Skip to content

Commit df3551e

Browse files
authored
AvoidUsingPositionalParameter: Check if command has parameters to avoid having az in default CommandAllowList (#1850)
* AvoidUsingPositionalParameter : Check if command has parameters * fix syntax * remove unneeded test * Update Rules/AvoidPositionalParameters.cs
1 parent 5c32f55 commit df3551e

File tree

4 files changed

+12
-8
lines changed

4 files changed

+12
-8
lines changed

Engine/Helper.cs

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -609,14 +609,15 @@ public bool HasSplattedVariable(CommandAst cmdAst)
609609
/// </summary>
610610
/// <param name="cmdAst"></param>
611611
/// <returns></returns>
612-
public bool IsKnownCmdletFunctionOrExternalScript(CommandAst cmdAst)
612+
public bool IsKnownCmdletFunctionOrExternalScript(CommandAst cmdAst, out CommandInfo commandInfo)
613613
{
614+
commandInfo = null;
614615
if (cmdAst == null)
615616
{
616617
return false;
617618
}
618619

619-
var commandInfo = GetCommandInfo(cmdAst.GetCommandName());
620+
commandInfo = GetCommandInfo(cmdAst.GetCommandName());
620621
if (commandInfo == null)
621622
{
622623
return false;

Rules/AvoidPositionalParameters.cs

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
using System.Management.Automation.Language;
77
using Microsoft.Windows.PowerShell.ScriptAnalyzer.Generic;
88
using System.Linq;
9+
using System.Management.Automation;
910
#if !CORECLR
1011
using System.ComponentModel.Composition;
1112
#endif
@@ -21,7 +22,7 @@ namespace Microsoft.Windows.PowerShell.ScriptAnalyzer.BuiltinRules
2122
#endif
2223
public class AvoidPositionalParameters : ConfigurableRule
2324
{
24-
[ConfigurableRuleProperty(defaultValue: new string[] { "az" })]
25+
[ConfigurableRuleProperty(defaultValue: new string[] { })]
2526
public string[] CommandAllowList { get; set; }
2627

2728
public AvoidPositionalParameters()
@@ -61,9 +62,11 @@ public override IEnumerable<DiagnosticRecord> AnalyzeScript(Ast ast, string file
6162
// MSDN: CommandAst.GetCommandName Method
6263
if (cmdAst.GetCommandName() == null) continue;
6364

64-
if ((Helper.Instance.IsKnownCmdletFunctionOrExternalScript(cmdAst) || declaredFunctionNames.Contains(cmdAst.GetCommandName())) &&
65+
if ((Helper.Instance.IsKnownCmdletFunctionOrExternalScript(cmdAst, out CommandInfo commandInfo) || declaredFunctionNames.Contains(cmdAst.GetCommandName())) &&
6566
(Helper.Instance.PositionalParameterUsed(cmdAst, true)))
6667
{
68+
if (commandInfo?.CommandType == CommandTypes.Application) continue;
69+
6770
PipelineAst parent = cmdAst.Parent as PipelineAst;
6871

6972
string commandName = cmdAst.GetCommandName();

Rules/UseCmdletCorrectly.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -100,7 +100,7 @@ private bool MandatoryParameterExists(CommandAst cmdAst)
100100
}
101101

102102
// Positional parameters could be mandatory, so we assume all is well
103-
if (Helper.Instance.PositionalParameterUsed(cmdAst) && Helper.Instance.IsKnownCmdletFunctionOrExternalScript(cmdAst))
103+
if (Helper.Instance.PositionalParameterUsed(cmdAst) && Helper.Instance.IsKnownCmdletFunctionOrExternalScript(cmdAst, out _))
104104
{
105105
return true;
106106
}

docs/Rules/AvoidUsingPositionalParameters.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -25,17 +25,17 @@ supplied. A simple example where the risk of using positional parameters is negl
2525
```powershell
2626
Rules = @{
2727
PSAvoidUsingPositionalParameters = @{
28-
CommandAllowList = 'az', 'Join-Path'
28+
CommandAllowList = 'Join-Path', 'MyCmdletOrScript'
2929
Enable = $true
3030
}
3131
}
3232
```
3333

3434
### Parameters
3535

36-
#### CommandAllowList: string[] (Default value is 'az')
36+
#### CommandAllowList: string[] (Default value is @()')
3737

38-
Commands to be excluded from this rule. `az` is excluded by default because starting with version 2.40.0 the entrypoint of the AZ CLI became an `az.ps1` script but this script does not have any named parameters and just passes them on using `$args` as is to the Python process that it starts, therefore it is still a CLI and not a PowerShell command.
38+
Commands or scripts to be excluded from this rule.
3939

4040
#### Enable: bool (Default value is `$true`)
4141

0 commit comments

Comments
 (0)