Open BrianL-STCU opened 1 year ago
Currently it checks whether the variable name contains one of those words, one of which is cred
https://github.com/PowerShell/PSScriptAnalyzer/blob/f77acdf4cfed22b4b5bd106ac07951991ce824b7/Rules/AvoidUsingPlainTextForPassword.cs#L34
The logic could be tweak to specifically exclude credit
or be more specific.
"Cred" can show up in "creditworthiness", "accreditations', "credibility", "credo", &c, so that may be too broad.
Thanks cred is chosen because it is the most used abbreviation... we would rather see a PR for a more specific compare rather than a list of words to exclude
I didn't mean to imply that those words should be excluded, just that cred
matches too many irrelevant words. If cred
can be narrowed to cred
and creds
, or just as a suffix, maybe that would work? As it is, this is going to be a rule I'll have to exclude entirely.
This is marked as an improvement but there will always be false positives, which is what the suppression feature is catering for. I suggest you check this out and do that instead of excluding rule but entirely up to you https://learn.microsoft.com/en-us/powershell/utility-modules/psscriptanalyzer/using-scriptanalyzer?view=ps-modules#suppressing-rules
Yes, I excluding/suppressing is what I meant, but I'd like to keep using it. It's a good rule that has simply overextended its reach. Working in finance, cred
is just going to match too many credit card-related fields.
Steps to reproduce
Expected behavior
(no output)
Actual behavior
Environment data