search

PowerShell / PSScriptAnalyzer

Download ScriptAnalyzer from PowerShellGallery
https://www.powershellgallery.com/packages/PSScriptAnalyzer/
MIT License
1.85k stars 373 forks source link

PSAvoidUsingPlainTextForPassword Suppression Seems Broken #1926

Closed ay-azara closed 1 year ago

ay-azara commented 1 year ago

Steps to reproduce

Open Powershell file in VSCode Paste snippet

function Test {
    [Diagnostics.CodeAnalysis.SupressMessageAttribute('PSAvoidUsingPlainTextForPassword', "Password")]
    param(
        [String] $Password
    )
}

Expected behavior

Warning is suppressed

Actual behavior

Warning persists

Environment data

> $PSVersionTable
PSVersion                      5.1.22621.1778
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.22621.1778
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

> (Get-Module -ListAvailable PSScriptAnalyzer).Version | ForEach-Object { $_.ToString() }
1.21.0

Commentary

I see that this was fixed back in 2016 and there are rules in place that should be testing this but I can't see whether they pass or fail. Am I missing something or is this a me thing? For the record, I am using PSCred but for development this was faster and I happened to notice. I also have a potential use case where I need the password to be $null and even if I used a SecureString for this I can't pass that to the Win32 api I'm calling since it only takes a string.

bergmeister commented 1 year ago

@ay-azara It is working. You are just missing a second p in the spelling of SuppressMessageAttribute:

function Test {
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingPlainTextForPassword', "Password")]
    param(
        [String] $Password
    )
}
ay-azara commented 1 year ago

Whoops! That's embarrassing. Sorry about that.

bergmeister commented 1 year ago

No worries :-)