Merge pull request #1 from PowerShell/development

Re merge into my branch

Author: kilasuit

CHANGELOG.MD

@@ -1,3 +1,76 @@
+## Released v1.4.0 (Feb.16, 2016)
+###Features:
+- IncludeRule and ExcludeRule now consume RuleInfo objects
+
+###Rules:
+- Rule to validate HelpMessage parameter attribute value
+- Rule to suggest module manifest *ToExport field values for optimizing module loading
+
+###Fixes:
+####Engine:
+- Fixed bug in engine handling of severity for custom rules - this property was being ignored
+- Exclude help files from being Ast parsed
+
+####Rules:
+- Emit accurate ast extents for rules - helps VSCode-PowerShell to mark violations better
+- Improved heuristics for Singular noun rule - reduce false positives
+- Updated credential rules to be less noisy based on community feedback
+- Support for [switch] type along with [boolean] for ShouldContinueWithoutForce rule
+- Improved handling of deprecated module manifest fields when PSv2.0 is specified in the manifest
+
+## Released v1.3.0 (Jan.19, 2016)
+###Features:
+- Support for running ScriptAnalyzer on PowerShell version v3 or higher! This means PSv5 is no longer the minimum PS version for ScriptAnalyzer
+
+###Rules:
+- [From Community] Rule for warning about backticks that look like line-continuations but are not [MisleadingBacktick rule]
+- Ability in default ruleset to recognize PowerShell variable scopes - global, local, script, private
+- Ability to use functions as a variable and support for special type of functions like prompt
+
+###Fixes:
+####Rules:
+- Fix for recognizing PowerShell preference variable ($OFS) in the default ruleset
+- Fix for false positive - PSShouldProcess rule requires boolean value
+- Fix to account for function scope prefix
+- Raise ReservedParam rule only for exported functions as cmdlets
+
+## Released v1.2.0 (Dec.17, 2015)
+###Features:
+- Support for consuming PowerShell content as streams (-ScriptDefinition)
+- ScriptAnalyzer accepts configuration (settings) in the form of a hashtable (-Settings), added sample Settings
+- Ability to run default ruleset along with custom ones in the same invocation (-IncludeDefaultRules)
+- Recurse Custom Rule Paths (-RecurseCustomRulePath)
+- Consistent Engine error handling when working with Settings, Default and Custom Rules
+
+###Rules:
+- Rule to detect the presence of default value for Mandatory parameters (AvoidDefaultValueForMandatoryParameter)
+
+###Fixes:
+####Engine:
+- Engine update to prevent script based injection attacks
+- CustomizedRulePath is now called CustomRulePath – Fixes to handle folder paths
+- Fixes for RecurseCustomRulePath functionality
+- Fix to binplace cmdlet help file as part of build process
+- ScriptAnalyzer Profile is now called Settings
+- Fix to emit filename in the diagnosticrecord when using Script based custom rules
+- Fix to prevent Engine from calling Update-Help for script based custom rules
+- Added additional pester tests to take care of test holes in Custom Rule feature
+- Post-build error handling improvements, fixed typos in the project
+
+####Rules:
+- Fixed bug in Positional parameter rule to trigger only when used with >= 3 positional parameters
+- Updated keywords that trigger PSAvoidUsingPlainTextForPassword rule
+- Updated ProvideDefaultParameterValue rule to AvoidDefaultValueForMandatoryParameter rule
+- Deprecate Internal Url rule based on community feedback, identified additional rules to handle hardcoded paths etc
+- Added localhost exceptions for HardCodedComputerName Rule
+- Update to Credential based rules to validate the presence of CredentialAttribute and PSCredential type
+ 
+###Documentation:
+- Rule & Cmdlet documentation updates – Cmdlet help file addition
+
+
+##
+
 ## Released v1.1.1 (Nov.3, 2015)
 ###Features:
 - Support for PSDrives when using Invoke-ScriptAnalyzer

Rules/AvoidUnloadableModule.cs renamed to DeprecatedRules/AvoidUnloadableModule.cs

@@ -34,12 +34,12 @@ public class GetScriptAnalyzerRuleCommand : PSCmdlet, IOutputWriter
         [ValidateNotNullOrEmpty]
         [SuppressMessage("Microsoft.Performance", "CA1819:PropertiesShouldNotReturnArrays")]
         [Alias("CustomizedRulePath")]
-        public string CustomRulePath
+        public string[] CustomRulePath
         {
             get { return customRulePath; }
             set { customRulePath = value; }
         }
-        private string customRulePath;
+        private string[] customRulePath;
 
         /// <summary>
         /// RecurseCustomRulePath: Find rules within subfolders under the path
@@ -91,7 +91,7 @@ protected override void BeginProcessing()
         {
             string[] rulePaths = Helper.ProcessCustomRulePaths(customRulePath,
                 this.SessionState, recurseCustomRulePath);
-            ScriptAnalyzer.Instance.Initialize(this, rulePaths);            
+            ScriptAnalyzer.Instance.Initialize(this, rulePaths, null, null, null, null == rulePaths ? true : false);            
         }
 
         /// <summary>

Rules/AvoidUsingFilePaths.cs renamed to DeprecatedRules/AvoidUsingFilePaths.cs

@@ -43,7 +43,9 @@ public class InvokeScriptAnalyzerCommand : PSCmdlet, IOutputWriter
         /// </summary>
         [Parameter(Position = 0,
             ParameterSetName = "File",
-            Mandatory = true)]
+            Mandatory = true,
+            ValueFromPipeline = true, 
+            ValueFromPipelineByPropertyName = true)]
         [ValidateNotNull]
         [Alias("PSPath")]
         public string Path
@@ -58,7 +60,9 @@ public string Path
         /// </summary>
         [Parameter(Position = 0,
             ParameterSetName = "ScriptDefinition",
-            Mandatory = true)]
+            Mandatory = true,
+            ValueFromPipeline = true,
+            ValueFromPipelineByPropertyName = true)]
         [ValidateNotNull]
         public string ScriptDefinition
         {
@@ -74,12 +78,12 @@ public string ScriptDefinition
         [ValidateNotNull]
         [SuppressMessage("Microsoft.Performance", "CA1819:PropertiesShouldNotReturnArrays")]
         [Alias("CustomizedRulePath")]
-        public string CustomRulePath
+        public string[] CustomRulePath
         {
             get { return customRulePath; }
             set { customRulePath = value; }
         }
-        private string customRulePath;
+        private string[] customRulePath;
 
         /// <summary>
         /// RecurseCustomRulePath: Find rules within subfolders under the path
@@ -93,6 +97,18 @@ public SwitchParameter RecurseCustomRulePath
         }
         private bool recurseCustomRulePath;
 
+        /// <summary>
+        /// IncludeDefaultRules: Invoke default rules along with Custom rules
+        /// </summary>
+        [Parameter(Mandatory = false)]
+        [SuppressMessage("Microsoft.Performance", "CA1819:PropertiesShouldNotReturnArrays")]
+        public SwitchParameter IncludeDefaultRules
+        {
+            get { return includeDefaultRules; }
+            set { includeDefaultRules = value; }
+        }
+        private bool includeDefaultRules;
+
         /// <summary>
         /// ExcludeRule: Array of names of rules to be disabled.
         /// </summary>
@@ -157,17 +173,20 @@ public SwitchParameter SuppressedOnly
         private bool suppressedOnly;
 
         /// <summary>
-        /// Returns path to the file that contains user profile for ScriptAnalyzer
+        /// Returns path to the file that contains user profile or hash table for ScriptAnalyzer
         /// </summary>
         [Alias("Profile")]
         [Parameter(Mandatory = false)]
         [ValidateNotNull]
-        public string Configuration
+        public object Settings
         {
-            get { return configuration; }
-            set { configuration = value; }
+            get { return settings; }
+            set { settings = value; }
         }
-        private string configuration;
+
+        private object settings;
+
+        private bool stopProcessing;
 
         #endregion Parameters
 
@@ -181,21 +200,33 @@ protected override void BeginProcessing()
             string[] rulePaths = Helper.ProcessCustomRulePaths(customRulePath,
                 this.SessionState, recurseCustomRulePath);
 
+            if (!ScriptAnalyzer.Instance.ParseProfile(this.settings, this.SessionState.Path, this))
+            {
+                stopProcessing = true;
+                return;
+            }
+
             ScriptAnalyzer.Instance.Initialize(
                 this,
                 rulePaths,
                 this.includeRule,
                 this.excludeRule,
                 this.severity,
-                this.suppressedOnly,
-                this.configuration);
+                null == rulePaths ? true : this.includeDefaultRules,
+                this.suppressedOnly);
         }
 
         /// <summary>
         /// Analyzes the given script/directory.
         /// </summary>
         protected override void ProcessRecord()
         {
+            if (stopProcessing)
+            {
+                stopProcessing = false;
+                return;
+            }
+
             if (String.Equals(this.ParameterSetName, "File", StringComparison.OrdinalIgnoreCase))
             {
                 // throws Item Not Found Exception                        
@@ -211,6 +242,18 @@ protected override void ProcessRecord()
             }
         }
 
+        protected override void EndProcessing()
+        {
+            ScriptAnalyzer.Instance.CleanUp();
+            base.EndProcessing();
+        }
+
+        protected override void StopProcessing()
+        {
+            ScriptAnalyzer.Instance.CleanUp();
+            base.StopProcessing();
+        }
+
         #endregion
 
         #region Methods

Rules/AvoidUsingInternalURLs.cs renamed to DeprecatedRules/AvoidUsingInternalURLs.cs

@@ -24,7 +24,7 @@ namespace Microsoft.Windows.PowerShell.ScriptAnalyzer.Generic
     public abstract class AvoidCmdletGeneric : IScriptRule
     {
         /// <summary>
-        /// AnalyzeScript: Analyzes the given Ast and returns DiagnosticRecords based on the anaylsis.
+        /// AnalyzeScript: Analyzes the given Ast and returns DiagnosticRecords based on the analysis.
         /// </summary>
         /// <param name="ast">The script's ast</param>
         /// <param name="fileName">The name of the script file being analyzed</param>
@@ -38,14 +38,14 @@ public IEnumerable<DiagnosticRecord> AnalyzeScript(Ast ast, string fileName)
 
             List<String> cmdletNameAndAliases = Microsoft.Windows.PowerShell.ScriptAnalyzer.Helper.Instance.CmdletNameAndAliases(GetCmdletName());
 
-            // Iterrates all CommandAsts and check the command name.
+            // Iterates all CommandAsts and check the command name.
             foreach (CommandAst cmdAst in commandAsts)
             {
                 if (cmdAst.GetCommandName() == null) continue;
 
                 if (cmdletNameAndAliases.Contains(cmdAst.GetCommandName(), StringComparer.OrdinalIgnoreCase))
                 {
-                    yield return new DiagnosticRecord(GetError(fileName), cmdAst.Extent, GetName(), DiagnosticSeverity.Warning, fileName);
+                    yield return new DiagnosticRecord(GetError(fileName), cmdAst.Extent, GetName(), GetDiagnosticSeverity(), fileName);
                 }
             }
         }
@@ -97,5 +97,11 @@ public IEnumerable<DiagnosticRecord> AnalyzeScript(Ast ast, string fileName)
         /// </summary>
         /// <returns></returns>
         public abstract RuleSeverity GetSeverity();
+
+        /// <summary>
+        /// DiagnosticSeverity: Returns the severity of the rule of type DiagnosticSeverity
+        /// </summary>
+        /// <returns></returns>
+        public abstract DiagnosticSeverity GetDiagnosticSeverity();
     }
 }

Engine/Commands/GetScriptAnalyzerRuleCommand.cs

@@ -23,7 +23,7 @@ namespace Microsoft.Windows.PowerShell.ScriptAnalyzer.Generic
     public abstract class AvoidParameterGeneric : IScriptRule
     {
         /// <summary>
-        /// AnalyzeScript: Analyzes the given Ast and returns DiagnosticRecords based on the anaylsis.
+        /// AnalyzeScript: Analyzes the given Ast and returns DiagnosticRecords based on the analysis.
         /// </summary>
         /// <param name="ast">The script's ast</param>
         /// <param name="fileName">The name of the script file being analyzed</param>
@@ -35,7 +35,7 @@ public IEnumerable<DiagnosticRecord> AnalyzeScript(Ast ast, string fileName)
             // Finds all CommandAsts.
             IEnumerable<Ast> commandAsts = ast.FindAll(testAst => testAst is CommandAst, true);
 
-            // Iterrates all CommandAsts and check the condition.
+            // Iterates all CommandAsts and check the condition.
             foreach (CommandAst cmdAst in commandAsts)
             {
                 if (CommandCondition(cmdAst) && cmdAst.CommandElements != null)
@@ -44,7 +44,7 @@ public IEnumerable<DiagnosticRecord> AnalyzeScript(Ast ast, string fileName)
                     {
                         if (ParameterCondition(cmdAst, ceAst))
                         {
-                            yield return new DiagnosticRecord(GetError(fileName, cmdAst), cmdAst.Extent, GetName(), DiagnosticSeverity.Warning, fileName, cmdAst.GetCommandName());
+                            yield return new DiagnosticRecord(GetError(fileName, cmdAst), cmdAst.Extent, GetName(), GetDiagnosticSeverity(), fileName, cmdAst.GetCommandName());
                         }
                     }
                 }
@@ -102,6 +102,16 @@ public IEnumerable<DiagnosticRecord> AnalyzeScript(Ast ast, string fileName)
         /// <returns>The source type of the rule.</returns>
         public abstract  SourceType GetSourceType();
 
+        /// <summary>
+        /// RuleSeverity: Returns the severity of the rule.
+        /// </summary>
+        /// <returns></returns>
         public abstract RuleSeverity GetSeverity();
+
+        /// <summary>
+        /// DiagnosticSeverity: Returns the severity of the rule of type DiagnosticSeverity
+        /// </summary>
+        /// <returns></returns>
+        public abstract DiagnosticSeverity GetDiagnosticSeverity();
     }
 }

Engine/Commands/InvokeScriptAnalyzerCommand.cs

@@ -28,13 +28,17 @@ public interface IDSCResourceRule : IRule
         /// <returns>The results of the analysis</returns>
         IEnumerable<DiagnosticRecord> AnalyzeDSCResource(Ast ast, string fileName);
 
+        #if !PSV3
+
         /// <summary>
         /// Analyze dsc classes (if any) in the file
         /// </summary>
         /// <param name="ast"></param>
         /// <param name="fileName"></param>
         /// <returns></returns>
         IEnumerable<DiagnosticRecord> AnalyzeDSCClass(Ast ast, string fileName);
- 
+
+        #endif
+
     }
 }

Engine/Generic/AvoidCmdletGeneric.cs

@@ -34,7 +34,7 @@ public interface ILogger
         string GetName();
 
         /// <summary>
-        /// GetDescription: Retrives the description of the logger.
+        /// GetDescription: Retrieves the description of the logger.
         /// </summary>
         /// <returns>The description of the logger</returns>
         string GetDescription();

Engine/Generic/AvoidParameterGeneric.cs

@@ -25,7 +25,7 @@ namespace Microsoft.Windows.PowerShell.ScriptAnalyzer.Generic
     public interface IScriptRule : IRule
     {
         /// <summary>
-        /// AnalyzeScript: Analyzes the given Ast and returns DiagnosticRecords based on the anaylsis.
+        /// AnalyzeScript: Analyzes the given Ast and returns DiagnosticRecords based on the analysis.
         /// </summary>
         /// <param name="ast">The script's ast</param>
         /// <param name="fileName">The name of the script file being analyzed</param>

Engine/Generic/IDSCResourceRule.cs

@@ -102,7 +102,12 @@ public RuleInfo(string name, string commonName, string description, SourceType s
             Description = description;
             SourceType  = sourceType;
             SourceName  = sourceName;
-            Severity = severity;
+            Severity = severity;      
         }
+
+        public override string ToString()
+        {
+            return RuleName;
+        }      
     }
 }

Engine/Generic/ILogger.cs

@@ -367,10 +367,14 @@ public static List<RuleSuppression> GetSuppressions(IEnumerable<AttributeAst> at
                             targetAsts = scopeAst.FindAll(item => item is FunctionDefinitionAst && reg.IsMatch((item as FunctionDefinitionAst).Name), true);
                             goto default;
 
+                        #if !PSV3
+
                         case "class":
                             targetAsts = scopeAst.FindAll(item => item is TypeDefinitionAst && reg.IsMatch((item as TypeDefinitionAst).Name), true);
                             goto default;
 
+                        #endif
+
                         default:
                             break;
                     }

Engine/Generic/IScriptRule.cs

@@ -23,7 +23,7 @@ public enum SourceType : uint
         Builtin = 0,
 
         /// <summary>
-        /// MANAGED: Indicates the script analyzer rule is contirbuted as a managed rule.
+        /// MANAGED: Indicates the script analyzer rule is contributed as a managed rule.
         /// </summary>
         Managed = 1,