. Eg. Invoke-ScriptAnalyzer -IncludeRule PSAvoid* will apply all rules starting with PSAvoid* in built in rule assemblies. 
+- Added -Severity to Get-ScriptAnalyzerRules. Get-ScriptAnalyzer -Severity will filter rules based on the severity given.
+- Added Suppression functionality. Users are now able to specify suppression on certain parts of the scripts by specifying "SupressMessageAttribute" in the scripts. More details and documentations will be coming soon in blog posts. Also comes with this feature is the ability for users to display a list of suppressed messages.
+
+###Rules:
+
+- Added DSC Rules for resources including Parameter validation, Usage of standard DSC functions and return type validation. Rule checkings also support for DSC classes. Built-in DSC rules include:
+    + UseStandardDSCFunctionsInResource
+    + UseIdenticalParametersDSC
+    + UseIdenticalMandatoryParametersDSC
+    + ReturnCorrectTypesForDSCFunctions
+- Added support in the engine to detect DSC configuration/resource files and disable default rule checkings on DSC configuration and resource files.
+- UseShouldProcessForStateChangingFunctions - If an advanced function has Verbs like New/Start/Stop/Restart/Reset/Set- that will change system state, it should support ShouldProcess attribute.
+
+
+###Fixes:
+
+- Improved heuristics to detect usage of Username and Password instead of PSCredential type.
+- Improved accuracy in the detection of uninitialized variables.
+- Improved error messages to include error line numbers and file names.
+- Identified usage of PSBound parameters and PowerShell supplied variables such as $MyInvocation to avoid unnecessary noise in the results returned by some of the built-in rules.
+- Fixed terminating errors including "Illegal characters in Path".
+

CustomizedRuleDocumentation.md

@@ -0,0 +1,158 @@
+##Documentation for Customized Rules in PowerShell Scripts
+PSScriptAnalyzer uses MEF(Managed Extensibility Framework) to import all rules defined in the assembly. It can also consume rules written in PowerShell scripts. When calling Invoke-ScriptAnalyzer, users can pass customized rules using parameter -CustomizedRulePath to apply rule checkings on the scripts. 
+
+This documentation serves as a basic guideline on how to define customized rules.
+
+###Basics
+- Functions should have comment-based help. Make sure .DESCRIPTION field is there, as it will be consumed as rule description for the customized rule.
+```
+<#
+.SYNOPSIS
+    Name of your rule.
+.DESCRIPTION
+    This would be the description of your rule. Please refer to Rule Documentation for consistent rule messages.
+.EXAMPLE
+.INPUTS
+.OUTPUTS
+.NOTES
+#>
+```
+
+- Output type should be DiagnosticRecord:
+```
+[OutputType([Microsoft.Windows.Powershell.ScriptAnalyzer.Generic.DiagnosticRecord[]])]
+```
+
+- Make sure each function takes either a Token or an Ast as a parameter
+```
+Param
+    (
+        [Parameter(Mandatory = $true)]
+        [ValidateNotNullOrEmpty()]
+        [System.Management.Automation.Language.ScriptBlockAst]
+        $testAst
+    )
+```
+
+- DiagnosticRecord should have four properties: Message, Extent, RuleName and Severity
+```
+$result = [Microsoft.Windows.Powershell.ScriptAnalyzer.Generic.DiagnosticRecord[]]@{"Message"  = "This is a sample rule"; 
+     "Extent"   = $ast.Extent;
+     "RuleName" = $PSCmdlet.MyInvocation.InvocationName;
+     "Severity" = "Warning"}
+```
+
+- Make sure you export the function(s) at the end of the script using Export-ModuleMember
+```
+Export-ModuleMember -Function (FunctionName)
+```
+
+###Example
+```
+<#
+.SYNOPSIS
+    Uses #Requires -RunAsAdministrator instead of your own methods.
+.DESCRIPTION
+    The #Requires statement prevents a script from running unless the Windows PowerShell version, modules, snap-ins, and module and snap-in version prerequisites are met. 
+    From Windows PowerShell 4.0, the #Requires statement let script developers require that sessions be run with elevated user rights (run as Administrator). 
+    Script developers does not need to write their own methods any more.
+    To fix a violation of this rule, please consider to use #Requires -RunAsAdministrator instead of your own methods.
+.EXAMPLE
+    Measure-RequiresRunAsAdministrator -ScriptBlockAst $ScriptBlockAst
+.INPUTS
+    [System.Management.Automation.Language.ScriptBlockAst]
+.OUTPUTS
+    [Microsoft.Windows.Powershell.ScriptAnalyzer.Generic.DiagnosticRecord[]]
+.NOTES
+    None
+#>
+function Measure-RequiresRunAsAdministrator
+{
+    [CmdletBinding()]
+    [OutputType([Microsoft.Windows.Powershell.ScriptAnalyzer.Generic.DiagnosticRecord[]])]
+    Param
+    (
+        [Parameter(Mandatory = $true)]
+        [ValidateNotNullOrEmpty()]
+        [System.Management.Automation.Language.ScriptBlockAst]
+        $ScriptBlockAst
+    )
+
+    Process
+    {
+        $results = @()
+        try
+        {
+            #region Define predicates to find ASTs.
+            # Finds specific method, IsInRole.
+            [ScriptBlock]$predicate1 = {
+                param ([System.Management.Automation.Language.Ast]$Ast)
+                [bool]$returnValue = $false
+                if ($Ast -is [System.Management.Automation.Language.MemberExpressionAst])
+                {
+                    [System.Management.Automation.Language.MemberExpressionAst]$meAst = $ast;
+                    if ($meAst.Member -is [System.Management.Automation.Language.StringConstantExpressionAst])
+                    {
+                        [System.Management.Automation.Language.StringConstantExpressionAst]$sceAst = $meAst.Member;
+                        if ($sceAst.Value -eq "isinrole")
+                        {
+                            $returnValue = $true;
+                        }
+                    }
+                }
+                return $returnValue
+            }
+
+            # Finds specific value, [system.security.principal.windowsbuiltinrole]::administrator.
+            [ScriptBlock]$predicate2 = {
+                param ([System.Management.Automation.Language.Ast]$Ast)
+                [bool]$returnValue = $false
+                if ($ast -is [System.Management.Automation.Language.AssignmentStatementAst])
+                {
+                    [System.Management.Automation.Language.AssignmentStatementAst]$asAst = $Ast;
+                    if ($asAst.Right.ToString().ToLower() -eq "[system.security.principal.windowsbuiltinrole]::administrator")
+                    {
+                        $returnValue = $true
+                    }
+                }
+                return $returnValue
+            }
+            #endregion
+            #region Finds ASTs that match the predicates.
+        
+            [System.Management.Automation.Language.Ast[]]$methodAst     = $ScriptBlockAst.FindAll($predicate1, $true)
+            [System.Management.Automation.Language.Ast[]]$assignmentAst = $ScriptBlockAst.FindAll($predicate2, $true)
+            if ($null -ne $ScriptBlockAst.ScriptRequirements)
+            {
+                if ((!$ScriptBlockAst.ScriptRequirements.IsElevationRequired) -and 
+                    ($methodAst.Count -ne 0) -and ($assignmentAst.Count -ne 0))
+                {
+                    $result = [Microsoft.Windows.Powershell.ScriptAnalyzer.Generic.DiagnosticRecord]@{"Message"  = $Messages.MeasureRequiresRunAsAdministrator; 
+                                                "Extent"   = $assignmentAst.Extent;
+                                                "RuleName" = $PSCmdlet.MyInvocation.InvocationName;
+                                                "Severity" = "Information"}
+                    $results += $result               
+                }
+            }
+            else
+            {
+                if (($methodAst.Count -ne 0) -and ($assignmentAst.Count -ne 0))
+                {
+                    $result = [Microsoft.Windows.Powershell.ScriptAnalyzer.Generic.DiagnosticRecord]@{"Message"  = $Messages.MeasureRequiresRunAsAdministrator; 
+                                                "Extent"   = $assignmentAst.Extent;
+                                                "RuleName" = $PSCmdlet.MyInvocation.InvocationName;
+                                                "Severity" = "Information"}
+                    $results += $result               
+                }        
+            }
+            return $results
+            #endregion 
+        }
+        catch
+        {
+            $PSCmdlet.ThrowTerminatingError($PSItem)
+        }
+    }
+}
+```
+More examples can be found in *Tests\Engine\CommunityRules*

Engine/Helper.cs

@@ -2120,6 +2120,11 @@ public object VisitConvertExpression(ConvertExpressionAst convAst)
         {
             if (convAst != null)
             {
+                if (convAst.Type.TypeName.GetReflectionType() != null)
+                {
+                    return convAst.Type.TypeName.GetReflectionType().FullName;
+                }
+
                 return convAst.Type.TypeName.FullName;
             }
 
@@ -2170,6 +2175,11 @@ public object VisitTypeConstraint(TypeConstraintAst typeAst)
         {
             if (typeAst != null)
             {
+                if (typeAst.TypeName.GetReflectionType() != null)
+                {
+                    return typeAst.TypeName.GetReflectionType().FullName;
+                }
+
                 return typeAst.TypeName.FullName;
             }
 
@@ -2195,6 +2205,11 @@ public object VisitTypeExpression(TypeExpressionAst typeExpressionAst)
         {
             if (typeExpressionAst != null)
             {
+                if (typeExpressionAst.TypeName.GetReflectionType() != null)
+                {
+                    return typeExpressionAst.TypeName.GetReflectionType().FullName;
+                }
+
                 return typeExpressionAst.TypeName.FullName;
             }
 

README.md

@@ -1,3 +1,4 @@
+
 Introduction
 ============
 
@@ -18,7 +19,7 @@ Requirements
 
 WS2012R2 / Windows 8.1 / Windows OS running **PowerShell v5.0** and **Windows Management Framework 5.0 Preview**
 
-Download the latest WMF package from [Windows Management Framework 5.0 Preview February 2015](http://go.microsoft.com/fwlink/?LinkId=398175).
+Download the latest WMF package from [Windows Management Framework 5.0 Preview](http://go.microsoft.com/fwlink/?LinkId=398175).
 
 Installation
 ============
@@ -53,6 +54,13 @@ Pester-based ScriptAnalyzer Tests are located in ```<branch>/PSScriptAnalyzer/Te
 .\*.ps1 (Example - .\ AvoidConvertToSecureStringWithPlainText.ps1)
 *You can also run all tests under \Engine or \Rules by calling Invoke-Pester in the Engine/Rules directory.
 
+Project Management Dashboard
+==============================
+
+You can track issues, pull requests, backlog items here:
+
+[![Stories in Ready](https://badge.waffle.io/PowerShell/PSScriptAnalyzer.png?label=ready&title=Ready)](https://waffle.io/PowerShell/PSScriptAnalyzer)
+
 
 Contributing to ScriptAnalyzer
 ==============================

RuleDocumentation/DscExamplesPresent.md

@@ -0,0 +1,55 @@
+#DscExamplesPresent
+**Severity Level: Information**
+
+
+##Description
+
+Checks that DSC examples for given resource are present.
+
+##How to Fix
+
+To fix a violation of this rule, please make sure Examples directory is present:
+* For non-class based resources it should exist at the same folder level as DSCResources folder.
+* For class based resources it should be present at the same folder level as resource psm1 file. 
+
+Examples folder should contain sample configuration for given resource - file name should contain resource's name.
+
+##Example
+
+### Non-class based resource
+
+Let's assume we have non-class based resource with a following file structure:
+
+* xAzure
+  * DSCResources
+    * MSFT_xAzureSubscription
+      * MSFT_xAzureSubscription.psm1
+      * MSFT_xAzureSubscription.schema.mof
+
+In this case, to fix this warning, we should add examples in a following way:
+
+* xAzure
+  * DSCResources
+    * MSFT_xAzureSubscription
+      * MSFT_xAzureSubscription.psm1
+      * MSFT_xAzureSubscription.schema.mof
+  * Examples
+    * MSFT_xAzureSubscription_AddSubscriptionExample.ps1
+    * MSFT_xAzureSubscription_RemoveSubscriptionExample.ps1
+
+### Class based resource
+
+Let's assume we have class based resource with a following file structure:
+
+* MyDscResource
+    * MyDscResource.psm1
+    * MyDscresource.psd1
+
+In this case, to fix this warning, we should add examples in a following way:
+
+* MyDscResource
+    * MyDscResource.psm1
+    * MyDscresource.psd1
+    * Tests
+      * MyDscResource_Example1.ps1
+      * MyDscResource_Example2.ps1

RuleDocumentation/DscTestsPresent.md

@@ -0,0 +1,54 @@
+#DscTestsPresent
+**Severity Level: Information**
+
+
+##Description
+
+Checks that DSC tests for given resource are present.
+
+##How to Fix
+
+To fix a violation of this rule, please make sure Tests directory is present:
+* For non-class based resources it should exist at the same folder level as DSCResources folder.
+* For class based resources it should be present at the same folder level as resource psm1 file. 
+
+Tests folder should contain test script for given resource - file name should contain resource's name.
+
+##Example
+
+### Non-class based resource
+
+Let's assume we have non-class based resource with a following file structure:
+
+* xAzure
+  * DSCResources
+    * MSFT_xAzureSubscription
+      * MSFT_xAzureSubscription.psm1
+      * MSFT_xAzureSubscription.schema.mof
+
+In this case, to fix this warning, we should add tests in a following way:
+
+* xAzure
+  * DSCResources
+    * MSFT_xAzureSubscription
+      * MSFT_xAzureSubscription.psm1
+      * MSFT_xAzureSubscription.schema.mof
+  * Tests
+    * MSFT_xAzureSubscription_Tests.ps1
+
+### Class based resource
+
+Let's assume we have class based resource with a following file structure:
+
+* MyDscResource
+    * MyDscResource.psm1
+    * MyDscresource.psd1
+
+In this case, to fix this warning, we should add tests in a following way:
+
+* MyDscResource
+    * MyDscResource.psm1
+    * MyDscresource.psd1
+    * Tests
+      * MyDscResource_Tests.ps1
+