PowerShell · kapilmb · Mar 3, 2016 · Mar 3, 2016
diff --git a/Rules/Strings.Designer.cs b/Rules/Strings.Designer.cs
diff --git a/Rules/Strings.resx b/Rules/Strings.resx
@@ -217,16 +217,16 @@
     <value>One Char</value>
   </data>
   <data name="UsePSCredentialTypeDescription" xml:space="preserve">
-    <value>Checks that cmdlets that have a Credential parameter accept PSCredential with CredentialAttribute where PSCredential comes before CredentialAttribute.. This comes from the PowerShell teams best practices.</value>
+    <value>Checks if a credential parameter of type PSCredential has a credential attribute of type CredentialAttribute. This comes from the PowerShell teams best practices.</value>
   </data>
   <data name="UsePSCredentialTypeError" xml:space="preserve">
-    <value>The Credential parameter in '{0}' must be of the type PSCredential with CredentialAttribute where PSCredential comes before CredentialAttribute.</value>
+    <value>The Credential parameter in '{0}' must be of the type PSCredential and should have a credential attribute of type CredentialAttribute.</value>
   </data>
   <data name="UsePSCredentialTypeErrorSB" xml:space="preserve">
-    <value>The Credential parameter in a found script block must be of the type PSCredential with CredentialAttribute where PSCredential comes before CredentialAttribute.</value>
+    <value>The Credential parameter in a found script block must be of the type PSCredential should have a credential attribute of type CredentialAttribute.</value>
   </data>
   <data name="UsePSCredentialTypeCommonName" xml:space="preserve">
-    <value>PSCredential</value>
+    <value>Use PSCredential type</value>
   </data>
   <data name="ReservedCmdletCharDescription" xml:space="preserve">
     <value>Checks for reserved characters in cmdlet names. These characters usually cause a parsing error. Otherwise they will generally cause runtime errors.</value>
@@ -511,10 +511,10 @@
     <value>Avoid Using Username and Password Parameters</value>
   </data>
   <data name="AvoidUsernameAndPasswordParamsDescription" xml:space="preserve">
-    <value>Functions should only take in a credential parameter of type PSCredential with CredentialAttribute where PSCredential comes before CredentialAttribute instead of username and password parameters.</value>
+    <value>Functions should take in a credential parameter of type PSCredential with CredentialAttribute or set the password parameter to SecureString type.</value>
   </data>
   <data name="AvoidUsernameAndPasswordParamsError" xml:space="preserve">
-    <value>Function '{0}' has both username and password parameters. A credential parameter of type PSCredential with a CredentialAttribute where PSCredential comes before CredentialAttribute should be used.</value>
+    <value>Function '{0}' has both username and password parameters. Either set the type of password parameter to SecureString or replace the username and password parameters by a credential parameter of type PSCredential. If you use a credential parameter, please add a CredentialAttribute attribute to the parameter.</value>
   </data>
   <data name="AvoidUsernameAndPasswordParamsName" xml:space="preserve">
     <value>AvoidUsingUserNameAndPassWordParams</value>

diff --git a/Rules/UsePSCredentialType.cs b/Rules/UsePSCredentialType.cs
@@ -24,13 +24,13 @@ namespace Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules
 {
 
     /// <summary>
-    /// UsePSCredentialType: Analyzes the ast to check that cmdlets that have a Credential parameter accept PSCredential.
+    /// UsePSCredentialType: Checks if a credential parameter of type PSCredential has a credential attribute of type CredentialAttribute. 
     /// </summary>
     [Export(typeof(IScriptRule))]
     public class UsePSCredentialType : IScriptRule
     {
         /// <summary>
-        /// AnalyzeScript: Analyzes the ast to check that cmdlets that have a Credential parameter accept PSCredential.
+        /// AnalyzeScript: Analyzes the ast to check if a credential parameter of type PSCredential has a credential attribute of type CredentialAttribute.
         /// </summary>
         /// <param name="ast">The script's ast</param>
         /// <param name="fileName">The script's file name</param>
@@ -101,8 +101,8 @@ private bool WrongCredentialUsage(ParameterAst parameter)
 
                 var credentialAttribute = parameter.Attributes.FirstOrDefault(paramAttribute => paramAttribute.TypeName.GetReflectionType() == typeof(CredentialAttribute));
 
-                // check that both exists and pscredentialtype comes before credential attribute
-                if (psCredentialType != null && credentialAttribute != null && psCredentialType.Extent.EndOffset < credentialAttribute.Extent.StartOffset)
+                // check that both exists
+                if (psCredentialType != null && credentialAttribute != null)
                 {
                     return false;
                 }

diff --git a/Tests/Rules/AvoidUserNameAndPasswordParams.tests.ps1 b/Tests/Rules/AvoidUserNameAndPasswordParams.tests.ps1
@@ -1,6 +1,6 @@
 Import-Module PSScriptAnalyzer
 
-$violationMessage = "Function 'TestFunction' has both username and password parameters. A credential parameter of type PSCredential with a CredentialAttribute where PSCredential comes before CredentialAttribute should be used."
+$violationMessage = "Function 'TestFunction' has both username and password parameters. Either set the type of password parameter to SecureString or replace the username and password parameters by a credential parameter of type PSCredential. If you use a credential parameter, please add a CredentialAttribute attribute to the parameter."
 $violationName = "PSAvoidUsingUserNameAndPasswordParams"
 $directory = Split-Path -Parent $MyInvocation.MyCommand.Path
 $violations = Invoke-ScriptAnalyzer $directory\AvoidUserNameAndPasswordParams.ps1 | Where-Object {$_.RuleName -eq $violationName}

diff --git a/Tests/Rules/PSCredentialType.ps1 b/Tests/Rules/PSCredentialType.ps1
@@ -2,7 +2,7 @@
 
 }
 
-# this one is wrong because pscredential should come first
+# Order between PSCredential and CredentialAttribute should not matter.
 function Credential2
 {
     [CmdletBinding()]

diff --git a/Tests/Rules/PSCredentialType.tests.ps1 b/Tests/Rules/PSCredentialType.tests.ps1
@@ -1,14 +1,14 @@
 Import-Module PSScriptAnalyzer 
-$violationMessage = "The Credential parameter in 'Credential' must be of the type PSCredential with CredentialAttribute where PSCredential comes before CredentialAttribute."
+$violationMessage = "The Credential parameter in 'Credential' must be of the type PSCredential and should have a credential attribute of type CredentialAttribute."
 $violationName = "PSUsePSCredentialType"
 $directory = Split-Path -Parent $MyInvocation.MyCommand.Path
 $violations = Invoke-ScriptAnalyzer $directory\PSCredentialType.ps1 | Where-Object {$_.RuleName -eq $violationName}
 $noViolations = Invoke-ScriptAnalyzer $directory\PSCredentialTypeNoViolations.ps1 | Where-Object {$_.RuleName -eq $violationName}
 
 Describe "PSCredentialType" {
     Context "When there are violations" {
-        It "has 2 PSCredential type violation" {
-            $violations.Count | Should Be 2
+        It "has 1 PSCredential type violation" {
+            $violations.Count | Should Be 1
         }
 
         It "has the correct description message" {