From 23cbc5bd4c2f6ad1fe0ea88415da662b60dc3c48 Mon Sep 17 00:00:00 2001 From: GoodOlClint Date: Wed, 6 May 2015 21:45:33 -0500 Subject: [PATCH 1/6] Added script to build module --- build.cmd | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 build.cmd diff --git a/build.cmd b/build.cmd new file mode 100644 index 000000000..10cff4ee4 --- /dev/null +++ b/build.cmd @@ -0,0 +1,6 @@ +@echo off +setlocal +call "%VS120COMNTOOLS%\VsDevCmd.bat" +msbuild .\PSScriptAnalyzer.sln +if NOT [%ERRORLEVEL%]==[0] pause +endlocal \ No newline at end of file From 1a146136df98747554ae7cf967a9c6418b4f3224 Mon Sep 17 00:00:00 2001 From: GoodOlClint Date: Thu, 7 May 2015 17:59:02 -0500 Subject: [PATCH 2/6] Check for VS Build tools --- build.cmd | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/build.cmd b/build.cmd index 10cff4ee4..5097a90dd 100644 --- a/build.cmd +++ b/build.cmd @@ -1,6 +1,15 @@ @echo off setlocal +if "%VS120COMNTOOLS%"=="" GOTO NOTOOLS call "%VS120COMNTOOLS%\VsDevCmd.bat" msbuild .\PSScriptAnalyzer.sln if NOT [%ERRORLEVEL%]==[0] pause + +GOTO END + +:NOTOOLS +echo The Visual Studio 2012 tools are not installed +pause + +:END endlocal \ No newline at end of file From 2db020006bfb5fc1d0e214f24b94a74bb91165c1 Mon Sep 17 00:00:00 2001 From: GoodOlClint Date: Thu, 7 May 2015 17:59:44 -0500 Subject: [PATCH 3/6] Specify build configuration and logging --- build.cmd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.cmd b/build.cmd index 5097a90dd..70dd889a3 100644 --- a/build.cmd +++ b/build.cmd @@ -2,7 +2,7 @@ setlocal if "%VS120COMNTOOLS%"=="" GOTO NOTOOLS call "%VS120COMNTOOLS%\VsDevCmd.bat" -msbuild .\PSScriptAnalyzer.sln +msbuild .\PSScriptAnalyzer.sln /p:Configuration=Debug /l:FileLogger,Microsoft.Build.Engine;logfile=PSScriptAnalyzer_Build.log;append=true if NOT [%ERRORLEVEL%]==[0] pause GOTO END From 6a8fbe8e60199019b9c66698c7378e5f469acc51 Mon Sep 17 00:00:00 2001 From: GoodOlClint Date: Thu, 7 May 2015 18:04:51 -0500 Subject: [PATCH 4/6] Corrected visual studio version name --- build.cmd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.cmd b/build.cmd index 70dd889a3..e51842115 100644 --- a/build.cmd +++ b/build.cmd @@ -8,7 +8,7 @@ if NOT [%ERRORLEVEL%]==[0] pause GOTO END :NOTOOLS -echo The Visual Studio 2012 tools are not installed +echo The Visual Studio 2013 tools are not installed pause :END From 2d91cdb1be1d6f2fc6b7bc04fcd74d7d8cc4586e Mon Sep 17 00:00:00 2001 From: Yuting Chen Date: Mon, 11 May 2015 13:39:15 -0700 Subject: [PATCH 5/6] Modify DSC rule severity --- Rules/UseIdenticalMandatoryParametersDSC.cs | 4 ++-- Rules/UseIdenticalParametersDSC.cs | 4 ++-- Rules/UseStandardDSCFunctionsInResource.cs | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Rules/UseIdenticalMandatoryParametersDSC.cs b/Rules/UseIdenticalMandatoryParametersDSC.cs index 93309e30d..b2aaa3c16 100644 --- a/Rules/UseIdenticalMandatoryParametersDSC.cs +++ b/Rules/UseIdenticalMandatoryParametersDSC.cs @@ -98,7 +98,7 @@ public IEnumerable AnalyzeDSCResource(Ast ast, string fileName { List functionsNotContainingParam = expectedTargetResourceFunctionNames.Except(mandatoryParameters[paramName]).ToList(); yield return new DiagnosticRecord(string.Format(CultureInfo.InvariantCulture, Strings.UseIdenticalMandatoryParametersDSCError, paramName, string.Join(", ", functionsNotContainingParam.ToArray())), - ast.Extent, GetName(), DiagnosticSeverity.Information, fileName); + ast.Extent, GetName(), DiagnosticSeverity.Error, fileName); } } @@ -159,7 +159,7 @@ public SourceType GetSourceType() /// public RuleSeverity GetSeverity() { - return RuleSeverity.Information; + return RuleSeverity.Error; } /// diff --git a/Rules/UseIdenticalParametersDSC.cs b/Rules/UseIdenticalParametersDSC.cs index ff33d03c7..8318c6155 100644 --- a/Rules/UseIdenticalParametersDSC.cs +++ b/Rules/UseIdenticalParametersDSC.cs @@ -67,7 +67,7 @@ public IEnumerable AnalyzeDSCResource(Ast ast, string fileName || !CompareParamAsts(paramAst, paramNames[paramAst.Name.VariablePath.UserPath])) { yield return new DiagnosticRecord(string.Format(CultureInfo.CurrentCulture, Strings.UseIdenticalParametersDSCError), - paramAst.Extent, GetName(), DiagnosticSeverity.Information, fileName); + paramAst.Extent, GetName(), DiagnosticSeverity.Error, fileName); } } } @@ -166,7 +166,7 @@ public SourceType GetSourceType() /// public RuleSeverity GetSeverity() { - return RuleSeverity.Warning; + return RuleSeverity.Error; } /// diff --git a/Rules/UseStandardDSCFunctionsInResource.cs b/Rules/UseStandardDSCFunctionsInResource.cs index 60e729cde..67e9728df 100644 --- a/Rules/UseStandardDSCFunctionsInResource.cs +++ b/Rules/UseStandardDSCFunctionsInResource.cs @@ -54,7 +54,7 @@ public IEnumerable AnalyzeDSCResource(Ast ast, string fileName if (!targetResourceFunctionNamesInAst.Contains(expectedTargetResourceFunctionName, StringComparer.CurrentCultureIgnoreCase)) { yield return new DiagnosticRecord(string.Format(CultureInfo.CurrentCulture, Strings.UseStandardDSCFunctionsInResourceError, expectedTargetResourceFunctionName), - ast.Extent, GetName(), DiagnosticSeverity.Information, fileName); + ast.Extent, GetName(), DiagnosticSeverity.Error, fileName); } } } @@ -85,7 +85,7 @@ item is TypeDefinitionAst if (!functions.Any(function => String.Equals(resourceFunctionName, (function as FunctionMemberAst).Name))) { yield return new DiagnosticRecord(string.Format(CultureInfo.CurrentCulture, Strings.UseStandardDSCFunctionsInClassError, resourceFunctionName), - dscClass.Extent, GetName(), DiagnosticSeverity.Information, fileName); + dscClass.Extent, GetName(), DiagnosticSeverity.Error, fileName); } } } From 6c388d1dbc8339327061877eceed237d2fdb0030 Mon Sep 17 00:00:00 2001 From: Yuting Chen Date: Mon, 11 May 2015 14:36:37 -0700 Subject: [PATCH 6/6] Add rule documentation for AvoidUsingCovertToSecureString --- ...ToSecureStringWithPlainTextNoViolations.md | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 RuleDocumentation/AvoidUsingConvertToSecureStringWithPlainTextNoViolations.md diff --git a/RuleDocumentation/AvoidUsingConvertToSecureStringWithPlainTextNoViolations.md b/RuleDocumentation/AvoidUsingConvertToSecureStringWithPlainTextNoViolations.md new file mode 100644 index 000000000..1b5fa2edd --- /dev/null +++ b/RuleDocumentation/AvoidUsingConvertToSecureStringWithPlainTextNoViolations.md @@ -0,0 +1,30 @@ +#AvoidUsingConvertToSecureStringWithPlainTextNoViolations +**Severity Level: Error** + + +##Description + +Information in the script should be protected properly. Using ConvertTo-SecureString with plain text will expose secure information. + +##How to Fix + +To fix a violation of this rule, please use a standard encrypted variable to do the conversion. + +##Example + +Wrong: + +``` +$notsecure = convertto-securestring "abc" -asplaintext -force + +New-Object System.Management.Automation.PSCredential -ArgumentList "username", (ConvertTo-SecureString "notsecure" -AsPlainText -Force) + +``` + +Correct: + +``` +$secure = read-host -assecurestring +$encrypted = convertfrom-securestring -securestring $secure +convertto-securestring -string $encrypted +```