PowerShell / PSScriptAnalyzer

Download ScriptAnalyzer from PowerShellGallery
https://www.powershellgallery.com/packages/PSScriptAnalyzer/
MIT License
1.87k stars 378 forks source link

Rule request: Warning if `Set`/`Get-Variable` is invoked with only the basic `-Name`/`-Value` parameters #1706

Open iRon7 opened 3 years ago

iRon7 commented 3 years ago

Referring to StackOverflow questions along with: How do I automaticaly create and use variable names?.

The cmdlets:

Could completely mislead a novice PowerShell scripter in a wrong programming direction.

The general learning process of a scripter/programmer is playing with variables. Than it gets extended to list of variables like $Var1 = 'One', $Var2 = 'Two', .... The list extends further and they understand they need to automate this somehow but finding guidance for this is quiet a leap and if they ask for guidance at e.g. StackOverflow they often get a direct answer/comment in the direction of using one of these <verb>-Variable cmdlets which is not a good practice for these users and what they atempt to do or learn.

Afaik, there is no good reason to use one of these <verb>-Variable cmdlets which just -Name and -Value parameters.

e.g. Get-Variable MyVar can be replaced by $MyVar and Set-Variable MyVar 'Test' can be replaced by $MyVar = 'Test'

The only other reason to use just the -Name and -Value parameters is to create dynamic variable names (variable indirection) like:

Set-Variable "Var$i" 'Test'

Which is to my opinion a bad practice as they will be added to the same dictionary as the rest of the parameters and one might easily overwrite other general variables and lose the oversight.

Summary of the new feature

When it comes to creating a dynamic variables, a separated dictionary (in the form of a hashtable) should be created and a warning/hint could be given in that direction.

Visa verse, advanced users that know what they are doing, might simply avoid the warning by adding a specific (e.g. -Scope Script) parameter.

What is the latest version of PSScriptAnalyzer at the point of writing 1.19.1

rjmholt commented 3 years ago

Ideally the rule could also warn of simple cases of variable (etc) provide manipulation

iRon7 commented 1 year ago

For a (PowerShell) prototype rule, see the AvoidDynamicVariables rule at https://github.com/iRon7/PSRules